607 matches found
vuze-dht-info NSE Script
Retrieves some basic information, including protocol version from a Vuze filesharing node. As Vuze doesn't have a default port for its DHT service, this script has some difficulties in determining when to run. Most scripts are triggered by either a default port or a fingerprinted service. To get...
stun-version NSE Script
Sends a binding request to the server and attempts to extract version information from the response, if the server attribute is present. Script Arguments stun.mode See the documentation for the stun library. Example Usage nmap -sU -sV -p 3478 Script Output PORT STATE SERVICE VERSION 3478/udp open...
resolveall NSE Script
NOTE: This script has been replaced by the --resolve-all command-line option in Nmap 7.70 Resolves hostnames and adds every address IPv4 or IPv6, depending on Nmap mode to Nmap's target list. This differs from Nmap's normal host resolution process, which only scans the first address A or AAAA...
jdwp-exec NSE Script
Attempts to exploit java's remote debugging port. When remote debugging port is left open, it is possible to inject java bytecode and achieve remote code execution. This script abuses this to inject and execute a Java class file that executes the supplied shell command and returns its output. The...
oracle-enum-users NSE Script
Attempts to enumerate valid Oracle user names against unpatched Oracle 11g servers this bug was fixed in Oracle's October 2009 Critical Patch Update. Script Arguments oracle-enum-users.sid the instance against which to attempt user enumeration tns.sid See the documentation for the tns library...
jdwp-info NSE Script
Attempts to exploit java's remote debugging port. When remote debugging port is left open, it is possible to inject java bytecode and achieve remote code execution. This script injects and execute a Java class file that returns remote system information. Example Usage nmap -sT -p...
smb-flood NSE Script
Exhausts a remote SMB server's connection limit by by opening as many connections as we can. Most implementations of SMB have a hard global limit of 11 connections for user accounts and 10 connections for anonymous. Once that limit is reached, further connections are denied. This script exploits...
smb-enum-groups NSE Script
Obtains a list of groups from the remote Windows system, as well as a list of the group's users. This works similarly to enum.exe with the /G switch. The following MSRPC functions in SAMR are used to find a list of groups and the RIDs of their users. Keep in mind that MSRPC refers to groups as...
bjnp-discover NSE Script
Retrieves printer or scanner information from a remote device supporting the BJNP protocol. The protocol is known to be supported by network based Canon devices. Example Usage sudo nmap -sU -p 8611,8612 --script bjnp-discover Script Output PORT STATE SERVICE 8611/udp open canon-bjnp1 |...
bitcoinrpc-info NSE Script
Obtains information from a Bitcoin server by calling getinfo on its JSON-RPC interface. Script Arguments creds.global http credentials used for the query user:pass slaxml.debug See the documentation for the slaxml library. creds.service See the documentation for the creds library. http.host,...
domcon-cmd NSE Script
Runs a console command on the Lotus Domino Console using the given authentication credentials see also: domcon-brute Script Arguments domcon-cmd.cmd The command to run on the remote server domcon-cmd.pass The password used to authenticate to the server domcon-cmd.user The user used to authenticat...
broadcast-bjnp-discover NSE Script
Attempts to discover Canon devices Printers/Scanners supporting the BJNP protocol by sending BJNP Discover requests to the network broadcast address for both ports associated with the protocol. The script then attempts to retrieve the model, version and some additional information for all...
afp-brute NSE Script
Performs password guessing against Apple Filing Protocol AFP. Script Arguments afp.password, afp.username See the documentation for the afp library. passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. Example Usage nmap -p 548 --scrip...
tor-consensus-checker NSE Script
Checks if a target is a known Tor node. The script works by querying the Tor directory authorities. Initially, the script stores all IPs of Tor nodes in a lookup table to reduce the number of requests and make lookups quicker. Script Arguments slaxml.debug See the documentation for the slaxml...
ipv6-ra-flood NSE Script
Generates a flood of Router Advertisements RA with random source MAC addresses and IPv6 prefixes. Computers, which have stateless autoconfiguration enabled by default every major OS, will start to compute IPv6 suffix and update their routing table to reflect the accepted announcement. This will...
iscsi-brute NSE Script
Performs brute force password auditing against iSCSI targets. Script Arguments iscsi-brute.target iSCSI target to brute-force. passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. creds.service, creds.global See the documentation for t...
afp-serverinfo NSE Script
Shows AFP server information. This information includes the server's hostname, IPv4 and IPv6 addresses, and hardware type for example Macmini or MacBookPro. Script Arguments afp.password, afp.username See the documentation for the afp library. Example Usage nmap -sV -sC Script Output PORT STATE...
nexpose-brute NSE Script
Performs brute force password auditing against a Nexpose vulnerability scanner using the API 1.1. As the Nexpose application enforces account lockout after 4 incorrect login attempts, the script performs only 3 guesses per default. This can be altered by supplying the brute.guesses argument a...
maxdb-info NSE Script
Retrieves version and database information from a SAP Max DB database. Example Usage nmap -p 7210 --script maxdb-info Script Output PORT STATE SERVICE REASON 7210/tcp open maxdb syn-ack | maxdb-info: | Version: 7.8.02 | Build: DBMServer 7.8.02 Build 021-121-242-175 | OS: UNIX | Instroot:...
irc-botnet-channels NSE Script
Checks an IRC server for channels that are commonly used by malicious botnets. Control the list of channel names with the irc-botnet-channels.channels script argument. The default list of channels is loic Agobot Slackbot Mytob Rbot SdBot poebot IRCBot VanBot MPack Storm GTbot Spybot Phatbot Wargb...
rmi-dumpregistry NSE Script
Connects to a remote RMI registry and attempts to dump all of its objects. First it tries to determine the names of all objects bound in the registry, and then it tries to determine information about the objects, such as the the class names of the superclasses and interfaces. This may, depending ...
mongodb-databases NSE Script
Attempts to get a list of tables from a MongoDB database. Script Arguments mongodb.db See the documentation for the mongodb library. creds.service, creds.global See the documentation for the creds library. Example Usage nmap -p 27017 --script mongodb-databases Script Output PORT STATE SERVICE...
broadcast-wpad-discover NSE Script
Retrieves a list of proxy servers on a LAN using the Web Proxy Autodiscovery Protocol WPAD. It implements both the DHCP and DNS methods of doing so and starts by querying DHCP to get the address. DHCP discovery requires nmap to be running in privileged mode and will be skipped when this is not th...
port-states NSE Script
Prints a list of ports found in each state. Nmap ordinarily summarizes "uninteresting" ports as "Not shown: 94 closed ports, 4 filtered ports" but users may want to know which ports were filtered vs which were closed. This script will expand these summaries into a list of ports and port ranges th...
http-google-malware NSE Script
Checks if hosts are on Google's blacklist of suspected malware and phishing servers. These lists are constantly updated and are part of Google's Safe Browsing service. To do this the script queries the Google's Safe Browsing service and you need to have your own API key to access Google's Safe...
irc-brute NSE Script
Performs brute force password auditing against IRC Internet Relay Chat servers. Script Arguments passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. creds.service, creds.global See the documentation for the creds library...
snmp-win32-users NSE Script
Attempts to enumerate Windows user accounts through SNMP Script Arguments creds.service, creds.global See the documentation for the creds library. snmp.version See the documentation for the snmp library. Example Usage nmap -sU -p 161 --script=snmp-win32-users Script Output | snmp-win32-users: |...
ntp-monlist NSE Script
Obtains and prints an NTP server's monitor data. Monitor data is a list of the most recently used MRU having NTP associations with the target. Each record contains information about the most recent NTP packet sent by a host to the target including the source and destination addresses and the NTP...
pop3-ntlm-info NSE Script
This script enumerates information from remote POP3 services with NTLM authentication enabled. Sending a POP3 NTLM authentication request with null credentials will cause the remote service to respond with a NTLMSSP message disclosing information to include NetBIOS, DNS, and OS build version...
http-exif-spider NSE Script
Spiders a site's images looking for interesting exif data embedded in .jpg files. Displays the make and model of the camera, the date the photo was taken, and the embedded geotag information. Script Arguments http-exif-spider.url the url to start spidering. This is a URL relative to the scanned...
quake3-master-getservers NSE Script
Queries Quake3-style master servers for game servers many games other than Quake 3 use this same protocol. Script Arguments quake3-master-getservers.outputlimit If set, limits the amount of hosts returned by the script. All discovered hosts are still stored in the registry for other scripts to us...
cassandra-info NSE Script
Attempts to get basic info and server status from a Cassandra database. For more information about Cassandra, see: Script Arguments creds.service, creds.global See the documentation for the creds library. Example Usage nmap -p 9160 --script=cassandra-info Script Output PORT STATE SERVICE REASON...
ndmp-version NSE Script
Retrieves version information from the remote Network Data Management Protocol ndmp service. NDMP is a protocol intended to transport data between a NAS device and the backup device, removing the need for the data to pass through the backup server. The following products are known to support the...
informix-tables NSE Script
Retrieves a list of tables and column definitions for each database on an Informix server. Script Arguments informix-tables.username The username used for authentication informix-tables.password The password used for authentication Version 0.1 Created 27/07/2010 - v0.1 - created by Patrik Karlsso...
smb-system-info NSE Script
Pulls back information about the remote system from the registry. Getting all of the information requires an administrative account, although a user account will still get a lot of it. Guest probably won't get any, nor will anonymous. This goes for all operating systems, including Windows 2000...
http-comments-displayer NSE Script
Extracts and outputs HTML and JavaScript comments from HTTP responses. Script Arguments http-comments-displayer.singlepages Some single pages to check for comments. For example, "/", "/wiki". Default: nil crawler mode on http-comments-displayer.context declares the number of chars to extend our...
targets-ipv6-wordlist NSE Script
Adds IPv6 addresses to the scan queue using a wordlist of hexadecimal "words" that form addresses in a given subnet. Script Arguments targets-ipv6-wordlist.nsegments Number User can indicate exactly how big the word must be on Segments of 16 bits. targets-ipv6-wordlist.fillright With this argumen...
http-vuln-cve2014-2126 NSE Script
Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA ASDM Privilege Escalation Vulnerability CVE-2014-2126. See also: http-vuln-cve2014-2127.nse http-vuln-cve2014-2128.nse http-vuln-cve2014-2129.nse Script Arguments tls.servername See the documentation for the tls library...
hadoop-tasktracker-info NSE Script
Retrieves information from an Apache Hadoop TaskTracker HTTP status page. Information gathered: Hadoop version Hadoop Compile date Log directory relative to Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size, http.max-cache-size,...
ip-geolocation-map-kml NSE Script
This script queries the Nmap registry for the GPS coordinates of targets stored by previous geolocation scripts and produces a KML file of points representing the targets. See also: ip-geolocation-geoplugin.nse ip-geolocation-ipinfodb.nse ip-geolocation-map-bing.nse ip-geolocation-map-google.nse...
cics-enum NSE Script
CICS transaction ID enumerator for IBM mainframes. This script is based on mainframebrute by Dominic White . However, this script doesn't rely on any third party libraries or tools and instead uses the NSE TN3270 library which emulates a TN3270 screen in lua. CICS only allows for 4 byte transacti...
broadcast-dropbox-listener NSE Script
Listens for the LAN sync information broadcasts that the Dropbox.com client broadcasts every 20 seconds, then prints all the discovered client IP addresses, port numbers, version numbers, display names, and more. If the newtargets script argument is given, all discovered Dropbox clients will be...
hadoop-datanode-info NSE Script
Discovers information such as log directories from an Apache Hadoop DataNode HTTP status page. Information gathered: Log directory relative to Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size, http.max-cache-size, http.max-pipeline,...
http-majordomo2-dir-traversal NSE Script
Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. CVE-2011-0049. Vulnerability originally discovered by Michael Brooks. For more information about this vulnerability: Script Arguments http-majordomo2-dir-traversal.rfile Remote file to download. Default:...
nje-node-brute NSE Script
z/OS JES Network Job Entry NJE target node name brute force. NJE node communication is made up of an OHOST and an RHOST. Both fields must be present when conducting the handshake. This script attemtps to determine the target systems NJE node name. To initiate NJE the client sends a 33 byte record...
targets-ipv6-multicast-echo NSE Script
Sends an ICMPv6 echo request packet to the all-nodes link-local multicast address ff02::1 to discover responsive hosts on a LAN without needing to individually ping each IPv6 address. Script Arguments newtargets If true, add discovered targets to the scan queue...
address-info NSE Script
Shows extra information about IPv6 addresses, such as embedded MAC or IPv4 addresses when available. Some IP address formats encode extra information; for example some IPv6 addresses encode an IPv4 address or MAC address. This script can decode these address formats: IPv4-compatible IPv6 addresse...
ms-sql-config NSE Script
Queries Microsoft SQL Server ms-sql instances for a list of databases, linked servers, and configuration settings. SQL Server credentials required: Yes use ms-sql-brute, ms-sql-empty-password and/or mssql.username & mssql.password Run criteria: Host script: Will run if the mssql.instance-all,...
ipmi-brute NSE Script
Performs brute force password auditing against IPMI RPC server. Script Arguments brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass See the documentation for the brute...
icap-info NSE Script
Tests a list of known ICAP service names and prints information about any it detects. The Internet Content Adaptation Protocol ICAP is used to extend transparent proxy servers and is generally used for content filtering and antivirus scanning. Example Usage nmap -p 1344 --script icap-info Script...