diff --git a/CHANGELOG b/CHANGELOG
index d90c92f57..785a3838e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,14 @@
#Nmap Changelog ($Id$); -*-text-*-
+o [NSE] New script, dicom-brute.nse, attempts to brute force the called
+ Application Entity Title of DICOM servers. [Paulino Calderon]
+
+o [NSE] New script, dicom-ping.nse, discovers DICOM servers and determines
+ if any Application Entity Title is allowed to connect. [Paulino Calderon]
+
+o [NSE] New library, dicom.lua, implements the DICOM protocol used for
+ storing and transfering medical images. [Paulino Calderon]
+
o [NSE][GH#1665] The HTTP library no longer crashes when code requests digest
authentication but the server does not provide the necessary authentication
header. [nnposter]
diff --git a/nselib/dicom.lua b/nselib/dicom.lua
new file mode 100644
index 000000000..898ba9a88
--- /dev/null
+++ b/nselib/dicom.lua
@@ -0,0 +1,272 @@
+--
+-- DICOM library
+--
+-- This library implements (partially) the DICOM protocol. This protocol is used to
+-- capture, store and distribute medical images.
+--
+-- From Wikipedia:
+-- The core application of the DICOM standard is to capture, store and distribute
+-- medical images. The standard also provides services related to imaging such as
+-- managing imaging procedure worklists, printing images on film or digital media
+-- like DVDs, reporting procedure status like completion of an imaging acquisition,
+-- confirming successful archiving of images, encrypting datasets, removing patient
+-- identifying information from datasets, organizing layouts of images for review,
+-- saving image manipulations and annotations, calibrating image displays, encoding
+-- ECGs, encoding CAD results, encoding structured measurement data, and storing
+-- acquisition protocols.
+--
+-- OPTIONS:
+-- *called_aet - If set it changes the called Application Entity Title
+-- used in the requests. Default: ANY-SCP
+-- *calling_aet - If set it changes the calling Application Entity Title
+-- used in the requests. Default: ECHOSCU
+--
+-- @args dicom.called_aet Called Application Entity Title. Default: ANY-SCP
+-- @args dicom.calling_aet Calling Application Entity Title. Default: ECHOSCU
+--
+-- @author Paulino Calderon
+-- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html
+---
+
+local nmap = require "nmap"
+local stdnse = require "stdnse"
+local string = require "string"
+local table = require "table"
+
+_ENV = stdnse.module("dicom", stdnse.seeall)
+
+local MIN_SIZE_ASSOC_REQ = 68
+local MAX_SIZE_PDU = 128000
+local MIN_HEADER_LEN = 6
+local PDU_NAMES = {}
+local PDU_CODES = {}
+
+PDU_CODES =
+{
+ ASSOCIATE_REQUEST = 0x01,
+ ASSOCIATE_ACCEPT = 0x02,
+ ASSOCIATE_REJECT = 0x03,
+ DATA = 0x04,
+ RELEASE_REQUEST = 0x05,
+ RELEASE_RESPONSE = 0x06,
+ ABORT = 0x07
+}
+
+for i, v in pairs(PDU_CODES) do
+ PDU_NAMES[v] = i
+end
+
+---
+-- start_connection(host, port) starts socket to DICOM service
+--
+-- @param host Host object
+-- @param port Port table
+-- @return (status, socket) If status is true, socket of DICOM object is set.
+-- If status is false, socket is the error message.
+---
+function start_connection(host, port)
+ local dcm = {}
+ local status, err
+ dcm['socket'] = nmap.new_socket()
+
+ status, err = dcm['socket']:connect(host, port, "tcp")
+
+ if(status == false) then
+ return false, "DICOM: Failed to connect to host: " .. err
+ end
+
+ return true, dcm
+end
+
+---
+-- send(dcm, data) Sends DICOM packet over established socket
+--
+-- @param dcm DICOM object
+-- @param data Data to send
+-- @return status True if data was sent correctly, otherwise false and error message is returned.
+---
+function send(dcm, data)
+ local status, err
+ stdnse.debug2("DICOM: Sending DICOM packet (%d)", #data)
+ if dcm['socket'] then
+ status, err = dcm['socket']:send(data)
+ if status == false then
+ return false, err
+ end
+ else
+ return false, "No socket found. Check your DICOM object"
+ end
+ return true
+end
+
+---
+-- receive(dcm) Reads DICOM packets over an established socket
+--
+-- @param dcm DICOM object
+-- @return (status, data) Returns data if status true, otherwise data is the error message.
+---
+function receive(dcm)
+ local status, data = dcm['socket']:receive()
+ if status == false then
+ return false, data
+ end
+ stdnse.debug1("DICOM: receive() read %d bytes", #data)
+ return true, data
+end
+
+---
+-- pdu_header_encode(pdu_type, length) encodes the DICOM PDU header
+--
+-- @param pdu_type PDU type as ann unsigned integer
+-- @param length Length of the DICOM message
+-- @return (status, dcm) If status is true, the DICOM object with the header set is returned.
+-- If status is false, dcm is the error message.
+---
+function pdu_header_encode(pdu_type, length)
+ -- Some simple sanity checks, we do not check ranges to allow users to create malformed packets.
+ if not(type(pdu_type)) == "number" then
+ return false, "PDU Type must be an unsigned integer. Range:0-7"
+ end
+ if not(type(length)) == "number" then
+ return false, "Length must be an unsigned integer."
+ end
+
+ local header = string.pack("B I4",
+ pdu_type, -- PDU Type ( 1 byte - unsigned integer in Big Endian )
+ 0, -- Reserved section ( 1 byte that should be set to 0x0 )
+ length) -- PDU Length ( 4 bytes - unsigned integer in Little Endian)
+ if #header < MIN_HEADER_LEN then
+ return false, "Header must be at least 6 bytes. Something went wrong."
+ end
+ return true, header
+end
+
+---
+-- associate(host, port) Attempts to associate to a DICOM Service Provider by sending an A-ASSOCIATE request.
+--
+-- @param host Host object
+-- @param port Port object
+-- @return (status, dcm) If status is true, the DICOM object is returned.
+-- If status is false, dcm is the error message.
+---
+
+function associate(host, port, calling_aet, called_aet)
+ local application_context = ""
+ local presentation_context = ""
+ local userinfo_context = ""
+
+ local status, dcm = start_connection(host, port)
+ if status == false then
+ return false, dcm
+ end
+
+ local application_context_name = "1.2.840.10008.3.1.1.1"
+ application_context = string.pack(">B B I2 c" .. #application_context_name,
+ 0x10,
+ 0x0,
+ #application_context_name,
+ application_context_name)
+
+ local abstract_syntax_name = "1.2.840.10008.1.1"
+ local transfer_syntax_name = "1.2.840.10008.1.2"
+ presentation_context = string.pack(">B B I2 B B B B B B I2 c" .. #abstract_syntax_name .. "B B I2 c".. #transfer_syntax_name,
+ 0x20, -- Presentation context type ( 1 byte )
+ 0x0, -- Reserved ( 1 byte )
+ 0x2e, -- Item Length ( 2 bytes )
+ 0x1, -- Presentation context id ( 1 byte )
+ 0x0,0x0,0x0, -- Reserved ( 3 bytes )
+ 0x30, -- Abstract Syntax Tree ( 1 byte )
+ 0x0, -- Reserved ( 1 byte )
+ 0x11, -- Item Length ( 2 bytes )
+ abstract_syntax_name,
+ 0x40, -- Transfer Syntax ( 1 byte )
+ 0x0, -- Reserved ( 1 byte )
+ 0x11, -- Item Length ( 2 bytes )
+ transfer_syntax_name)
+
+ local implementation_id = "1.2.276.0.7230010.3.0.3.6.2"
+ local implementation_version = "OFFIS_DCMTK_362"
+ userinfo_context = string.pack(">B B I2 B B I2 I4 B B I2 c" .. #implementation_id .. " B B I2 c".. #implementation_version,
+ 0x50, -- Type 0x50 (1 byte)
+ 0x0, -- Reserved ( 1 byte )
+ 0x3a, -- Length ( 2 bytes )
+ 0x51, -- Type 0x51 ( 1 byte)
+ 0x0, -- Reserved ( 1 byte)
+ 0x04, -- Length ( 2 bytes )
+ 0x4000, -- DATA ( 4 bytes )
+ 0x52, -- Type 0x52 (1 byte)
+ 0x0,
+ 0x1b,
+ implementation_id,
+ 0x55,
+ 0x0,
+ 0x0f,
+ implementation_version)
+
+ local called_ae_title = called_aet or stdnse.get_script_args("dicom.called_aet") or "ANY-SCP"
+ local calling_ae_title = calling_aet or stdnse.get_script_args("dicom.calling_aet") or "ECHOSCU"
+ if #called_ae_title > 16 or #calling_ae_title > 16 then
+ return false, "Calling/Called Application Entity Title must be less than 16 bytes"
+ end
+ called_ae_title = called_ae_title .. string.rep(" ", 16 - #called_ae_title)
+ calling_ae_title = calling_ae_title .. string.rep(" ", 16 - #calling_ae_title)
+
+ -- ASSOCIATE request
+ local assoc_request = string.pack(">I2 I2 c16 c16 c32 c" .. application_context:len() .. " c" .. presentation_context:len() .. " c" .. userinfo_context:len(),
+ 0x1, -- Protocol version ( 2 bytes )
+ 0x0, -- Reserved section ( 2 bytes that should be set to 0x0 )
+ called_ae_title, -- Called AE title ( 16 bytes)
+ calling_ae_title, -- Calling AE title ( 16 bytes)
+ 0x0, -- Reserved section ( 32 bytes set to 0x0 )
+ application_context,
+ presentation_context,
+ userinfo_context)
+
+ local status, header = pdu_header_encode(PDU_CODES["ASSOCIATE_REQUEST"], #assoc_request)
+
+ -- Something might be wrong with our header
+ if status == false then
+ return false, header
+ end
+
+ assoc_request = header .. assoc_request
+
+ stdnse.debug2("PDU len minus header:%d", #assoc_request-#header)
+ if #assoc_request < MIN_SIZE_ASSOC_REQ then
+ return false, string.format("ASSOCIATE request PDU must be at least %d bytes and we tried to send %d.", MIN_SIZE_ASSOC_REQ, #assoc_request)
+ end
+ status, err = send(dcm, assoc_request)
+ if status == false then
+ return false, string.format("Couldn't send ASSOCIATE request:%s", err)
+ end
+ status, err = receive(dcm)
+ if status == false then
+ return false, string.format("Couldn't read ASSOCIATE response:%s", err)
+ end
+
+ local resp_type, _, resp_length, resp_version = string.unpack(">B B I4 I2", err)
+ stdnse.debug1("PDU Type:%d Length:%d Protocol:%d", resp_type, resp_length, resp_version)
+ if resp_type == PDU_CODES["ASSOCIATE_ACCEPT"] then
+ stdnse.debug1("ASSOCIATE ACCEPT message found!")
+ return true, dcm
+ elseif resp_type == PDU_CODES["ASSOCIATE_REJECT"] then
+ stdnse.debug1("ASSOCIATE REJECT message found!")
+ return false, "ASSOCIATE REJECT received"
+ else
+ return false, "Received unknown response"
+ end
+end
+
+function send_pdata(dicom, data)
+ local status, header = pdu_header_encode(PDU_CODES["DATA"], #data)
+ if status == false then
+ return false, header
+ end
+ local err
+ status, err = send(dicom, header .. data)
+ if status == false then
+ return false, err
+ end
+end
+
+return _ENV
diff --git a/scripts/dicom-brute.nse b/scripts/dicom-brute.nse
new file mode 100644
index 000000000..a3d6b9bd2
--- /dev/null
+++ b/scripts/dicom-brute.nse
@@ -0,0 +1,80 @@
+description = [[
+Attempts to brute force the Application Entity Title of a DICOM server (DICOM Service Provider).
+
+Application Entity Titles (AET) are used to restrict responses only to clients knowing the title. Hence,
+ the called AET is used as a form of password.
+]]
+
+---
+-- @usage nmap -p4242 --script dicom-brute
+-- @usage nmap -sV --script dicom-brute
+-- @usage nmap --script dicom-brute --script-args passdb=aets.txt
+--
+-- @output
+-- PORT STATE SERVICE REASON
+-- 4242/tcp open vrml-multi-use syn-ack
+-- | dicom-brute:
+-- | Accounts:
+-- | Called Application Entity Title:ORTHANC - Valid credentials
+-- |_ Statistics: Performed 5 guesses in 1 seconds, average tps: 5.0
+---
+
+author = "Paulino Calderon "
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"auth", "brute"}
+
+local shortport = require "shortport"
+local dicom = require "dicom"
+local stdnse = require "stdnse"
+local nmap = require "nmap"
+local brute = require "brute"
+local creds = require "creds"
+
+portrule = shortport.port_or_service({104, 2345, 2761, 2762, 4242, 11112}, "dicom", "tcp", "open")
+
+Driver = {
+ new = function(self, host, port)
+ local o = {}
+ setmetatable(o, self)
+ self.__index = self
+ o.host = host
+ o.port = port
+ o.passonly = true
+ return o
+ end,
+
+ connect = function(self)
+ return true
+ end,
+
+ disconnect = function(self)
+ end,
+
+ login = function(self, username, password)
+ stdnse.debug2("Trying with called AE title:%s", password)
+ local dcm_conn, err = dicom.associate(self.host, self.port, nil, password)
+ if dcm_conn then
+ return true, creds.Account:new("Called Application Entity Title", password, creds.State.VALID)
+ else
+ return false, brute.Error:new("Incorrect AET")
+ end
+
+ end,
+ check = function(self)
+ local dcm_conn, err = dicom.associate(self.host, self.port)
+ if dcm_conn then
+ return false, "DICOM SCU allows any AET"
+ end
+ return true
+ end
+}
+
+action = function(host, port)
+ local engine = brute.Engine:new(Driver, host, port)
+ engine:setMaxThreads(5)
+ engine.options.script_name = SCRIPT_NAME
+ engine.options:setOption("passonly", true)
+ local status, result = engine:start()
+
+ return result
+end
diff --git a/scripts/dicom-ping.nse b/scripts/dicom-ping.nse
new file mode 100644
index 000000000..e322ebd87
--- /dev/null
+++ b/scripts/dicom-ping.nse
@@ -0,0 +1,70 @@
+description = [[
+Attempts to discover DICOM servers (DICOM Service Provider) through a partial C-ECHO request.
+ It also detects if the server allows any called Application Entity Title or not.
+
+The script responds with the message "Called AET check enabled" when the association request
+ is rejected due configuration. This value can be bruteforced.
+
+C-ECHO requests are commonly known as DICOM ping as they are used to test connectivity.
+Normally, a 'DICOM ping' is formed as follows:
+* Client -> A-ASSOCIATE request -> Server
+* Server -> A-ASSOCIATE ACCEPT/REJECT -> Client
+* Client -> C-ECHO request -> Server
+* Server -> C-ECHO response -> Client
+* Client -> A-RELEASE request -> Server
+* Server -> A-RELEASE response -> Client
+
+For this script we only send the A-ASSOCIATE request and look for the success code
+ in the response as it seems to be a reliable way of detecting DICOM servers.
+]]
+
+---
+-- @usage nmap -p4242 --script dicom-ping
+-- @usage nmap -sV --script dicom-ping
+--
+-- @output
+-- PORT STATE SERVICE REASON
+-- 4242/tcp open dicom syn-ack
+-- | dicom-ping:
+-- | dicom: DICOM Service Provider discovered!
+-- |_ config: Called AET check enabled
+--
+-- @xmloutput
+--
+---
+
+author = "Paulino Calderon "
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"discovery", "default", "safe", "auth"}
+
+local shortport = require "shortport"
+local dicom = require "dicom"
+local stdnse = require "stdnse"
+local nmap = require "nmap"
+
+portrule = shortport.port_or_service({104, 2345, 2761, 2762, 4242, 11112}, "dicom", "tcp", "open")
+
+action = function(host, port)
+ local output = stdnse.output_table()
+ local dcm_conn_status, err = dicom.associate(host, port)
+ if dcm_conn_status == false then
+ stdnse.debug1("Association failed:%s", err)
+ if err == "ASSOCIATE REJECT received" then
+ port.version.name = "dicom"
+ nmap.set_port_version(host, port)
+
+ output.dicom = "DICOM Service Provider discovered!"
+ output.config = "Called AET check enabled"
+ end
+ return output
+ end
+ port.version.name = "dicom"
+ nmap.set_port_version(host, port)
+
+ output.dicom = "DICOM Service Provider discovered!"
+ output.config = "Any AET is accepted (Insecure)"
+ return output
+end
diff --git a/scripts/script.db b/scripts/script.db
index 17399969f..210a854da 100644
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -1,6 +1,5 @@
Entry { filename = "acarsd-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "address-info.nse", categories = { "default", "safe", } }
-Entry { filename = "afp-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "afp-ls.nse", categories = { "discovery", "safe", } }
Entry { filename = "afp-path-vuln.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "afp-serverinfo.nse", categories = { "default", "discovery", "safe", } }
@@ -19,10 +18,7 @@ Entry { filename = "backorifice-brute.nse", categories = { "brute", "intrusive",
Entry { filename = "backorifice-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "bacnet-info.nse", categories = { "discovery", "version", } }
Entry { filename = "banner.nse", categories = { "discovery", "safe", } }
-Entry { filename = "bitcoin-getaddr.nse", categories = { "discovery", "safe", } }
-Entry { filename = "bitcoin-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "bitcoinrpc-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "bittorrent-discovery.nse", categories = { "discovery", "safe", } }
Entry { filename = "bjnp-discover.nse", categories = { "discovery", "safe", } }
Entry { filename = "broadcast-ataoe-discover.nse", categories = { "broadcast", "safe", } }
Entry { filename = "broadcast-avahi-dos.nse", categories = { "broadcast", "dos", "intrusive", "vuln", } }
@@ -85,6 +81,8 @@ Entry { filename = "daytime.nse", categories = { "discovery", "safe", } }
Entry { filename = "db2-das-info.nse", categories = { "discovery", "safe", "version", } }
Entry { filename = "deluge-rpc-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "dhcp-discover.nse", categories = { "discovery", "safe", } }
+Entry { filename = "dicom-brute.nse", categories = { "auth", "brute", } }
+Entry { filename = "dicom-ping.nse", categories = { "auth", "default", "discovery", "safe", } }
Entry { filename = "dict-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "distcc-cve2004-2687.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "dns-blacklist.nse", categories = { "external", "safe", } }
@@ -95,7 +93,6 @@ Entry { filename = "dns-client-subnet-scan.nse", categories = { "discovery", "sa
Entry { filename = "dns-fuzz.nse", categories = { "fuzzer", "intrusive", } }
Entry { filename = "dns-ip6-arpa-scan.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "dns-nsec-enum.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "dns-nsec3-enum.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "dns-nsid.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "dns-random-srcport.nse", categories = { "external", "intrusive", } }
Entry { filename = "dns-random-txid.nse", categories = { "external", "intrusive", } }
@@ -112,7 +109,6 @@ Entry { filename = "domino-enum-users.nse", categories = { "auth", "intrusive",
Entry { filename = "dpap-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "drda-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "drda-info.nse", categories = { "discovery", "safe", "version", } }
-Entry { filename = "duplicates.nse", categories = { "safe", } }
Entry { filename = "eap-info.nse", categories = { "broadcast", "safe", } }
Entry { filename = "enip-info.nse", categories = { "discovery", "version", } }
Entry { filename = "epmd-info.nse", categories = { "default", "discovery", "safe", } }
@@ -164,10 +160,8 @@ Entry { filename = "http-backup-finder.nse", categories = { "discovery", "safe",
Entry { filename = "http-barracuda-dir-traversal.nse", categories = { "auth", "exploit", "intrusive", } }
Entry { filename = "http-bigip-cookie.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "http-cakephp-version.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-chrono.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-cisco-anyconnect.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "http-coldfusion-subzero.nse", categories = { "exploit", } }
Entry { filename = "http-comments-displayer.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-config-backup.nse", categories = { "auth", "intrusive", } }
Entry { filename = "http-cookie-flags.nse", categories = { "default", "safe", "vuln", } }
@@ -185,7 +179,6 @@ Entry { filename = "http-drupal-enum.nse", categories = { "discovery", "intrusiv
Entry { filename = "http-enum.nse", categories = { "discovery", "intrusive", "vuln", } }
Entry { filename = "http-errors.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-exif-spider.nse", categories = { "intrusive", } }
-Entry { filename = "http-favicon.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "http-feed.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-fetch.nse", categories = { "safe", } }
Entry { filename = "http-fileupload-exploiter.nse", categories = { "exploit", "intrusive", "vuln", } }
@@ -219,7 +212,6 @@ Entry { filename = "http-ntlm-info.nse", categories = { "default", "discovery",
Entry { filename = "http-open-proxy.nse", categories = { "default", "discovery", "external", "safe", } }
Entry { filename = "http-open-redirect.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-passwd.nse", categories = { "intrusive", "vuln", } }
-Entry { filename = "http-php-version.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-phpmyadmin-dir-traversal.nse", categories = { "exploit", "vuln", } }
Entry { filename = "http-phpself-xss.nse", categories = { "fuzzer", "intrusive", "vuln", } }
Entry { filename = "http-proxy-brute.nse", categories = { "brute", "external", "intrusive", } }
@@ -250,13 +242,11 @@ Entry { filename = "http-unsafe-output-escaping.nse", categories = { "discovery"
Entry { filename = "http-useragent-tester.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-userdir-enum.nse", categories = { "auth", "intrusive", } }
Entry { filename = "http-vhosts.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "http-virustotal.nse", categories = { "external", "malware", "safe", } }
Entry { filename = "http-vlcstreamer-ls.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-vmware-path-vuln.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2006-3392.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2009-3960.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2010-0738.nse", categories = { "auth", "safe", "vuln", } }
-Entry { filename = "http-vuln-cve2010-2861.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2011-3192.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2011-3368.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2012-1823.nse", categories = { "exploit", "intrusive", "vuln", } }
@@ -267,332 +257,3 @@ Entry { filename = "http-vuln-cve2014-2126.nse", categories = { "safe", "vuln",
Entry { filename = "http-vuln-cve2014-2127.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2014-2128.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2014-2129.nse", categories = { "safe", "vuln", } }
-Entry { filename = "http-vuln-cve2014-3704.nse", categories = { "exploit", "intrusive", "vuln", } }
-Entry { filename = "http-vuln-cve2014-8877.nse", categories = { "exploit", "intrusive", "vuln", } }
-Entry { filename = "http-vuln-cve2015-1427.nse", categories = { "intrusive", "vuln", } }
-Entry { filename = "http-vuln-cve2015-1635.nse", categories = { "safe", "vuln", } }
-Entry { filename = "http-vuln-cve2017-1001000.nse", categories = { "safe", "vuln", } }
-Entry { filename = "http-vuln-cve2017-5638.nse", categories = { "vuln", } }
-Entry { filename = "http-vuln-cve2017-5689.nse", categories = { "auth", "exploit", "vuln", } }
-Entry { filename = "http-vuln-cve2017-8917.nse", categories = { "intrusive", "vuln", } }
-Entry { filename = "http-vuln-misfortune-cookie.nse", categories = { "intrusive", "vuln", } }
-Entry { filename = "http-vuln-wnr1000-creds.nse", categories = { "exploit", "intrusive", "vuln", } }
-Entry { filename = "http-waf-detect.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "http-waf-fingerprint.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "http-webdav-scan.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "http-wordpress-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "http-wordpress-enum.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "http-wordpress-users.nse", categories = { "auth", "intrusive", "vuln", } }
-Entry { filename = "http-xssed.nse", categories = { "discovery", "external", "safe", } }
-Entry { filename = "https-redirect.nse", categories = { "version", } }
-Entry { filename = "iax2-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "iax2-version.nse", categories = { "version", } }
-Entry { filename = "icap-info.nse", categories = { "discovery", "safe", } }
-Entry { filename = "iec-identify.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "ike-version.nse", categories = { "default", "discovery", "safe", "version", } }
-Entry { filename = "imap-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "imap-capabilities.nse", categories = { "default", "safe", } }
-Entry { filename = "imap-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "impress-remote-discover.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "informix-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "informix-query.nse", categories = { "auth", "intrusive", } }
-Entry { filename = "informix-tables.nse", categories = { "auth", "intrusive", } }
-Entry { filename = "ip-forwarding.nse", categories = { "discovery", "safe", } }
-Entry { filename = "ip-geolocation-geoplugin.nse", categories = { "discovery", "external", "safe", } }
-Entry { filename = "ip-geolocation-ipinfodb.nse", categories = { "discovery", "external", "safe", } }
-Entry { filename = "ip-geolocation-map-bing.nse", categories = { "external", "safe", } }
-Entry { filename = "ip-geolocation-map-google.nse", categories = { "external", "safe", } }
-Entry { filename = "ip-geolocation-map-kml.nse", categories = { "safe", } }
-Entry { filename = "ip-geolocation-maxmind.nse", categories = { "discovery", "external", "safe", } }
-Entry { filename = "ip-https-discover.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "ipidseq.nse", categories = { "discovery", "safe", } }
-Entry { filename = "ipmi-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "ipmi-cipher-zero.nse", categories = { "safe", "vuln", } }
-Entry { filename = "ipmi-version.nse", categories = { "discovery", "safe", } }
-Entry { filename = "ipv6-multicast-mld-list.nse", categories = { "broadcast", "discovery", } }
-Entry { filename = "ipv6-node-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "ipv6-ra-flood.nse", categories = { "dos", "intrusive", } }
-Entry { filename = "irc-botnet-channels.nse", categories = { "discovery", "safe", "vuln", } }
-Entry { filename = "irc-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "irc-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "irc-sasl-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "irc-unrealircd-backdoor.nse", categories = { "exploit", "intrusive", "malware", "vuln", } }
-Entry { filename = "iscsi-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "iscsi-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "isns-info.nse", categories = { "discovery", "safe", } }
-Entry { filename = "jdwp-exec.nse", categories = { "exploit", "intrusive", } }
-Entry { filename = "jdwp-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "jdwp-inject.nse", categories = { "exploit", "intrusive", } }
-Entry { filename = "jdwp-version.nse", categories = { "version", } }
-Entry { filename = "knx-gateway-discover.nse", categories = { "broadcast", "discovery", "safe", } }
-Entry { filename = "knx-gateway-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "krb5-enum-users.nse", categories = { "auth", "intrusive", } }
-Entry { filename = "ldap-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "ldap-novell-getpass.nse", categories = { "discovery", "safe", } }
-Entry { filename = "ldap-rootdse.nse", categories = { "discovery", "safe", } }
-Entry { filename = "ldap-search.nse", categories = { "discovery", "safe", } }
-Entry { filename = "lexmark-config.nse", categories = { "discovery", "safe", } }
-Entry { filename = "llmnr-resolve.nse", categories = { "broadcast", "discovery", "safe", } }
-Entry { filename = "lltd-discovery.nse", categories = { "broadcast", "discovery", "safe", } }
-Entry { filename = "lu-enum.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "maxdb-info.nse", categories = { "default", "safe", "version", } }
-Entry { filename = "mcafee-epo-agent.nse", categories = { "safe", "version", } }
-Entry { filename = "membase-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "membase-http-info.nse", categories = { "discovery", "safe", } }
-Entry { filename = "memcached-info.nse", categories = { "discovery", "safe", } }
-Entry { filename = "metasploit-info.nse", categories = { "intrusive", "safe", } }
-Entry { filename = "metasploit-msgrpc-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "metasploit-xmlrpc-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "mikrotik-routeros-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "mmouse-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "mmouse-exec.nse", categories = { "intrusive", } }
-Entry { filename = "modbus-discover.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "mongodb-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "mongodb-databases.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "mongodb-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "mqtt-subscribe.nse", categories = { "discovery", "safe", "version", } }
-Entry { filename = "mrinfo.nse", categories = { "broadcast", "discovery", "safe", } }
-Entry { filename = "ms-sql-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "ms-sql-config.nse", categories = { "discovery", "safe", } }
-Entry { filename = "ms-sql-dac.nse", categories = { "discovery", "safe", } }
-Entry { filename = "ms-sql-dump-hashes.nse", categories = { "auth", "discovery", "safe", } }
-Entry { filename = "ms-sql-empty-password.nse", categories = { "auth", "intrusive", } }
-Entry { filename = "ms-sql-hasdbaccess.nse", categories = { "auth", "discovery", "safe", } }
-Entry { filename = "ms-sql-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "ms-sql-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "ms-sql-query.nse", categories = { "discovery", "safe", } }
-Entry { filename = "ms-sql-tables.nse", categories = { "discovery", "safe", } }
-Entry { filename = "ms-sql-xp-cmdshell.nse", categories = { "intrusive", } }
-Entry { filename = "msrpc-enum.nse", categories = { "discovery", "safe", } }
-Entry { filename = "mtrace.nse", categories = { "broadcast", "discovery", "safe", } }
-Entry { filename = "murmur-version.nse", categories = { "version", } }
-Entry { filename = "mysql-audit.nse", categories = { "discovery", "safe", } }
-Entry { filename = "mysql-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "mysql-databases.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "mysql-dump-hashes.nse", categories = { "auth", "discovery", "safe", } }
-Entry { filename = "mysql-empty-password.nse", categories = { "auth", "intrusive", } }
-Entry { filename = "mysql-enum.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "mysql-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "mysql-query.nse", categories = { "auth", "discovery", "safe", } }
-Entry { filename = "mysql-users.nse", categories = { "auth", "intrusive", } }
-Entry { filename = "mysql-variables.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "mysql-vuln-cve2012-2122.nse", categories = { "discovery", "intrusive", "vuln", } }
-Entry { filename = "nat-pmp-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "nat-pmp-mapport.nse", categories = { "discovery", "safe", } }
-Entry { filename = "nbd-info.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "nbstat.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "ncp-enum-users.nse", categories = { "auth", "safe", } }
-Entry { filename = "ncp-serverinfo.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "ndmp-fs-info.nse", categories = { "discovery", "safe", } }
-Entry { filename = "ndmp-version.nse", categories = { "version", } }
-Entry { filename = "nessus-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "nessus-xmlrpc-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "netbus-auth-bypass.nse", categories = { "auth", "safe", "vuln", } }
-Entry { filename = "netbus-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "netbus-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "netbus-version.nse", categories = { "version", } }
-Entry { filename = "nexpose-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "nfs-ls.nse", categories = { "discovery", "safe", } }
-Entry { filename = "nfs-showmount.nse", categories = { "discovery", "safe", } }
-Entry { filename = "nfs-statfs.nse", categories = { "discovery", "safe", } }
-Entry { filename = "nje-node-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "nje-pass-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "nntp-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "nping-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "nrpe-enum.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "ntp-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "ntp-monlist.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "omp2-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "omp2-enum-targets.nse", categories = { "discovery", "safe", } }
-Entry { filename = "omron-info.nse", categories = { "discovery", "version", } }
-Entry { filename = "openlookup-info.nse", categories = { "default", "discovery", "safe", "version", } }
-Entry { filename = "openvas-otp-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "openwebnet-discovery.nse", categories = { "discovery", "safe", } }
-Entry { filename = "oracle-brute-stealth.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "oracle-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "oracle-enum-users.nse", categories = { "auth", "intrusive", } }
-Entry { filename = "oracle-sid-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "oracle-tns-version.nse", categories = { "safe", "version", } }
-Entry { filename = "ovs-agent-version.nse", categories = { "version", } }
-Entry { filename = "p2p-conficker.nse", categories = { "default", "safe", } }
-Entry { filename = "path-mtu.nse", categories = { "discovery", "safe", } }
-Entry { filename = "pcanywhere-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "pcworx-info.nse", categories = { "discovery", } }
-Entry { filename = "pgsql-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "pjl-ready-message.nse", categories = { "intrusive", } }
-Entry { filename = "pop3-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "pop3-capabilities.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "pop3-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "pptp-version.nse", categories = { "version", } }
-Entry { filename = "puppet-naivesigning.nse", categories = { "intrusive", "vuln", } }
-Entry { filename = "qconn-exec.nse", categories = { "exploit", "intrusive", "vuln", } }
-Entry { filename = "qscan.nse", categories = { "discovery", "safe", } }
-Entry { filename = "quake1-info.nse", categories = { "default", "discovery", "safe", "version", } }
-Entry { filename = "quake3-info.nse", categories = { "default", "discovery", "safe", "version", } }
-Entry { filename = "quake3-master-getservers.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "rdp-enum-encryption.nse", categories = { "discovery", "safe", } }
-Entry { filename = "rdp-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "rdp-vuln-ms12-020.nse", categories = { "intrusive", "vuln", } }
-Entry { filename = "realvnc-auth-bypass.nse", categories = { "auth", "safe", "vuln", } }
-Entry { filename = "redis-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "redis-info.nse", categories = { "discovery", "safe", } }
-Entry { filename = "resolveall.nse", categories = { "discovery", "safe", } }
-Entry { filename = "reverse-index.nse", categories = { "safe", } }
-Entry { filename = "rexec-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "rfc868-time.nse", categories = { "discovery", "safe", "version", } }
-Entry { filename = "riak-http-info.nse", categories = { "discovery", "safe", } }
-Entry { filename = "rlogin-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "rmi-dumpregistry.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "rmi-vuln-classloader.nse", categories = { "intrusive", "vuln", } }
-Entry { filename = "rpc-grind.nse", categories = { "version", } }
-Entry { filename = "rpcap-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "rpcap-info.nse", categories = { "discovery", "safe", } }
-Entry { filename = "rpcinfo.nse", categories = { "default", "discovery", "safe", "version", } }
-Entry { filename = "rsa-vuln-roca.nse", categories = { "safe", "vuln", } }
-Entry { filename = "rsync-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "rsync-list-modules.nse", categories = { "discovery", "safe", } }
-Entry { filename = "rtsp-methods.nse", categories = { "default", "safe", } }
-Entry { filename = "rtsp-url-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "rusers.nse", categories = { "discovery", "safe", } }
-Entry { filename = "s7-info.nse", categories = { "discovery", "version", } }
-Entry { filename = "samba-vuln-cve-2012-1182.nse", categories = { "intrusive", "vuln", } }
-Entry { filename = "servicetags.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "shodan-api.nse", categories = { "discovery", "external", "safe", } }
-Entry { filename = "sip-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "sip-call-spoof.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "sip-enum-users.nse", categories = { "auth", "intrusive", } }
-Entry { filename = "sip-methods.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "skypev2-version.nse", categories = { "version", } }
-Entry { filename = "smb-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "smb-double-pulsar-backdoor.nse", categories = { "malware", "safe", "vuln", } }
-Entry { filename = "smb-enum-domains.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "smb-enum-groups.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "smb-enum-processes.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "smb-enum-services.nse", categories = { "discovery", "intrusive", "safe", } }
-Entry { filename = "smb-enum-sessions.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "smb-enum-shares.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "smb-enum-users.nse", categories = { "auth", "intrusive", } }
-Entry { filename = "smb-flood.nse", categories = { "dos", "intrusive", } }
-Entry { filename = "smb-ls.nse", categories = { "discovery", "safe", } }
-Entry { filename = "smb-mbenum.nse", categories = { "discovery", "safe", } }
-Entry { filename = "smb-os-discovery.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "smb-print-text.nse", categories = { "intrusive", } }
-Entry { filename = "smb-protocols.nse", categories = { "discovery", "safe", } }
-Entry { filename = "smb-psexec.nse", categories = { "intrusive", } }
-Entry { filename = "smb-security-mode.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "smb-server-stats.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "smb-system-info.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "smb-vuln-conficker.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
-Entry { filename = "smb-vuln-cve-2017-7494.nse", categories = { "intrusive", "vuln", } }
-Entry { filename = "smb-vuln-cve2009-3103.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
-Entry { filename = "smb-vuln-ms06-025.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
-Entry { filename = "smb-vuln-ms07-029.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
-Entry { filename = "smb-vuln-ms08-067.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
-Entry { filename = "smb-vuln-ms10-054.nse", categories = { "dos", "intrusive", "vuln", } }
-Entry { filename = "smb-vuln-ms10-061.nse", categories = { "intrusive", "vuln", } }
-Entry { filename = "smb-vuln-ms17-010.nse", categories = { "safe", "vuln", } }
-Entry { filename = "smb-vuln-regsvc-dos.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
-Entry { filename = "smb-vuln-webexec.nse", categories = { "intrusive", "vuln", } }
-Entry { filename = "smb-webexec-exploit.nse", categories = { "exploit", "intrusive", } }
-Entry { filename = "smb2-capabilities.nse", categories = { "discovery", "safe", } }
-Entry { filename = "smb2-security-mode.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "smb2-time.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "smb2-vuln-uptime.nse", categories = { "safe", "vuln", } }
-Entry { filename = "smtp-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "smtp-commands.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "smtp-enum-users.nse", categories = { "auth", "external", "intrusive", } }
-Entry { filename = "smtp-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "smtp-open-relay.nse", categories = { "discovery", "external", "intrusive", } }
-Entry { filename = "smtp-strangeport.nse", categories = { "malware", "safe", } }
-Entry { filename = "smtp-vuln-cve2010-4344.nse", categories = { "exploit", "intrusive", "vuln", } }
-Entry { filename = "smtp-vuln-cve2011-1720.nse", categories = { "intrusive", "vuln", } }
-Entry { filename = "smtp-vuln-cve2011-1764.nse", categories = { "intrusive", "vuln", } }
-Entry { filename = "sniffer-detect.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "snmp-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "snmp-hh3c-logins.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "snmp-info.nse", categories = { "default", "safe", "version", } }
-Entry { filename = "snmp-interfaces.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "snmp-ios-config.nse", categories = { "intrusive", } }
-Entry { filename = "snmp-netstat.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "snmp-processes.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "snmp-sysdescr.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "snmp-win32-services.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "snmp-win32-shares.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "snmp-win32-software.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "snmp-win32-users.nse", categories = { "auth", "default", "safe", } }
-Entry { filename = "socks-auth-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "socks-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "socks-open-proxy.nse", categories = { "default", "discovery", "external", "safe", } }
-Entry { filename = "ssh-auth-methods.nse", categories = { "auth", "intrusive", } }
-Entry { filename = "ssh-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "ssh-hostkey.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "ssh-publickey-acceptance.nse", categories = { "auth", "intrusive", } }
-Entry { filename = "ssh-run.nse", categories = { "intrusive", } }
-Entry { filename = "ssh2-enum-algos.nse", categories = { "discovery", "safe", } }
-Entry { filename = "sshv1.nse", categories = { "default", "safe", } }
-Entry { filename = "ssl-ccs-injection.nse", categories = { "safe", "vuln", } }
-Entry { filename = "ssl-cert-intaddr.nse", categories = { "discovery", "safe", "vuln", } }
-Entry { filename = "ssl-cert.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "ssl-date.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "ssl-dh-params.nse", categories = { "safe", "vuln", } }
-Entry { filename = "ssl-enum-ciphers.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "ssl-heartbleed.nse", categories = { "safe", "vuln", } }
-Entry { filename = "ssl-known-key.nse", categories = { "default", "discovery", "safe", "vuln", } }
-Entry { filename = "ssl-poodle.nse", categories = { "safe", "vuln", } }
-Entry { filename = "sslv2-drown.nse", categories = { "intrusive", "vuln", } }
-Entry { filename = "sslv2.nse", categories = { "default", "safe", } }
-Entry { filename = "sstp-discover.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "stun-info.nse", categories = { "discovery", "safe", } }
-Entry { filename = "stun-version.nse", categories = { "version", } }
-Entry { filename = "stuxnet-detect.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "supermicro-ipmi-conf.nse", categories = { "exploit", "vuln", } }
-Entry { filename = "svn-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "targets-asn.nse", categories = { "discovery", "external", "safe", } }
-Entry { filename = "targets-ipv6-map4to6.nse", categories = { "discovery", } }
-Entry { filename = "targets-ipv6-multicast-echo.nse", categories = { "broadcast", "discovery", } }
-Entry { filename = "targets-ipv6-multicast-invalid-dst.nse", categories = { "broadcast", "discovery", } }
-Entry { filename = "targets-ipv6-multicast-mld.nse", categories = { "broadcast", "discovery", } }
-Entry { filename = "targets-ipv6-multicast-slaac.nse", categories = { "broadcast", "discovery", } }
-Entry { filename = "targets-ipv6-wordlist.nse", categories = { "discovery", } }
-Entry { filename = "targets-sniffer.nse", categories = { "broadcast", "discovery", "safe", } }
-Entry { filename = "targets-traceroute.nse", categories = { "discovery", "safe", } }
-Entry { filename = "targets-xml.nse", categories = { "safe", } }
-Entry { filename = "teamspeak2-version.nse", categories = { "version", } }
-Entry { filename = "telnet-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "telnet-encryption.nse", categories = { "discovery", "safe", } }
-Entry { filename = "telnet-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "tftp-enum.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "tls-alpn.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "tls-nextprotoneg.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "tls-ticketbleed.nse", categories = { "safe", "vuln", } }
-Entry { filename = "tn3270-screen.nse", categories = { "discovery", "safe", } }
-Entry { filename = "tor-consensus-checker.nse", categories = { "external", "safe", } }
-Entry { filename = "traceroute-geolocation.nse", categories = { "discovery", "external", "safe", } }
-Entry { filename = "tso-brute.nse", categories = { "intrusive", } }
-Entry { filename = "tso-enum.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "ubiquiti-discovery.nse", categories = { "default", "discovery", "safe", "version", } }
-Entry { filename = "unittest.nse", categories = { "safe", } }
-Entry { filename = "unusual-port.nse", categories = { "safe", } }
-Entry { filename = "upnp-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "url-snarf.nse", categories = { "safe", } }
-Entry { filename = "ventrilo-info.nse", categories = { "default", "discovery", "safe", "version", } }
-Entry { filename = "versant-info.nse", categories = { "discovery", "safe", } }
-Entry { filename = "vmauthd-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "vmware-version.nse", categories = { "discovery", "safe", "version", } }
-Entry { filename = "vnc-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "vnc-info.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "vnc-title.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "voldemort-info.nse", categories = { "discovery", "safe", } }
-Entry { filename = "vtam-enum.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "vulners.nse", categories = { "external", "safe", "vuln", } }
-Entry { filename = "vuze-dht-info.nse", categories = { "discovery", "safe", } }
-Entry { filename = "wdb-version.nse", categories = { "default", "discovery", "safe", "version", "vuln", } }
-Entry { filename = "weblogic-t3-info.nse", categories = { "default", "discovery", "safe", "version", } }
-Entry { filename = "whois-domain.nse", categories = { "discovery", "external", "safe", } }
-Entry { filename = "whois-ip.nse", categories = { "discovery", "external", "safe", } }
-Entry { filename = "wsdd-discover.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "x11-access.nse", categories = { "auth", "default", "safe", } }
-Entry { filename = "xdmcp-discover.nse", categories = { "discovery", "safe", } }
-Entry { filename = "xmlrpc-methods.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "xmpp-brute.nse", categories = { "brute", "intrusive", } }
-Entry { filename = "xmpp-info.nse", categories = { "default", "discovery", "safe", "version", } }