From 39915551a492241e9d4e23c9a1bc9a4b58c7f3b2 Mon Sep 17 00:00:00 2001 From: dmiller Date: Mon, 23 Jan 2017 20:37:22 +0000 Subject: [PATCH] NSEdoc fixes and cross-references --- scripts/ftp-anon.nse | 2 ++ scripts/ftp-brute.nse | 5 +++-- scripts/http-adobe-coldfusion-apsa1301.nse | 4 ++++ scripts/http-aspnet-debug.nse | 6 +++--- scripts/http-coldfusion-subzero.nse | 4 ++++ scripts/http-cross-domain-policy.nse | 10 +++++----- scripts/http-drupal-enum-users.nse | 2 ++ scripts/http-drupal-enum.nse | 4 +++- scripts/http-sql-injection.nse | 2 ++ scripts/http-vuln-cve2009-3960.nse | 4 ++++ scripts/http-vuln-cve2010-2861.nse | 4 ++++ scripts/http-vuln-cve2011-3192.nse | 3 +++ scripts/http-vuln-cve2013-6786.nse | 8 +++++--- scripts/http-vuln-cve2014-2126.nse | 4 ++++ scripts/http-vuln-cve2014-2127.nse | 4 ++++ scripts/http-vuln-cve2014-2128.nse | 6 +++++- scripts/http-vuln-cve2014-2129.nse | 6 +++++- scripts/http-vuln-cve2014-3704.nse | 2 ++ scripts/http-vuln-misfortune-cookie.nse | 2 ++ scripts/http-wordpress-enum.nse | 2 ++ scripts/ms-sql-brute.nse | 2 ++ scripts/ms-sql-empty-password.nse | 2 ++ scripts/mysql-brute.nse | 2 ++ scripts/mysql-empty-password.nse | 2 ++ scripts/netbus-auth-bypass.nse | 1 + scripts/netbus-brute.nse | 1 + scripts/oracle-brute-stealth.nse | 2 ++ scripts/oracle-brute.nse | 2 ++ scripts/realvnc-auth-bypass.nse | 2 ++ scripts/vnc-brute.nse | 2 ++ 30 files changed, 86 insertions(+), 16 deletions(-) diff --git a/scripts/ftp-anon.nse b/scripts/ftp-anon.nse index 02dbc0fa4..c1de3971d 100644 --- a/scripts/ftp-anon.nse +++ b/scripts/ftp-anon.nse @@ -13,6 +13,8 @@ and highlights writeable files. ]] --- +-- @see ftp-brute.nse +-- -- @args ftp-anon.maxlist The maximum number of files to return in the -- directory listing. By default it is 20, or unlimited if verbosity is -- enabled. Use a negative number to disable the limit, or diff --git a/scripts/ftp-brute.nse b/scripts/ftp-brute.nse index 5e6a0513a..18bcbf3fd 100644 --- a/scripts/ftp-brute.nse +++ b/scripts/ftp-brute.nse @@ -9,11 +9,11 @@ description = [[ Performs brute force password auditing against FTP servers. Based on old ftp-brute.nse script by Diman Todorov, Vlatko Kosturjak and Ron Bowes. - -06.08.16 - Modified by Sergey Khegay to support new brute.lua adaptability mechanism. ]] --- +-- @see ftp-anon.nse +-- -- @usage -- nmap --script ftp-brute -p 21 -- @@ -33,6 +33,7 @@ Based on old ftp-brute.nse script by Diman Todorov, Vlatko Kosturjak and Ron Bow -- Lowering this value may result in a higher throughput for servers -- having a delayed response on incorrect login attempts. (default: 5s) +-- 06.08.16 - Modified by Sergey Khegay to support new brute.lua adaptability mechanism. author = "Aleksandar Nikolic" license = "Same as Nmap--See https://nmap.org/book/man-legal.html" categories = {"intrusive", "brute"} diff --git a/scripts/http-adobe-coldfusion-apsa1301.nse b/scripts/http-adobe-coldfusion-apsa1301.nse index d69479576..19ba2207b 100644 --- a/scripts/http-adobe-coldfusion-apsa1301.nse +++ b/scripts/http-adobe-coldfusion-apsa1301.nse @@ -7,6 +7,10 @@ Reference: ]] --- +-- @see http-coldfusion-subzero.nse +-- @see http-vuln-cve2009-3960.nse +-- @see http-vuln-cve2010-2861.nse +-- -- @usage nmap -sV --script http-adobe-coldfusion-apsa1301 -- @usage nmap -p80 --script http-adobe-coldfusion-apsa1301 --script-args basepath=/cf/adminapi/ -- diff --git a/scripts/http-aspnet-debug.nse b/scripts/http-aspnet-debug.nse index e45b296b5..111bf657a 100644 --- a/scripts/http-aspnet-debug.nse +++ b/scripts/http-aspnet-debug.nse @@ -13,10 +13,10 @@ application debugging configuration. ]] --- --- @usage nmap --script http-debug --- @usage nmap --script http-debug --script-args http-aspnet-debug.path=/path +-- @usage nmap --script http-aspnet-debug +-- @usage nmap --script http-aspnet-debug --script-args http-aspnet-debug.path=/path -- --- @args http-debug.path Path to URI. Default: / +-- @args http-aspnet-debug.path Path to URI. Default: / -- -- @output -- 80/tcp open http syn-ack diff --git a/scripts/http-coldfusion-subzero.nse b/scripts/http-coldfusion-subzero.nse index 908b33692..ae7d5baad 100644 --- a/scripts/http-coldfusion-subzero.nse +++ b/scripts/http-coldfusion-subzero.nse @@ -7,6 +7,10 @@ This was based on the exploit 'ColdSub-Zero.pyFusion v2'. ]] --- +-- @see http-adobe-coldfusion-apsa1301.nse +-- @see http-vuln-cve2009-3960.nse +-- @see http-vuln-cve2010-2861.nse +-- -- @usage nmap -sV --script http-coldfusion-subzero -- @usage nmap -p80 --script http-coldfusion-subzero --script-args basepath=/cf/ -- diff --git a/scripts/http-cross-domain-policy.nse b/scripts/http-cross-domain-policy.nse index e86acedc3..c28a243df 100644 --- a/scripts/http-cross-domain-policy.nse +++ b/scripts/http-cross-domain-policy.nse @@ -14,7 +14,7 @@ attacks and may allow attackers to access sensitive data. This script is useful configurations and possible domain names available for purchase to exploit the application. The script queries instantdomainsearch.com to lookup the domains. This functionality is -turned off by default, to enable it set the script argument http-crossdomainxml.domain-lookup. +turned off by default, to enable it set the script argument http-cross-domain-policy.domain-lookup. References: * http://sethsec.blogspot.com/2014/03/exploiting-misconfigured-crossdomainxml.html @@ -26,13 +26,13 @@ References: ]] --- --- @usage nmap --script http-crossdomainxml --- @usage nmap -p 80 --script http-crossdomainxml --script-args http.domain-lookup=true +-- @usage nmap --script http-cross-domain-policy +-- @usage nmap -p 80 --script http-cross-domain-policy --script-args http-cross-domain-policy.domain-lookup=true -- -- @output -- PORT STATE SERVICE REASON -- 8080/tcp open http-proxy syn-ack --- | http-crossdomainxml-slaxml: +-- | http-cross-domain-policy: -- | VULNERABLE: -- | Cross-domain policy file (crossdomain.xml) -- | State: VULNERABLE @@ -75,7 +75,7 @@ References: -- |_ https://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html -- -- --- @args http-crossdomainxml.domain-lookup Boolean to check domain availability. Default:false +-- @args http-cross-domain-policy.domain-lookup Boolean to check domain availability. Default:false -- -- @xmloutput -- Cross-domain and Client Access policies. diff --git a/scripts/http-drupal-enum-users.nse b/scripts/http-drupal-enum-users.nse index c1cca2784..2ccf1890b 100644 --- a/scripts/http-drupal-enum-users.nse +++ b/scripts/http-drupal-enum-users.nse @@ -17,6 +17,8 @@ For more information,see: ]] --- +-- @see http-vuln-cve2014-3704.nse +-- -- @usage -- nmap --script=http-drupal-enum-users --script-args http-drupal-enum-users.root="/path/" -- diff --git a/scripts/http-drupal-enum.nse b/scripts/http-drupal-enum.nse index e6908b669..4c33a7a49 100644 --- a/scripts/http-drupal-enum.nse +++ b/scripts/http-drupal-enum.nse @@ -25,6 +25,8 @@ If you want to update your themes or module list refer to the link below. ]] --- +-- @see http-vuln-cve2014-3704.nse +-- -- @args http-drupal-enum.root The base path. Defaults to /. -- @args http-drupal-enum.number Number of modules to check. -- Use this option with a number or "all" as an argument to test for all modules. @@ -227,4 +229,4 @@ function action (host, port) end end -end \ No newline at end of file +end diff --git a/scripts/http-sql-injection.nse b/scripts/http-sql-injection.nse index 97a4b5739..9942262fc 100644 --- a/scripts/http-sql-injection.nse +++ b/scripts/http-sql-injection.nse @@ -29,6 +29,8 @@ license = "Same as Nmap--See https://nmap.org/book/man-legal.html" categories = {"intrusive", "vuln"} --- +-- @see http-vuln-cve2014-3704 +-- -- @args http-sql-injection.maxpagecount the maximum amount of pages to visit. -- A negative value disables the limit (default: 20) -- @args http-sql-injection.url the url to start spidering. This is a URL diff --git a/scripts/http-vuln-cve2009-3960.nse b/scripts/http-vuln-cve2009-3960.nse index 62f6ef8a1..5c9720f10 100644 --- a/scripts/http-vuln-cve2009-3960.nse +++ b/scripts/http-vuln-cve2009-3960.nse @@ -20,6 +20,10 @@ For more information see: ]] --- +-- @see http-adobe-coldfusion-apsa1301.nse +-- @see http-coldfusion-subzero.nse +-- @see http-vuln-cve2010-2861.nse +-- -- @args http-vuln-cve2009-3960.root Points to the root path. Defaults to "/" -- @args http-vuln-cve2009-3960.readfile target file to be read. Defaults to "/etc/passwd" -- diff --git a/scripts/http-vuln-cve2010-2861.nse b/scripts/http-vuln-cve2010-2861.nse index d168de83e..dd01345b8 100644 --- a/scripts/http-vuln-cve2010-2861.nse +++ b/scripts/http-vuln-cve2010-2861.nse @@ -17,6 +17,10 @@ the password hash. ]] --- +-- @see http-adobe-coldfusion-apsa1301.nse +-- @see http-coldfusion-subzero.nse +-- @see http-vuln-cve2009-3960.nse +-- -- @usage -- nmap --script http-vuln-cve2010-2861 -- diff --git a/scripts/http-vuln-cve2011-3192.nse b/scripts/http-vuln-cve2011-3192.nse index 608c0da3d..a92a26ede 100644 --- a/scripts/http-vuln-cve2011-3192.nse +++ b/scripts/http-vuln-cve2011-3192.nse @@ -14,6 +14,9 @@ References: ]] --- +-- @see http-slowloris-check.nse +-- @see http-slowloris.nse +-- -- @usage -- nmap --script http-vuln-cve2011-3192.nse [--script-args http-vuln-cve2011-3192.hostname=nmap.scanme.org] -pT:80,443 -- diff --git a/scripts/http-vuln-cve2013-6786.nse b/scripts/http-vuln-cve2013-6786.nse index 0d4e6b7e3..ddaa69285 100644 --- a/scripts/http-vuln-cve2013-6786.nse +++ b/scripts/http-vuln-cve2013-6786.nse @@ -7,13 +7,15 @@ other software may be vulnerable in the same way. ]] --- --- @usage nmap -p80 --script http-rompager-xss --- @usage nmap -sV http-rompager-xss +-- @see http-vuln-misfortune-cookie.nse +-- +-- @usage nmap -p80 --script http-vuln-cve2013-6786 +-- @usage nmap -sV http-vuln-cve2013-6786 -- -- @output -- PORT STATE SERVICE -- 80/tcp open http --- | http-rompager-xss: +-- | http-vuln-cve2013-6786: -- | VULNERABLE: -- | URL redirection and reflected XSS vulnerability in Allegro RomPager Web server -- | State: VULNERABLE (Exploitable) diff --git a/scripts/http-vuln-cve2014-2126.nse b/scripts/http-vuln-cve2014-2126.nse index d5f4b37f3..c4a525921 100644 --- a/scripts/http-vuln-cve2014-2126.nse +++ b/scripts/http-vuln-cve2014-2126.nse @@ -10,6 +10,10 @@ Privilege Escalation Vulnerability (CVE-2014-2126). ]] --- +-- @see http-vuln-cve2014-2127.nse +-- @see http-vuln-cve2014-2128.nse +-- @see http-vuln-cve2014-2129.nse +-- -- @usage -- nmap -p 443 --script http-vuln-cve2014-2126 -- diff --git a/scripts/http-vuln-cve2014-2127.nse b/scripts/http-vuln-cve2014-2127.nse index 135e9180a..1754d6e41 100644 --- a/scripts/http-vuln-cve2014-2127.nse +++ b/scripts/http-vuln-cve2014-2127.nse @@ -10,6 +10,10 @@ Privilege Escalation Vulnerability (CVE-2014-2127). ]] --- +-- @see http-vuln-cve2014-2126.nse +-- @see http-vuln-cve2014-2128.nse +-- @see http-vuln-cve2014-2129.nse +-- -- @usage -- nmap -p 443 --script http-vuln-cve2014-2127 -- diff --git a/scripts/http-vuln-cve2014-2128.nse b/scripts/http-vuln-cve2014-2128.nse index ca9d27017..ee7811e75 100644 --- a/scripts/http-vuln-cve2014-2128.nse +++ b/scripts/http-vuln-cve2014-2128.nse @@ -10,8 +10,12 @@ Authentication Bypass Vulnerability (CVE-2014-2128). ]] --- +-- @see http-vuln-cve2014-2126.nse +-- @see http-vuln-cve2014-2127.nse +-- @see http-vuln-cve2014-2129.nse +-- -- @usage --- nmap -p 443 --script http-vuln-cve2014-2127 +-- nmap -p 443 --script http-vuln-cve2014-2128 -- -- @output -- PORT STATE SERVICE diff --git a/scripts/http-vuln-cve2014-2129.nse b/scripts/http-vuln-cve2014-2129.nse index bc65a3002..1246c81cf 100644 --- a/scripts/http-vuln-cve2014-2129.nse +++ b/scripts/http-vuln-cve2014-2129.nse @@ -10,8 +10,12 @@ Denial of Service Vulnerability (CVE-2014-2129). ]] --- +-- @see http-vuln-cve2014-2126.nse +-- @see http-vuln-cve2014-2127.nse +-- @see http-vuln-cve2014-2128.nse +-- -- @usage --- nmap -p 443 --script http-vuln-cve2014-2127 +-- nmap -p 443 --script http-vuln-cve2014-2129 -- -- @output -- PORT STATE SERVICE diff --git a/scripts/http-vuln-cve2014-3704.nse b/scripts/http-vuln-cve2014-3704.nse index 4a5f99f23..d7990877e 100644 --- a/scripts/http-vuln-cve2014-3704.nse +++ b/scripts/http-vuln-cve2014-3704.nse @@ -31,6 +31,8 @@ Exploitation technique used to achieve RCE on the target is based on exploit/mul ]] --- +-- @see http-sql-injection.nse +-- -- @usage -- nmap --script http-vuln-cve2014-3704 --script-args http-vuln-cve2014-3704.cmd="uname -a",http-vuln-cve2014-3704.uri="/drupal" -- nmap --script http-vuln-cve2014-3704 --script-args http-vuln-cve2014-3704.uri="/drupal",http-vuln-cve2014-3704.cleanup=false diff --git a/scripts/http-vuln-misfortune-cookie.nse b/scripts/http-vuln-misfortune-cookie.nse index 258c0eab0..4ee0bd743 100644 --- a/scripts/http-vuln-misfortune-cookie.nse +++ b/scripts/http-vuln-misfortune-cookie.nse @@ -5,6 +5,8 @@ license = "Same as Nmap--See https://nmap.org/book/man-legal.html" categories = {"vuln", "intrusive"} --- +-- @see http-vuln-cve2013-6786.nse +-- -- @usage -- nmap -p 7547 --script=http-vuln-misfortune-cookie -- diff --git a/scripts/http-wordpress-enum.nse b/scripts/http-wordpress-enum.nse index 9aa446a33..35d7a2a77 100644 --- a/scripts/http-wordpress-enum.nse +++ b/scripts/http-wordpress-enum.nse @@ -28,6 +28,8 @@ TODO: ]] --- +-- @see http-vuln-cve2014-8877.nse +-- -- @usage nmap -sV --script http-wordpress-enum -- @usage nmap --script http-wordpress-enum --script-args check-latest=true,search-limit=10 -- @usage nmap --script http-wordpress-enum --script-args type="themes" diff --git a/scripts/ms-sql-brute.nse b/scripts/ms-sql-brute.nse index afe9d1b72..86f2a5304 100644 --- a/scripts/ms-sql-brute.nse +++ b/scripts/ms-sql-brute.nse @@ -37,6 +37,8 @@ be disabled using the mssql.scanned-ports-only script argument. ]] --- +-- @see ms-sql-empty-password.nse +-- -- @usage -- nmap -p 445 --script ms-sql-brute --script-args mssql.instance-all,userdb=customuser.txt,passdb=custompass.txt -- nmap -p 1433 --script ms-sql-brute --script-args userdb=customuser.txt,passdb=custompass.txt diff --git a/scripts/ms-sql-empty-password.nse b/scripts/ms-sql-empty-password.nse index 43fd2104e..d35e3f7c8 100644 --- a/scripts/ms-sql-empty-password.nse +++ b/scripts/ms-sql-empty-password.nse @@ -37,6 +37,8 @@ be disabled using the mssql.scanned-ports-only script argument. ]] --- +-- @see ms-sql-brute.nse +-- -- @usage -- nmap -p 445 --script ms-sql-empty-password --script-args mssql.instance-all -- nmap -p 1433 --script ms-sql-empty-password diff --git a/scripts/mysql-brute.nse b/scripts/mysql-brute.nse index 9f3bbbe70..07bced879 100644 --- a/scripts/mysql-brute.nse +++ b/scripts/mysql-brute.nse @@ -12,6 +12,8 @@ Performs password guessing against MySQL. ]] --- +-- @see mysql-empty-password.nse +-- -- @usage -- nmap --script=mysql-brute -- diff --git a/scripts/mysql-empty-password.nse b/scripts/mysql-empty-password.nse index d45b97393..33b7bb8e7 100644 --- a/scripts/mysql-empty-password.nse +++ b/scripts/mysql-empty-password.nse @@ -11,6 +11,8 @@ Checks for MySQL servers with an empty password for root or ]] --- +-- @see mysql-brute.nse +-- -- @output -- 3306/tcp open mysql -- | mysql-empty-password: diff --git a/scripts/netbus-auth-bypass.nse b/scripts/netbus-auth-bypass.nse index 22dcbff4e..d5bc0eeda 100644 --- a/scripts/netbus-auth-bypass.nse +++ b/scripts/netbus-auth-bypass.nse @@ -13,6 +13,7 @@ and login to the service by typing Password;1; into the console. ]] --- +-- @see netbus-brute.nse -- @usage -- nmap -p 12345 --script netbus-auth-bypass -- diff --git a/scripts/netbus-brute.nse b/scripts/netbus-brute.nse index 4738b403b..50464ad9a 100644 --- a/scripts/netbus-brute.nse +++ b/scripts/netbus-brute.nse @@ -9,6 +9,7 @@ Performs brute force password auditing against the Netbus backdoor ("remote admi ]] --- +-- @see netbus-auth-bypass.nse -- @usage -- nmap -p 12345 --script netbus-brute -- diff --git a/scripts/oracle-brute-stealth.nse b/scripts/oracle-brute-stealth.nse index 7b47ab7a2..d05d1d7c3 100644 --- a/scripts/oracle-brute-stealth.nse +++ b/scripts/oracle-brute-stealth.nse @@ -23,6 +23,8 @@ password. ]] --- +-- @see oracle-brute.nse +-- -- @usage -- nmap --script oracle-brute-stealth -p 1521 --script-args oracle-brute-stealth.sid=ORCL -- diff --git a/scripts/oracle-brute.nse b/scripts/oracle-brute.nse index 0632d59b6..df8c4edc1 100644 --- a/scripts/oracle-brute.nse +++ b/scripts/oracle-brute.nse @@ -30,6 +30,8 @@ result in a large number of accounts being locked out on the database server. ]] --- +-- @see oracle-brute-stealth.nse +-- -- @usage -- nmap --script oracle-brute -p 1521 --script-args oracle-brute.sid=ORCL -- diff --git a/scripts/realvnc-auth-bypass.nse b/scripts/realvnc-auth-bypass.nse index e6fec14e7..735e8f333 100644 --- a/scripts/realvnc-auth-bypass.nse +++ b/scripts/realvnc-auth-bypass.nse @@ -9,6 +9,8 @@ author = "Brandon Enright" license = "Same as Nmap--See https://nmap.org/book/man-legal.html" --- +-- @see vnc-brute.nse +-- -- @output -- PORT STATE SERVICE VERSION -- 5900/tcp open vnc VNC (protocol 3.8) diff --git a/scripts/vnc-brute.nse b/scripts/vnc-brute.nse index 859cbf0ec..3178b8385 100644 --- a/scripts/vnc-brute.nse +++ b/scripts/vnc-brute.nse @@ -9,6 +9,8 @@ Performs brute force password auditing against VNC servers. ]] --- +-- @see realvnc-auth-bypass.nse +-- -- @usage -- nmap --script vnc-brute -p 5900 --