From 1d3b5142befc016c37d32eb5a84ab86226253e36 Mon Sep 17 00:00:00 2001 From: dmiller Date: Fri, 24 Mar 2017 22:05:51 +0000 Subject: [PATCH] Fix some NSEdoc using the wrong script names --- nselib/amqp.lua | 3 ++- nselib/proxy.lua | 3 +++ scripts/allseeingeye-info.nse | 4 +-- scripts/amqp-info.nse | 2 -- scripts/bittorrent-discovery.nse | 6 ++--- scripts/cics-user-brute.nse | 10 +++---- scripts/distcc-cve2004-2687.nse | 2 +- scripts/dns-client-subnet-scan.nse | 16 +++++------ scripts/domino-enum-users.nse | 8 +++--- scripts/ftp-brute.nse | 2 +- scripts/ftp-vsftpd-backdoor.nse | 2 +- scripts/http-cookie-flags.nse | 2 +- scripts/http-devframework.nse | 3 ++- scripts/http-domino-enum-passwords.nse | 37 +++++++++++++------------- scripts/http-form-brute.nse | 2 +- scripts/http-gitweb-projects-enum.nse | 2 +- scripts/http-grep.nse | 2 +- scripts/http-open-proxy.nse | 3 --- scripts/http-userdir-enum.nse | 9 +++---- scripts/informix-tables.nse | 8 +++--- scripts/llmnr-resolve.nse | 2 +- scripts/lltd-discovery.nse | 2 +- scripts/mikrotik-routeros-brute.nse | 2 +- scripts/rdp-vuln-ms12-020.nse | 4 +-- scripts/rmi-dumpregistry.nse | 2 +- scripts/rmi-vuln-classloader.nse | 2 +- scripts/smtp-vuln-cve2010-4344.nse | 1 - scripts/smtp-vuln-cve2011-1720.nse | 2 -- scripts/smtp-vuln-cve2011-1764.nse | 1 - scripts/socks-open-proxy.nse | 2 -- scripts/tftp-enum.nse | 2 +- scripts/tn3270-screen.nse | 2 +- scripts/xmlrpc-methods.nse | 5 ++-- 33 files changed, 74 insertions(+), 81 deletions(-) diff --git a/nselib/amqp.lua b/nselib/amqp.lua index 9feee2d60..23aaf8905 100644 --- a/nselib/amqp.lua +++ b/nselib/amqp.lua @@ -13,7 +13,8 @@ -- o AMQP -- - This class contains the core functions needed to communicate with AMQP -- - +-- @args amqp.version Can be used to specify the client version to use (currently, 0-8, 0-9 or 0-9-1) +-- -- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html -- @author Sebastian Dragomir diff --git a/nselib/proxy.lua b/nselib/proxy.lua index 3119ed583..57304d0b1 100644 --- a/nselib/proxy.lua +++ b/nselib/proxy.lua @@ -1,6 +1,9 @@ --- -- Functions for proxy testing. -- +-- @args proxy.url Url that will be requested to the proxy +-- @args proxy.pattern Pattern that will be searched inside the request results +-- -- @author Joao Correa -- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html diff --git a/scripts/allseeingeye-info.nse b/scripts/allseeingeye-info.nse index 63714874f..70509f8a0 100644 --- a/scripts/allseeingeye-info.nse +++ b/scripts/allseeingeye-info.nse @@ -16,7 +16,7 @@ with the payload "s", it replies with various game server status info. When run as a version detection script (-sV), the script will report on the game name, version, actual port, and whether it has a -password. When run explicitly (--script ase-info), the +password. When run explicitly (--script allseeingeye-info), the script will additionally report on the server name, game type, map name, current number of players, maximum number of players, player information, and various other information. @@ -37,7 +37,7 @@ http://sourceforge.net/projects/gameq/ -- @output -- PORT STATE SERVICE REASON VERSION -- 27138/udp open allseeingeye udp-response All-Seeing Eye (game: chrome 1.2.0.0ww; port: 27015; no password) --- | ase-info: +-- | allseeingeye-info: -- | game: chrome -- | port: 27015 -- | server name: ChromeNet Server diff --git a/scripts/amqp-info.nse b/scripts/amqp-info.nse index b65cb0f02..d0d299f43 100644 --- a/scripts/amqp-info.nse +++ b/scripts/amqp-info.nse @@ -14,8 +14,6 @@ See http://www.rabbitmq.com/extensions.html for details on the -- @usage -- nmap --script amqp-info -p5672 --- --- @args amqp.version Can be used to specify the client version to use (currently, 0-8, 0-9 or 0-9-1) --- -- @output -- 5672/tcp open amqp -- | amqp-info: diff --git a/scripts/bittorrent-discovery.nse b/scripts/bittorrent-discovery.nse index 6084f4620..e6cefa770 100644 --- a/scripts/bittorrent-discovery.nse +++ b/scripts/bittorrent-discovery.nse @@ -23,11 +23,11 @@ peers as targets. -- -- @args bittorrent-discovery.torrent a string containing the filename of the torrent file -- @args bittorrent-discovery.magnet a string containing the magnet link of the torrent --- @args bittorrent-discover.timeout desired (not actual) timeout for the DHT discovery (default = 30s) --- @args bittorrent-discover.include-nodes boolean selecting whether to show only nodes +-- @args bittorrent-discovery.timeout desired (not actual) timeout for the DHT discovery (default = 30s) +-- @args bittorrent-discovery.include-nodes boolean selecting whether to show only nodes -- -- @output --- | bittorrent-peers: +-- | bittorrent-discovery: -- | Peers: -- | 97.88.178.168 -- | 89.100.184.36 diff --git a/scripts/cics-user-brute.nse b/scripts/cics-user-brute.nse index 3992b2262..7dc122c63 100644 --- a/scripts/cics-user-brute.nse +++ b/scripts/cics-user-brute.nse @@ -12,19 +12,19 @@ CICS User ID brute forcing script for the CESL login screen. ]] --- --- @args cics-user-enum.commands Commands in a semi-colon seperated list needed +-- @args cics-user-brute.commands Commands in a semi-colon seperated list needed -- to access CICS. Defaults to CICS. -- -- @usage --- nmap --script=cics-user-enum -p 23 +-- nmap --script=cics-user-brute -p 23 -- --- nmap --script=cics-user-enum --script-args userdb=users.txt, --- cics-user-enum.commands="exit;logon applid(cics42)" -p 23 +-- nmap --script=cics-user-brute --script-args userdb=users.txt, +-- cics-user-brute.commands="exit;logon applid(cics42)" -p 23 -- -- @output -- PORT STATE SERVICE -- 23/tcp open tn3270 --- | cics-user-enum: +-- | cics-user-brute: -- | Accounts: -- | PLAGUE: Valid - CICS User ID -- |_ Statistics: Performed 31 guesses in 114 seconds, average tps: 0 diff --git a/scripts/distcc-cve2004-2687.nse b/scripts/distcc-cve2004-2687.nse index 8b9d72820..747aeee61 100644 --- a/scripts/distcc-cve2004-2687.nse +++ b/scripts/distcc-cve2004-2687.nse @@ -16,7 +16,7 @@ present in modern implementation due to poor configuration of the service. -- @output -- PORT STATE SERVICE -- 3632/tcp open distccd --- | distcc-test: +-- | distcc-exec: -- | VULNERABLE: -- | distcc Daemon Command Execution -- | State: VULNERABLE (Exploitable) diff --git a/scripts/dns-client-subnet-scan.nse b/scripts/dns-client-subnet-scan.nse index cfb829345..9adf20e73 100644 --- a/scripts/dns-client-subnet-scan.nse +++ b/scripts/dns-client-subnet-scan.nse @@ -22,13 +22,13 @@ requests using a given subnet. -- nmap -sU -p 53 --script dns-client-subnet-scan --script-args \ -- 'dns-client-subnet-scan.domain=www.example.com, \ -- dns-client-subnet-scan.address=192.168.0.1 \ --- [,dns-client-subnet.nameserver=8.8.8.8] \ --- [,dns-client-subnet.mask=24]' +-- [,dns-client-subnet-scan.nameserver=8.8.8.8] \ +-- [,dns-client-subnet-scan.mask=24]' -- nmap --script dns-client-subnet-scan --script-args \ -- 'dns-client-subnet-scan.domain=www.example.com, \ -- dns-client-subnet-scan.address=192.168.0.1 \ --- dns-client-subnet.nameserver=8.8.8.8, \ --- [,dns-client-subnet.mask=24]' +-- dns-client-subnet-scan.nameserver=8.8.8.8, \ +-- [,dns-client-subnet-scan.mask=24]' -- -- @output -- 53/udp open domain udp-response @@ -42,10 +42,10 @@ requests using a given subnet. -- | . -- |_ . --- --- @args dns-client-subnet.domain The domain to lookup eg. www.example.org --- @args dns-client-subnet.address The client subnet address to use --- @args dns-client-subnet.mask [optional] The number of bits to use as subnet mask (default: 24) --- @args dns-client-subnet.nameserver [optional] nameserver to use. (default = host.ip) +-- @args dns-client-subnet-scan.domain The domain to lookup eg. www.example.org +-- @args dns-client-subnet-scan.address The client subnet address to use +-- @args dns-client-subnet-scan.mask [optional] The number of bits to use as subnet mask (default: 24) +-- @args dns-client-subnet-scan.nameserver [optional] nameserver to use. (default = host.ip) -- author = "John R. Bond" diff --git a/scripts/domino-enum-users.nse b/scripts/domino-enum-users.nse index 86910363a..84027de94 100644 --- a/scripts/domino-enum-users.nse +++ b/scripts/domino-enum-users.nse @@ -22,8 +22,8 @@ Attempts to discover valid IBM Lotus Domino users and download their ID files by -- |_ Successfully stored "MJacksson" in /tmp/MJacksson.id -- -- --- @args domino-id.path the location to which any retrieved ID files are stored --- @args domino-id.username the name of the user from which to retrieve the ID. +-- @args domino-enum-users.path the location to which any retrieved ID files are stored +-- @args domino-enum-users.username the name of the user from which to retrieve the ID. -- If this parameter is not specified, the unpwdb -- library will be used to brute force names of users. -- @@ -70,11 +70,11 @@ action = function(host, port) local helper = nrpc.Helper:new( host, port ) local status, data, usernames, err - local path = stdnse.get_script_args('domino-enum-users.path') + local path = stdnse.get_script_args(SCRIPT_NAME .. ".path") local result = {} local save_file = false local counter = 0 - local domino_username = stdnse.get_script_args("domino-enum-users.username") + local domino_username = stdnse.get_script_args(SCRIPT_NAME .. ".username") if ( domino_username ) then usernames = ( function() local b = true diff --git a/scripts/ftp-brute.nse b/scripts/ftp-brute.nse index 18bcbf3fd..b05de8f54 100644 --- a/scripts/ftp-brute.nse +++ b/scripts/ftp-brute.nse @@ -23,7 +23,7 @@ Based on old ftp-brute.nse script by Diman Todorov, Vlatko Kosturjak and Ron Bow -- @output -- PORT STATE SERVICE -- 21/tcp open ftp --- | my-ftp-brute: +-- | ftp-brute: -- | Accounts -- | root:root - Valid credentials -- | Statistics diff --git a/scripts/ftp-vsftpd-backdoor.nse b/scripts/ftp-vsftpd-backdoor.nse index 18c127fd8..1cd495bfa 100644 --- a/scripts/ftp-vsftpd-backdoor.nse +++ b/scripts/ftp-vsftpd-backdoor.nse @@ -24,7 +24,7 @@ References: -- @usage -- nmap --script ftp-vsftpd-backdoor -p 21 -- --- @args exploit.cmd or ftp-vsftpd-backdoor.cmd Command to execute in shell +-- @args ftp-vsftpd-backdoor.cmd Command to execute in shell -- (default is id). -- -- @output diff --git a/scripts/http-cookie-flags.nse b/scripts/http-cookie-flags.nse index 6c54fb9bb..7d8ca57bb 100644 --- a/scripts/http-cookie-flags.nse +++ b/scripts/http-cookie-flags.nse @@ -16,7 +16,7 @@ by it will be checked in addition to the root. -- -- @output -- 443/tcp open https --- | http-session-cookie-flags: +-- | http-cookie-flags: -- | /: -- | PHPSESSID: -- | secure flag not set and HTTPS in use diff --git a/scripts/http-devframework.nse b/scripts/http-devframework.nse index cde2faf91..ce0f1aee2 100644 --- a/scripts/http-devframework.nse +++ b/scripts/http-devframework.nse @@ -26,10 +26,11 @@ Note that the consumingDetect callback will not take place only if --- -- @usage nmap -p80 --script http-devframework.nse -- --- @args http-errors.rapid boolean value that determines if a rapid detection +-- @args http-devframework.rapid boolean value that determines if a rapid detection -- should take place. The main difference of a rapid vs a lengthy detection -- is that second one requires crawling through the website. Default: false -- (lengthy detection is performed) +-- @args http-devframework.fingerprintfile File containing fingerprints. Default: nselib/data/http-devframework-fingerprints.lua -- -- @output -- PORT STATE SERVICE REASON diff --git a/scripts/http-domino-enum-passwords.nse b/scripts/http-domino-enum-passwords.nse index e94a366ed..2223d4e75 100644 --- a/scripts/http-domino-enum-passwords.nse +++ b/scripts/http-domino-enum-passwords.nse @@ -30,12 +30,12 @@ and password or indirectly from results of http-brute or http-form-brute. --- -- @usage --- nmap --script domino-enum-passwords -p 80 --script-args domino-enum-passwords.username='patrik karlsson',domino-enum-passwords.password=secret +-- nmap --script http-domino-enum-passwords -p 80 --script-args http-domino-enum-passwords.username='patrik karlsson',http-domino-enum-passwords.password=secret -- -- @output -- PORT STATE SERVICE REASON -- 80/tcp open http syn-ack --- | domino-enum-passwords: +-- | http-domino-enum-passwords: -- | Information -- | Information retrieved as: "Jim Brass" -- | Internet hashes (salted, jtr: --format=DOMINOSEC) @@ -64,17 +64,19 @@ and password or indirectly from results of http-brute or http-form-brute. -- | Nick Stokes ID File has been downloaded (/tmp/id/Nick Stokes.id) -- | Catherine Willows ID File has been downloaded (/tmp/id/Catherine Willows.id) -- | --- |_ Results limited to 10 results (see domino-enum-passwords.count) +-- |_ Results limited to 10 results (see http-domino-enum-passwords.count) -- -- --- @args domino-enum-passwords.path points to the path protected by authentication --- @args domino-enum-passwords.hostname sets the host header in case of virtual hosting --- @args domino-enum-passwords.count the number of internet hashes and id files to fetch. +-- @args http-domino-enum-passwords.path points to the path protected by +-- authentication. Default:"/names.nsf/People?OpenView" +-- @args http-domino-enum-passwords.hostname sets the host header in case of virtual hosting. +-- Not needed if target is specified by name. +-- @args http-domino-enum-passwords.count the number of internet hashes and id files to fetch. -- If a negative value is given, all hashes and id files are retrieved (default: 10) --- @args domino-enum-passwords.idpath the path where downloaded ID files should be saved +-- @args http-domino-enum-passwords.idpath the path where downloaded ID files should be saved -- If not given, the script will only indicate if the ID file is donwloadable or not --- @args domino-enum-passwords.username Username for HTTP auth, if required --- @args domino-enum-passwords.password Password for HTTP auth, if required +-- @args http-domino-enum-passwords.username Username for HTTP auth, if required +-- @args http-domino-enum-passwords.password Password for HTTP auth, if required -- -- Version 0.4 @@ -212,15 +214,15 @@ local function fail (err) return stdnse.format_output(false, err) end action = function(host, port) - local path = "/names.nsf" - local download_path = stdnse.get_script_args('domino-enum-passwords.idpath') - local vhost= stdnse.get_script_args('domino-enum-passwords.hostname') - local user = stdnse.get_script_args('domino-enum-passwords.username') - local pass = stdnse.get_script_args('domino-enum-passwords.password') + local path = stdnse.get_script_args(SCRIPT_NAME .. '.path') or "/names.nsf/People?OpenView" + local download_path = stdnse.get_script_args(SCRIPT_NAME .. '.idpath') + local vhost= stdnse.get_script_args(SCRIPT_NAME .. '.hostname') + local user = stdnse.get_script_args(SCRIPT_NAME .. '.username') + local pass = stdnse.get_script_args(SCRIPT_NAME .. '.password') local pos, pager local links, result, hashes,legacyHashes, id_files = {}, {}, {}, {},{} local chunk_size = 30 - local max_fetch = tonumber(stdnse.get_script_args('domino-enum-passwords.count')) or 10 + local max_fetch = tonumber(stdnse.get_script_args(SCRIPT_NAME .. '.count')) or 10 local http_response local has_creds = false -- authentication required? @@ -242,12 +244,11 @@ action = function(host, port) end if not pass then local msg = has_creds and "No valid credentials were found" or "No credentials supplied" - return fail(("%s (see domino-enum-passwords.username and domino-enum-passwords.password)"):format(msg)) + return fail(("%s (see http-domino-enum-passwords.username and http-domino-enum-passwords.password)"):format(msg)) end end end - path = "/names.nsf/People?OpenView" http_response = http.get( vhost or host, port, path, { auth = { username = user, password = pass }, no_cache = true }) if http_response.status and http_response.status ==200 then pager = getPager( http_response.body ) @@ -346,7 +347,7 @@ action = function(host, port) local result = stdnse.format_output(true, result) if ( max_fetch > 0 ) then - result = result .. (" \n Results limited to %d results (see domino-enum-passwords.count)"):format(max_fetch) + result = result .. (" \n Results limited to %d results (see http-domino-enum-passwords.count)"):format(max_fetch) end return result diff --git a/scripts/http-form-brute.nse b/scripts/http-form-brute.nse index 0e433ebbf..fc1ea197b 100644 --- a/scripts/http-form-brute.nse +++ b/scripts/http-form-brute.nse @@ -53,7 +53,7 @@ the following rules: -- @output -- PORT STATE SERVICE REASON -- 80/tcp open http syn-ack --- | http-brute: +-- | http-form-brute: -- | Accounts -- | Patrik Karlsson:secret - Valid credentials -- | Statistics diff --git a/scripts/http-gitweb-projects-enum.nse b/scripts/http-gitweb-projects-enum.nse index 1af0d7ce1..306fb33a8 100644 --- a/scripts/http-gitweb-projects-enum.nse +++ b/scripts/http-gitweb-projects-enum.nse @@ -25,7 +25,7 @@ Retrieves a list of Git projects, owners and descriptions from a gitweb (web int -- | Number of projects: 172 -- |_ Number of owners: 42 -- --- @args http-gitweb.projects-enum.path specifies the location of gitweb +-- @args http-gitweb-projects-enum.path specifies the location of gitweb -- (default: /) author = "riemann" diff --git a/scripts/http-grep.nse b/scripts/http-grep.nse index 86324d723..ac5220888 100644 --- a/scripts/http-grep.nse +++ b/scripts/http-grep.nse @@ -71,7 +71,7 @@ The script searches for email and ip by default. -- @args http-grep.withindomain only spider URLs within the same -- domain. This widens the scope from withinhost and can -- not be used in combination. (default: false) --- @args http.breakonmatch Returns output if there is a match for a single pattern type. +-- @args http-grep.breakonmatch Returns output if there is a match for a single pattern type. -- @args http-grep.builtins supply a single or a list of built in types. supports email, phone, mastercard, discover, -- visa, amex, ssn and ip addresses. If you just put in script-args http-grep.builtins then all will be enabled. -- diff --git a/scripts/http-open-proxy.nse b/scripts/http-open-proxy.nse index 21b78462d..3a3f5f749 100644 --- a/scripts/http-open-proxy.nse +++ b/scripts/http-open-proxy.nse @@ -15,9 +15,6 @@ the target to retrieve a web page from www.google.com. ]] --- --- @args proxy.url Url that will be requested to the proxy --- @args proxy.pattern Pattern that will be searched inside the request results --- -- @usage -- nmap --script http-open-proxy.nse \ -- --script-args proxy.url=,proxy.pattern= diff --git a/scripts/http-userdir-enum.nse b/scripts/http-userdir-enum.nse index 9d93ab030..37c359511 100644 --- a/scripts/http-userdir-enum.nse +++ b/scripts/http-userdir-enum.nse @@ -26,8 +26,8 @@ CVE-2001-1013: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1013. ]] --- --- @args userdir.users The filename of a username list. --- @args limit The maximum number of users to check. +-- @args http-userdir-enum.users The filename of a username list. +-- @args http-userdir-enum.limit The maximum number of users to check. -- -- @output -- 80/tcp open http syn-ack Apache httpd 2.2.9 @@ -44,6 +44,7 @@ portrule = shortport.http local function fail (err) return stdnse.format_output(false, err) end action = function(host, port) + local limit = stdnse.get_script_args(SCRIPT_NAME .. '.limit') if(not nmap.registry.userdir) then init() @@ -117,9 +118,7 @@ end -- @return nil function init() - local customlist = nmap.registry.args.users or - (nmap.registry.args.userdir and nmap.registry.args.userdir.users) or - stdnse.get_script_args('userdir.users') + local customlist = stdnse.get_script_args(SCRIPT_NAME .. '.users') local read, usernames = datafiles.parse_file(customlist or "nselib/data/usernames.lst", {}) if not read then stdnse.debug1("%s", usernames or "Unknown Error reading usernames list.") diff --git a/scripts/informix-tables.nse b/scripts/informix-tables.nse index ddf627779..f31990072 100644 --- a/scripts/informix-tables.nse +++ b/scripts/informix-tables.nse @@ -43,8 +43,8 @@ Retrieves a list of tables and column definitions for each database on an Inform -- | warehouses warehouse_name 4 -- |_ warehouses warehouse_spec 4 -- --- @args informix-query.username The username used for authentication --- @args informix-query.password The password used for authentication +-- @args informix-tables.username The username used for authentication +-- @args informix-tables.password The password used for authentication -- -- Version 0.1 -- Created 27/07/2010 - v0.1 - created by Patrik Karlsson @@ -63,8 +63,8 @@ action = function( host, port ) local helper local status, data local result, output = {}, {} - local user = stdnse.get_script_args('informix-tables.username') - local pass = stdnse.get_script_args('informix-tables.password') or "" + local user = stdnse.get_script_args(SCRIPT_NAME .. '.username') + local pass = stdnse.get_script_args(SCRIPT_NAME .. '.password') or "" local query= [[ SELECT cast(tabname as char(20)) table, cast(colname as char(20)) column, cast( cast(nrows as int) as char(20)) rows FROM "informix".systables st, "informix".syscolumns sc diff --git a/scripts/llmnr-resolve.nse b/scripts/llmnr-resolve.nse index 0d82901ce..7a06c7870 100644 --- a/scripts/llmnr-resolve.nse +++ b/scripts/llmnr-resolve.nse @@ -31,7 +31,7 @@ For more information, see: -- --@output -- Pre-scan script results: --- | llmnr-query: +-- | llmnr-resolve: -- | acer-PC : 192.168.1.4 -- |_ Use the newtargets script-arg to add the results as targets -- diff --git a/scripts/lltd-discovery.nse b/scripts/lltd-discovery.nse index 454aafc05..37c7efd1f 100644 --- a/scripts/lltd-discovery.nse +++ b/scripts/lltd-discovery.nse @@ -23,7 +23,7 @@ http://www.microsoft.com/whdc/connect/Rally/LLTD-spec.mspx -- nmap -e --script lltd-discovery -- -- @args lltd-discovery.interface string specifying which interface to do lltd discovery on. If not specified, all ethernet interfaces are tried. --- @args lltd-discover.timeout timespec specifying how long to listen for replies (default 30s) +-- @args lltd-discovery.timeout timespec specifying how long to listen for replies (default 30s) -- -- @output -- | lltd-discovery: diff --git a/scripts/mikrotik-routeros-brute.nse b/scripts/mikrotik-routeros-brute.nse index 0431b0eb8..656ef2373 100644 --- a/scripts/mikrotik-routeros-brute.nse +++ b/scripts/mikrotik-routeros-brute.nse @@ -18,7 +18,7 @@ Additional information: -- | Statistics -- |_ Performed 60 guesses in 602 seconds, average tps: 0 -- --- @args mikrotik-routerous-brute.threads sets the number of threads. Default: 1 +-- @args mikrotik-routeros-brute.threads sets the number of threads. Default: 1 -- --- diff --git a/scripts/rdp-vuln-ms12-020.nse b/scripts/rdp-vuln-ms12-020.nse index 6bc758781..464011cac 100644 --- a/scripts/rdp-vuln-ms12-020.nse +++ b/scripts/rdp-vuln-ms12-020.nse @@ -33,12 +33,12 @@ Original check by by Worawit Wang (sleepya). --- -- @usage --- nmap -sV --script=rdp-ms12-020 -p 3389 +-- nmap -sV --script=rdp-vuln-ms12-020 -p 3389 -- -- @output -- PORT STATE SERVICE VERSION -- 3389/tcp open ms-wbt-server? --- | rdp-ms12-020: +-- | rdp-vuln-ms12-020: -- | VULNERABLE: -- | MS12-020 Remote Desktop Protocol Denial Of Service Vulnerability -- | State: VULNERABLE diff --git a/scripts/rmi-dumpregistry.nse b/scripts/rmi-dumpregistry.nse index 2d6a78690..93dfa0378 100644 --- a/scripts/rmi-dumpregistry.nse +++ b/scripts/rmi-dumpregistry.nse @@ -25,7 +25,7 @@ so-called "Custom data". ]] --- --- @usage nmap --script "rmi-dumpregistry.nse" -p 1098 +-- @usage nmap --script rmi-dumpregistry -p 1098 -- @output -- PORT STATE SERVICE REASON -- 1099/tcp open java-rmi syn-ack diff --git a/scripts/rmi-vuln-classloader.nse b/scripts/rmi-vuln-classloader.nse index ca5d8e673..17aa667a7 100644 --- a/scripts/rmi-vuln-classloader.nse +++ b/scripts/rmi-vuln-classloader.nse @@ -24,7 +24,7 @@ References: -- @output -- PORT STATE SERVICE -- 1099/tcp open rmiregistry --- | rmi-vuln: +-- | rmi-vuln-classloader: -- | VULNERABLE: -- | RMI registry default configuration remote code execution vulnerability -- | State: VULNERABLE diff --git a/scripts/smtp-vuln-cve2010-4344.nse b/scripts/smtp-vuln-cve2010-4344.nse index 92b7bf218..7b6b6af05 100644 --- a/scripts/smtp-vuln-cve2010-4344.nse +++ b/scripts/smtp-vuln-cve2010-4344.nse @@ -57,7 +57,6 @@ Reference: -- | Before 'id': uid=121(Debian-exim) gid=128(Debian-exim) groups=128(Debian-exim),45(sasl) -- |_ After 'id': uid=0(root) gid=128(Debian-exim) groups=0(root) -- --- @args smtp.domain Define the domain to be used in the SMTP EHLO command. -- @args smtp-vuln-cve2010-4344.exploit The script will force the checks, -- and will try to exploit the Exim SMTP server. -- @args smtp-vuln-cve2010-4344.mailfrom Define the source email address to diff --git a/scripts/smtp-vuln-cve2011-1720.nse b/scripts/smtp-vuln-cve2011-1720.nse index d1b150618..2544712e9 100644 --- a/scripts/smtp-vuln-cve2011-1720.nse +++ b/scripts/smtp-vuln-cve2011-1720.nse @@ -40,8 +40,6 @@ Reference: -- | http://www.postfix.org/CVE-2011-1720.html -- | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1720 -- |_ http://osvdb.org/72259 --- --- @args smtp.domain Define the domain to be used in the SMTP EHLO command. author = "Djalal Harouni" license = "Same as Nmap--See https://nmap.org/book/man-legal.html" diff --git a/scripts/smtp-vuln-cve2011-1764.nse b/scripts/smtp-vuln-cve2011-1764.nse index 208450bea..8c9683ab2 100644 --- a/scripts/smtp-vuln-cve2011-1764.nse +++ b/scripts/smtp-vuln-cve2011-1764.nse @@ -44,7 +44,6 @@ Reference: -- | http://osvdb.org/72156 -- |_ http://bugs.exim.org/show_bug.cgi?id=1106 -- --- @args smtp.domain Define the domain to be used in the SMTP EHLO command. -- @args smtp-vuln-cve2011-1764.mailfrom Define the source email address to -- be used. -- @args smtp-vuln-cve2011-1764.mailto Define the destination email address diff --git a/scripts/socks-open-proxy.nse b/scripts/socks-open-proxy.nse index b206cb1fe..f5fcc0cb7 100644 --- a/scripts/socks-open-proxy.nse +++ b/scripts/socks-open-proxy.nse @@ -16,8 +16,6 @@ different test host can be passed as proxy.url argument. ]] --- ---@args proxy.url URL that will be requested to the proxy. ---@args proxy.pattern Pattern that will be searched inside the request results. --@output -- PORT STATE SERVICE -- 1080/tcp open socks diff --git a/scripts/tftp-enum.nse b/scripts/tftp-enum.nse index ce9913c25..88ee1c38e 100644 --- a/scripts/tftp-enum.nse +++ b/scripts/tftp-enum.nse @@ -24,7 +24,7 @@ http://code.google.com/p/tftptheft/. ]] --- --- @usage nmap -sU -p 69 --script tftp-enum.nse --script-args="tftp-enum.filelist=customlist.txt" +-- @usage nmap -sU -p 69 --script tftp-enum.nse --script-args tftp-enum.filelist=customlist.txt -- -- @args filelist - file name with list of filenames to enumerate at tftp server -- diff --git a/scripts/tn3270-screen.nse b/scripts/tn3270-screen.nse index c5f730be4..8ca13e402 100644 --- a/scripts/tn3270-screen.nse +++ b/scripts/tn3270-screen.nse @@ -42,7 +42,7 @@ Hidden fields will be listed below the screen with (row, col) coordinates. -- | -- |_Your IP(10.10.10.375 :64199), SNA LU( ) 05/30/15 13:33:37 -- --- @args tn3270.commands a semi-colon separated list of commands you want to +-- @args tn3270-screen.commands a semi-colon separated list of commands you want to -- issue before printing the screen -- -- diff --git a/scripts/xmlrpc-methods.nse b/scripts/xmlrpc-methods.nse index 3bc7755bd..1640ed078 100644 --- a/scripts/xmlrpc-methods.nse +++ b/scripts/xmlrpc-methods.nse @@ -15,11 +15,10 @@ of system.methodHelp for each method returned by listMethods. ]] --- --- @usage nmap xmlrpc-info --- --- @args xmlrpc-info.url The URI path to request. +-- @args xmlrpc-methods.url The URI path to request. -- -- @output +-- | xmlrpc-methods: -- | Supported Methods: -- | list -- | system.listMethods