NSEdoc fixes and cross-references

scripts/ftp-anon.nse

@@ -13,6 +13,8 @@ and highlights writeable files.
 ]]
 
 ---
+-- @see ftp-brute.nse
+--
 -- @args ftp-anon.maxlist The maximum number of files to return in the
 -- directory listing. By default it is 20, or unlimited if verbosity is
 -- enabled. Use a negative number to disable the limit, or

scripts/ftp-brute.nse

@@ -9,11 +9,11 @@ description = [[
 Performs brute force password auditing against FTP servers.
 
 Based on old ftp-brute.nse script by Diman Todorov, Vlatko Kosturjak and Ron Bowes.
-
-06.08.16 - Modified by Sergey Khegay to support new brute.lua adaptability mechanism.
 ]]
 
 ---
+-- @see ftp-anon.nse
+--
 -- @usage
 -- nmap --script ftp-brute -p 21 <host>
 --
@@ -33,6 +33,7 @@ Based on old ftp-brute.nse script by Diman Todorov, Vlatko Kosturjak and Ron Bow
 --       Lowering this value may result in a higher throughput for servers
 --       having a delayed response on incorrect login attempts. (default: 5s)
 
+-- 06.08.16 - Modified by Sergey Khegay to support new brute.lua adaptability mechanism.
 author = "Aleksandar Nikolic"
 license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
 categories = {"intrusive", "brute"}

scripts/http-adobe-coldfusion-apsa1301.nse

@@ -7,6 +7,10 @@ Reference:
 ]]
 
 ---
+-- @see http-coldfusion-subzero.nse
+-- @see http-vuln-cve2009-3960.nse
+-- @see http-vuln-cve2010-2861.nse
+--
 -- @usage nmap -sV --script http-adobe-coldfusion-apsa1301 <target>
 -- @usage nmap -p80 --script http-adobe-coldfusion-apsa1301 --script-args basepath=/cf/adminapi/ <target>
 --

scripts/http-aspnet-debug.nse

@@ -13,10 +13,10 @@ application debugging configuration.
 ]]
 
 ---
--- @usage nmap --script http-debug <target>
--- @usage nmap --script http-debug --script-args http-aspnet-debug.path=/path <target>
+-- @usage nmap --script http-aspnet-debug <target>
+-- @usage nmap --script http-aspnet-debug --script-args http-aspnet-debug.path=/path <target>
 --
--- @args http-debug.path Path to URI. Default: /
+-- @args http-aspnet-debug.path Path to URI. Default: /
 --
 -- @output
 -- 80/tcp open  http    syn-ack

scripts/http-coldfusion-subzero.nse

@@ -7,6 +7,10 @@ This was based on the exploit 'ColdSub-Zero.pyFusion v2'.
 ]]
 
 ---
+-- @see http-adobe-coldfusion-apsa1301.nse
+-- @see http-vuln-cve2009-3960.nse
+-- @see http-vuln-cve2010-2861.nse
+--
 -- @usage nmap -sV --script http-coldfusion-subzero <target>
 -- @usage nmap -p80 --script http-coldfusion-subzero --script-args basepath=/cf/ <target>
 --

scripts/http-cross-domain-policy.nse

@@ -14,7 +14,7 @@ attacks and may allow attackers to access sensitive data. This script is useful
 configurations and possible domain names available for purchase to exploit the application.
 
 The script queries instantdomainsearch.com to lookup the domains. This functionality is
-turned off by default, to enable it set the script argument http-crossdomainxml.domain-lookup.
+turned off by default, to enable it set the script argument http-cross-domain-policy.domain-lookup.
 
 References:
 * http://sethsec.blogspot.com/2014/03/exploiting-misconfigured-crossdomainxml.html
@@ -26,13 +26,13 @@ References:
 ]]
 
 ---
--- @usage nmap --script http-crossdomainxml <target>
--- @usage nmap -p 80 --script http-crossdomainxml --script-args http.domain-lookup=true <target>
+-- @usage nmap --script http-cross-domain-policy <target>
+-- @usage nmap -p 80 --script http-cross-domain-policy --script-args http-cross-domain-policy.domain-lookup=true <target>
 --
 -- @output
 -- PORT   STATE SERVICE REASON
 -- 8080/tcp open  http-proxy syn-ack
--- | http-crossdomainxml-slaxml:
+-- | http-cross-domain-policy:
 -- |   VULNERABLE:
 -- |   Cross-domain policy file (crossdomain.xml)
 -- |     State: VULNERABLE
@@ -75,7 +75,7 @@ References:
 -- |_      https://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
 --
 --
--- @args http-crossdomainxml.domain-lookup Boolean to check domain availability. Default:false
+-- @args http-cross-domain-policy.domain-lookup Boolean to check domain availability. Default:false
 --
 -- @xmloutput
 -- <elem key="title">Cross-domain and Client Access policies.</elem>

scripts/http-drupal-enum-users.nse

@@ -17,6 +17,8 @@ For more information,see:
 ]]
 
 ---
+-- @see http-vuln-cve2014-3704.nse
+--
 -- @usage
 -- nmap --script=http-drupal-enum-users --script-args http-drupal-enum-users.root="/path/" <targets>
 --

scripts/http-drupal-enum.nse

@@ -25,6 +25,8 @@ If you want to update your themes or module list refer to the link below.
 ]]
 
 ---
+-- @see http-vuln-cve2014-3704.nse
+--
 -- @args http-drupal-enum.root The base path. Defaults to <code>/</code>.
 -- @args http-drupal-enum.number Number of modules to check.
 -- Use this option with a number or "all" as an argument to test for all modules.

scripts/http-sql-injection.nse

@@ -29,6 +29,8 @@ license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
 categories = {"intrusive", "vuln"}
 
 ---
+-- @see http-vuln-cve2014-3704
+--
 -- @args http-sql-injection.maxpagecount the maximum amount of pages to visit.
 --       A negative value disables the limit (default: 20)
 -- @args http-sql-injection.url the url to start spidering. This is a URL

scripts/http-vuln-cve2009-3960.nse

@@ -20,6 +20,10 @@ For more information see:
 ]]
 
 ---
+-- @see http-adobe-coldfusion-apsa1301.nse
+-- @see http-coldfusion-subzero.nse
+-- @see http-vuln-cve2010-2861.nse
+--
 -- @args http-vuln-cve2009-3960.root Points to the root path. Defaults to "/"
 -- @args http-vuln-cve2009-3960.readfile target file to be read. Defaults to "/etc/passwd"
 --

scripts/http-vuln-cve2010-2861.nse

@@ -17,6 +17,10 @@ the password hash.
 ]]
 
 ---
+-- @see http-adobe-coldfusion-apsa1301.nse
+-- @see http-coldfusion-subzero.nse
+-- @see http-vuln-cve2009-3960.nse
+--
 -- @usage
 -- nmap --script http-vuln-cve2010-2861 <host>
 --

scripts/http-vuln-cve2011-3192.nse

@@ -14,6 +14,9 @@ References:
 ]]
 
 ---
+-- @see http-slowloris-check.nse
+-- @see http-slowloris.nse
+--
 -- @usage
 -- nmap --script http-vuln-cve2011-3192.nse [--script-args http-vuln-cve2011-3192.hostname=nmap.scanme.org] -pT:80,443 <host>
 --

scripts/http-vuln-cve2013-6786.nse

@@ -7,13 +7,15 @@ other software may be vulnerable in the same way.
 ]]
 
 ---
--- @usage nmap -p80 --script http-rompager-xss <target>
--- @usage nmap -sV http-rompager-xss <target>
+-- @see http-vuln-misfortune-cookie.nse
+--
+-- @usage nmap -p80 --script http-vuln-cve2013-6786 <target>
+-- @usage nmap -sV http-vuln-cve2013-6786 <target>
 --
 -- @output
 -- PORT   STATE SERVICE
 -- 80/tcp open  http
--- | http-rompager-xss:
+-- | http-vuln-cve2013-6786:
 -- |   VULNERABLE:
 -- |   URL redirection and reflected XSS vulnerability in Allegro RomPager Web server
 -- |     State: VULNERABLE (Exploitable)

scripts/http-vuln-cve2014-2126.nse

@@ -10,6 +10,10 @@ Privilege Escalation Vulnerability (CVE-2014-2126).
 ]]
 
 ---
+-- @see http-vuln-cve2014-2127.nse
+-- @see http-vuln-cve2014-2128.nse
+-- @see http-vuln-cve2014-2129.nse
+--
 -- @usage
 -- nmap -p 443 --script http-vuln-cve2014-2126 <target>
 --

scripts/http-vuln-cve2014-2127.nse

@@ -10,6 +10,10 @@ Privilege Escalation Vulnerability (CVE-2014-2127).
 ]]
 
 ---
+-- @see http-vuln-cve2014-2126.nse
+-- @see http-vuln-cve2014-2128.nse
+-- @see http-vuln-cve2014-2129.nse
+--
 -- @usage
 -- nmap -p 443 --script http-vuln-cve2014-2127 <target>
 --

scripts/http-vuln-cve2014-2128.nse

@@ -10,8 +10,12 @@ Authentication Bypass Vulnerability (CVE-2014-2128).
 ]]
 
 ---
+-- @see http-vuln-cve2014-2126.nse
+-- @see http-vuln-cve2014-2127.nse
+-- @see http-vuln-cve2014-2129.nse
+--
 -- @usage
--- nmap -p 443 --script http-vuln-cve2014-2127 <target>
+-- nmap -p 443 --script http-vuln-cve2014-2128 <target>
 --
 -- @output
 -- PORT    STATE SERVICE

scripts/http-vuln-cve2014-2129.nse

@@ -10,8 +10,12 @@ Denial of Service Vulnerability (CVE-2014-2129).
 ]]
 
 ---
+-- @see http-vuln-cve2014-2126.nse
+-- @see http-vuln-cve2014-2127.nse
+-- @see http-vuln-cve2014-2128.nse
+--
 -- @usage
--- nmap -p 443 --script http-vuln-cve2014-2127 <target>
+-- nmap -p 443 --script http-vuln-cve2014-2129 <target>
 --
 -- @output
 -- PORT    STATE SERVICE

scripts/http-vuln-cve2014-3704.nse

@@ -31,6 +31,8 @@ Exploitation technique used to achieve RCE on the target is based on exploit/mul
 ]]
 
 ---
+-- @see http-sql-injection.nse
+--
 -- @usage
 -- nmap --script http-vuln-cve2014-3704 --script-args http-vuln-cve2014-3704.cmd="uname -a",http-vuln-cve2014-3704.uri="/drupal" <target>
 -- nmap --script http-vuln-cve2014-3704 --script-args http-vuln-cve2014-3704.uri="/drupal",http-vuln-cve2014-3704.cleanup=false <target>

scripts/http-vuln-misfortune-cookie.nse

@@ -5,6 +5,8 @@ license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
 categories = {"vuln", "intrusive"}
 
 ---
+-- @see http-vuln-cve2013-6786.nse
+--
 -- @usage
 -- nmap <target> -p 7547 --script=http-vuln-misfortune-cookie
 --

scripts/http-wordpress-enum.nse

@@ -28,6 +28,8 @@ TODO:
 ]]
 
 ---
+-- @see http-vuln-cve2014-8877.nse
+--
 -- @usage nmap -sV --script http-wordpress-enum <target>
 -- @usage nmap --script http-wordpress-enum --script-args check-latest=true,search-limit=10 <target>
 -- @usage nmap --script http-wordpress-enum --script-args type="themes" <target>

scripts/ms-sql-brute.nse

@@ -37,6 +37,8 @@ be disabled using the <code>mssql.scanned-ports-only</code> script argument.
 ]]
 
 ---
+-- @see ms-sql-empty-password.nse
+--
 -- @usage
 -- nmap -p 445 --script ms-sql-brute --script-args mssql.instance-all,userdb=customuser.txt,passdb=custompass.txt <host>
 -- nmap -p 1433 --script ms-sql-brute --script-args userdb=customuser.txt,passdb=custompass.txt <host>

scripts/ms-sql-empty-password.nse

@@ -37,6 +37,8 @@ be disabled using the <code>mssql.scanned-ports-only</code> script argument.
 ]]
 
 ---
+-- @see ms-sql-brute.nse
+--
 -- @usage
 -- nmap -p 445 --script ms-sql-empty-password --script-args mssql.instance-all <host>
 -- nmap -p 1433 --script ms-sql-empty-password <host>

scripts/mysql-brute.nse

@@ -12,6 +12,8 @@ Performs password guessing against MySQL.
 ]]
 
 ---
+-- @see mysql-empty-password.nse
+--
 -- @usage
 -- nmap --script=mysql-brute <target>
 --

scripts/mysql-empty-password.nse

@@ -11,6 +11,8 @@ Checks for MySQL servers with an empty password for <code>root</code> or
 ]]
 
 ---
+-- @see mysql-brute.nse
+--
 -- @output
 -- 3306/tcp open  mysql
 -- | mysql-empty-password:

scripts/netbus-auth-bypass.nse

@@ -13,6 +13,7 @@ and login to the service by typing Password;1; into the console.
 ]]
 
 ---
+-- @see netbus-brute.nse
 -- @usage
 -- nmap -p 12345 --script netbus-auth-bypass <target>
 --

scripts/netbus-brute.nse

@@ -9,6 +9,7 @@ Performs brute force password auditing against the Netbus backdoor ("remote admi
 ]]
 
 ---
+-- @see netbus-auth-bypass.nse
 -- @usage
 -- nmap -p 12345 --script netbus-brute <target>
 --

scripts/oracle-brute-stealth.nse

@@ -23,6 +23,8 @@ password.
 ]]
 
 ---
+-- @see oracle-brute.nse
+--
 -- @usage
 -- nmap --script oracle-brute-stealth -p 1521 --script-args oracle-brute-stealth.sid=ORCL <host>
 --

scripts/oracle-brute.nse

@@ -30,6 +30,8 @@ result in a large number of accounts being locked out on the database server.
 ]]
 
 ---
+-- @see oracle-brute-stealth.nse
+--
 -- @usage
 -- nmap --script oracle-brute -p 1521 --script-args oracle-brute.sid=ORCL <host>
 --

scripts/realvnc-auth-bypass.nse

@@ -9,6 +9,8 @@ author = "Brandon Enright"
 license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
 
 ---
+-- @see vnc-brute.nse
+--
 -- @output
 -- PORT     STATE SERVICE VERSION
 -- 5900/tcp open  vnc     VNC (protocol 3.8)

scripts/vnc-brute.nse

@@ -9,6 +9,8 @@ Performs brute force password auditing against VNC servers.
 ]]
 
 ---
+-- @see realvnc-auth-bypass.nse
+--
 -- @usage
 -- nmap --script vnc-brute -p 5900 <host>
 --