diff --git a/scripts/ASN.nse b/scripts/ASN.nse index 7efb0c460..ae6688f38 100644 --- a/scripts/ASN.nse +++ b/scripts/ASN.nse @@ -1,18 +1,21 @@ id = "AS Numbers" description = [[ This script performs IP address to Autonomous System Numbers (ASN) lookups. It -sends DNS TXT queries to a DNS server which in turn queries a third party service -provided by Team Cymru (team-cymru.org) using an in-addr.arpa style zone set-up -especially for use by Nmap. +sends DNS TXT queries to a DNS server which in turn queries a third party +service provided by Team Cymru (team-cymru.org) using an in-addr.arpa style +zone set-up especially for use by Nmap. \n -The respnses to these queries contain both Origin and Peer ASNs and their descriptions, -displayed along with the BG Prefix and Country Code. +The respnses to these queries contain both Origin and Peer ASNs and their +descriptions, displayed along with the BG Prefix and Country Code. \n -The script caches results to reduce the number of queries and should perform a single -query for all scanned targets in a BG Prefix present in Team Cymru's database. -\n\n -Please be aware that any targets for which a query is performed will be revealed -to a Team Cymru. +The script caches results to reduce the number of queries and should perform a +single query for all scanned targets in a BG Prefix present in Team Cymru's +database. +\n +Be aware that any targets against which this script is run will be sent to and +potentially recorded by one or more DNS servers and Team Cymru. In addition +your IP address will be sent along with the ASN to a DNS server (your default +DNS server, or whichever you specified with the dns script argument). ]] @@ -36,7 +39,7 @@ to a Team Cymru. author = "jah, Michael" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -categories = {"discovery"} +categories = {"discovery", "external"} runlevel = 1 diff --git a/scripts/dns-safe-recursion-port.nse b/scripts/dns-safe-recursion-port.nse index 8e544dc94..bf1f843f7 100644 --- a/scripts/dns-safe-recursion-port.nse +++ b/scripts/dns-safe-recursion-port.nse @@ -1,6 +1,15 @@ id = "DNS source port randomness" -description = "Queries porttest.dns-oarc.net to check for the predictable-port DNS recursion vulnerability. Predictable source ports can make a DNS server vulnerable to cache poisoning attacks (CVE-2008-1447)" +description = [[ +Queries porttest.dns-oarc.net to check for the predictable-port DNS recursion +vulnerability. Predictable source ports can make a DNS server vulnerable to +cache poisoning attacks (CVE-2008-1447) +\n +Be aware that any targets against which this script is run will be sent to and +potentially recorded by one or more DNS servers and the porttest server. In +addition your IP address will be sent along with the porttest query to the DNS +server running on the target. +]] license = "Script: Same as Nmap--See http://nmap.org/book/man-legal.html\n" .. "porttest.dns-oarc.net: https://www.dns-oarc.net/oarc/services/porttest" @@ -14,7 +23,7 @@ author = "Script: Brandon Enright \n" .. -- The likely long-term availability makes this script a good candidate -- for inclusion in Nmap proper. -categories = {"intrusive"} +categories = {"external", "intrusive"} require "bit" require "comm" diff --git a/scripts/dns-safe-recursion-txid.nse b/scripts/dns-safe-recursion-txid.nse index a958903fd..44a47c859 100644 --- a/scripts/dns-safe-recursion-txid.nse +++ b/scripts/dns-safe-recursion-txid.nse @@ -1,6 +1,15 @@ id = "DNS TXID randomness" -description = "Queries txidtest.dns-oarc.net to check for the predictable-TXID DNS recursion vulnerability. Predictable TXID values can make a DNS server vulnerable to cache poisoning attacks (CVE-2008-1447)" +description = [[ +Queries txidtest.dns-oarc.net to check for the predictable-TXID DNS recursion +vulnerability. Predictable TXID values can make a DNS server vulnerable to +cache poisoning attacks (CVE-2008-1447)" +\n +Be aware that any targets against which this script is run will be sent to and +potentially recorded by one or more DNS servers and the txidtest server. In +addition your IP address will be sent along with the txidtest query to the DNS +server running on the target. +]] license = "Script: Same as Nmap--See http://nmap.org/book/man-legal.html\n" .. "txidtest.dns-oarc.net: https://www.dns-oarc.net/oarc/services/txidtest" @@ -14,7 +23,7 @@ author = "Script: Brandon Enright \n" .. -- The likely long-term availability makes this script a good candidate -- for inclusion in Nmap proper. -categories = {"intrusive"} +categories = {"external", "intrusive"} require "bit" require "comm" diff --git a/scripts/ripeQuery.nse b/scripts/ripeQuery.nse index a25ebc783..27630e6bd 100644 --- a/scripts/ripeQuery.nse +++ b/scripts/ripeQuery.nse @@ -2,11 +2,16 @@ require "comm" require "ipOps" id = "RIPE query" -description = "Connects to the RIPE database, extracts and prints the role: entry for the IP." +description = [[ +Connects to the RIPE database, extracts and prints the role: entry for the IP. +\n +This script uses an external database. Your IP address and the IP address of +the target will be sent to whois.ripe.net. +]] author = "Diman Todorov " license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -categories = {"discovery"} +categories = {"discovery", "external"} hostrule = function(host, port) return not ipOps.isPrivate(host.ip) diff --git a/scripts/script.db b/scripts/script.db index f8cdfe575..dd5236db5 100644 --- a/scripts/script.db +++ b/scripts/script.db @@ -1,88 +1,92 @@ -Entry{ category = "default", filename = "dns-test-open-recursion.nse" } -Entry{ category = "intrusive", filename = "dns-test-open-recursion.nse" } +Entry{ category = "default", filename = "showOwner.nse" } +Entry{ category = "safe", filename = "showOwner.nse" } +Entry{ category = "demo", filename = "daytimeTest.nse" } Entry{ category = "default", filename = "RealVNC_auth_bypass.nse" } Entry{ category = "malware", filename = "RealVNC_auth_bypass.nse" } Entry{ category = "vuln", filename = "RealVNC_auth_bypass.nse" } -Entry{ category = "intrusive", filename = "dns-safe-recursion-port.nse" } -Entry{ category = "intrusive", filename = "SNMPcommunitybrute.nse" } -Entry{ category = "auth", filename = "SNMPcommunitybrute.nse" } -Entry{ category = "default", filename = "showOwner.nse" } -Entry{ category = "safe", filename = "showOwner.nse" } -Entry{ category = "default", filename = "SSLv2-support.nse" } -Entry{ category = "safe", filename = "SSLv2-support.nse" } -Entry{ category = "malware", filename = "ircZombieTest.nse" } -Entry{ category = "version", filename = "skype_v2-version.nse" } -Entry{ category = "discovery", filename = "HTTPtrace.nse" } -Entry{ category = "demo", filename = "echoTest.nse" } -Entry{ category = "default", filename = "UPnP-info.nse" } -Entry{ category = "safe", filename = "UPnP-info.nse" } -Entry{ category = "default", filename = "rpcinfo.nse" } -Entry{ category = "safe", filename = "rpcinfo.nse" } -Entry{ category = "discovery", filename = "rpcinfo.nse" } -Entry{ category = "auth", filename = "bruteTelnet.nse" } -Entry{ category = "intrusive", filename = "bruteTelnet.nse" } -Entry{ category = "intrusive", filename = "dns-safe-recursion-txid.nse" } -Entry{ category = "default", filename = "SMTPcommands.nse" } -Entry{ category = "discovery", filename = "SMTPcommands.nse" } -Entry{ category = "safe", filename = "SMTPcommands.nse" } -Entry{ category = "default", filename = "robots.nse" } -Entry{ category = "safe", filename = "robots.nse" } -Entry{ category = "default", filename = "zoneTrans.nse" } -Entry{ category = "intrusive", filename = "zoneTrans.nse" } -Entry{ category = "discovery", filename = "zoneTrans.nse" } -Entry{ category = "discovery", filename = "whois.nse" } -Entry{ category = "safe", filename = "whois.nse" } -Entry{ category = "discovery", filename = "ripeQuery.nse" } -Entry{ category = "demo", filename = "chargenTest.nse" } -Entry{ category = "malware", filename = "strangeSMTPport.nse" } -Entry{ category = "version", filename = "iax2Detect.nse" } -Entry{ category = "demo", filename = "showSMTPVersion.nse" } -Entry{ category = "discovery", filename = "ASN.nse" } -Entry{ category = "default", filename = "showHTMLTitle.nse" } -Entry{ category = "demo", filename = "showHTMLTitle.nse" } -Entry{ category = "safe", filename = "showHTMLTitle.nse" } -Entry{ category = "discovery", filename = "promiscuous.nse" } -Entry{ category = "version", filename = "netbios-smb-os-discovery.nse" } -Entry{ category = "default", filename = "anonFTP.nse" } -Entry{ category = "auth", filename = "anonFTP.nse" } -Entry{ category = "intrusive", filename = "anonFTP.nse" } Entry{ category = "intrusive", filename = "SQLInject.nse" } Entry{ category = "vuln", filename = "SQLInject.nse" } +Entry{ category = "auth", filename = "bruteTelnet.nse" } +Entry{ category = "intrusive", filename = "bruteTelnet.nse" } +Entry{ category = "discovery", filename = "HTTPtrace.nse" } Entry{ category = "demo", filename = "SMTP_openrelay_test.nse" } -Entry{ category = "default", filename = "nbstat.nse" } -Entry{ category = "discovery", filename = "nbstat.nse" } -Entry{ category = "safe", filename = "nbstat.nse" } Entry{ category = "default", filename = "HTTPAuth.nse" } Entry{ category = "auth", filename = "HTTPAuth.nse" } Entry{ category = "intrusive", filename = "HTTPAuth.nse" } -Entry{ category = "default", filename = "finger.nse" } -Entry{ category = "discovery", filename = "finger.nse" } -Entry{ category = "demo", filename = "showHTTPVersion.nse" } -Entry{ category = "default", filename = "SSHv1-support.nse" } -Entry{ category = "safe", filename = "SSHv1-support.nse" } -Entry{ category = "default", filename = "popcapa.nse" } -Entry{ category = "default", filename = "SNMPsysdescr.nse" } -Entry{ category = "discovery", filename = "SNMPsysdescr.nse" } -Entry{ category = "safe", filename = "SNMPsysdescr.nse" } -Entry{ category = "intrusive", filename = "brutePOP3.nse" } -Entry{ category = "auth", filename = "brutePOP3.nse" } -Entry{ category = "default", filename = "MySQLinfo.nse" } -Entry{ category = "discovery", filename = "MySQLinfo.nse" } -Entry{ category = "safe", filename = "MySQLinfo.nse" } -Entry{ category = "default", filename = "ftpbounce.nse" } -Entry{ category = "intrusive", filename = "ftpbounce.nse" } -Entry{ category = "auth", filename = "xamppDefaultPass.nse" } -Entry{ category = "vuln", filename = "xamppDefaultPass.nse" } -Entry{ category = "intrusive", filename = "HTTPpasswd.nse" } -Entry{ category = "vuln", filename = "HTTPpasswd.nse" } -Entry{ category = "demo", filename = "showSSHVersion.nse" } -Entry{ category = "version", filename = "PPTPversion.nse" } -Entry{ category = "default", filename = "ircServerInfo.nse" } -Entry{ category = "discovery", filename = "ircServerInfo.nse" } +Entry{ category = "default", filename = "dns-test-open-recursion.nse" } +Entry{ category = "intrusive", filename = "dns-test-open-recursion.nse" } +Entry{ category = "demo", filename = "chargenTest.nse" } +Entry{ category = "default", filename = "showHTMLTitle.nse" } +Entry{ category = "demo", filename = "showHTMLTitle.nse" } +Entry{ category = "safe", filename = "showHTMLTitle.nse" } Entry{ category = "default", filename = "MSSQLm.nse" } Entry{ category = "discovery", filename = "MSSQLm.nse" } Entry{ category = "intrusive", filename = "MSSQLm.nse" } +Entry{ category = "demo", filename = "echoTest.nse" } +Entry{ category = "default", filename = "SSHv1-support.nse" } +Entry{ category = "safe", filename = "SSHv1-support.nse" } +Entry{ category = "default", filename = "MySQLinfo.nse" } +Entry{ category = "discovery", filename = "MySQLinfo.nse" } +Entry{ category = "safe", filename = "MySQLinfo.nse" } +Entry{ category = "auth", filename = "xamppDefaultPass.nse" } +Entry{ category = "vuln", filename = "xamppDefaultPass.nse" } +Entry{ category = "default", filename = "SSLv2-support.nse" } +Entry{ category = "safe", filename = "SSLv2-support.nse" } +Entry{ category = "default", filename = "zoneTrans.nse" } +Entry{ category = "intrusive", filename = "zoneTrans.nse" } +Entry{ category = "discovery", filename = "zoneTrans.nse" } +Entry{ category = "default", filename = "ftpbounce.nse" } +Entry{ category = "intrusive", filename = "ftpbounce.nse" } +Entry{ category = "version", filename = "skype_v2-version.nse" } +Entry{ category = "discovery", filename = "promiscuous.nse" } +Entry{ category = "default", filename = "SNMPsysdescr.nse" } +Entry{ category = "discovery", filename = "SNMPsysdescr.nse" } +Entry{ category = "safe", filename = "SNMPsysdescr.nse" } +Entry{ category = "demo", filename = "showSMTPVersion.nse" } +Entry{ category = "default", filename = "nbstat.nse" } +Entry{ category = "discovery", filename = "nbstat.nse" } +Entry{ category = "safe", filename = "nbstat.nse" } +Entry{ category = "version", filename = "iax2Detect.nse" } +Entry{ category = "default", filename = "rpcinfo.nse" } +Entry{ category = "safe", filename = "rpcinfo.nse" } +Entry{ category = "discovery", filename = "rpcinfo.nse" } Entry{ category = "default", filename = "HTTP_open_proxy.nse" } Entry{ category = "discovery", filename = "HTTP_open_proxy.nse" } Entry{ category = "intrusive", filename = "HTTP_open_proxy.nse" } -Entry{ category = "demo", filename = "daytimeTest.nse" } +Entry{ category = "intrusive", filename = "HTTPpasswd.nse" } +Entry{ category = "vuln", filename = "HTTPpasswd.nse" } +Entry{ category = "demo", filename = "showSSHVersion.nse" } +Entry{ category = "default", filename = "SMTPcommands.nse" } +Entry{ category = "discovery", filename = "SMTPcommands.nse" } +Entry{ category = "safe", filename = "SMTPcommands.nse" } +Entry{ category = "default", filename = "anonFTP.nse" } +Entry{ category = "auth", filename = "anonFTP.nse" } +Entry{ category = "intrusive", filename = "anonFTP.nse" } +Entry{ category = "version", filename = "netbios-smb-os-discovery.nse" } +Entry{ category = "default", filename = "robots.nse" } +Entry{ category = "safe", filename = "robots.nse" } +Entry{ category = "default", filename = "finger.nse" } +Entry{ category = "discovery", filename = "finger.nse" } +Entry{ category = "default", filename = "UPnP-info.nse" } +Entry{ category = "safe", filename = "UPnP-info.nse" } +Entry{ category = "malware", filename = "strangeSMTPport.nse" } +Entry{ category = "default", filename = "ircServerInfo.nse" } +Entry{ category = "discovery", filename = "ircServerInfo.nse" } +Entry{ category = "malware", filename = "ircZombieTest.nse" } +Entry{ category = "discovery", filename = "ripeQuery.nse" } +Entry{ category = "external", filename = "ripeQuery.nse" } +Entry{ category = "demo", filename = "showHTTPVersion.nse" } +Entry{ category = "version", filename = "PPTPversion.nse" } +Entry{ category = "discovery", filename = "ASN.nse" } +Entry{ category = "external", filename = "ASN.nse" } +Entry{ category = "intrusive", filename = "brutePOP3.nse" } +Entry{ category = "auth", filename = "brutePOP3.nse" } +Entry{ category = "default", filename = "popcapa.nse" } +Entry{ category = "intrusive", filename = "SNMPcommunitybrute.nse" } +Entry{ category = "auth", filename = "SNMPcommunitybrute.nse" } +Entry{ category = "discovery", filename = "whois.nse" } +Entry{ category = "external", filename = "whois.nse" } +Entry{ category = "safe", filename = "whois.nse" } +Entry{ category = "intrusive", filename = "dns-safe-recursion-txid.nse" } +Entry{ category = "external", filename = "dns-safe-recursion-port.nse" } +Entry{ category = "intrusive", filename = "dns-safe-recursion-port.nse" } diff --git a/scripts/whois.nse b/scripts/whois.nse index 4dbcbe163..c102c9f08 100644 --- a/scripts/whois.nse +++ b/scripts/whois.nse @@ -24,6 +24,10 @@ to ensure that the most accurate information about the IP address assignment is should be used with a value of "nocache" (see script arguments below). This reduces the range of addresses that may use a cached record to a size that helps ensure that smaller assignments will be discovered. This option should be used with caution due to the potential to send large numbers of whois queries and possibly be banned from using the services. +\n\n +In using this script your IP address will be sent to iana.org. Additionally +your address and the address of the target of the scan will be sent to one of +the RIRs. ]] --- @@ -83,7 +87,7 @@ id = "Whois" author = "jah " license = "See Nmap License: http://nmap.org/book/man-legal.html" runlevel = 1 -categories = {"discovery", "safe"} +categories = {"discovery", "external", "safe"} local url = require "url" local http = require "http"