PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-25 17:09:02 +00:00
Code Issues Projects Releases Wiki Activity

Adds new NSE library for DICOM and scripts dicom-ping and dicom-brute to discover and brute force DICOM servers

Browse Source
This commit is contained in:
paulino
2019-08-05 06:30:36 +00:00
parent f513575f5c
commit 4f5b659767
5 changed files with 433 additions and 341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
scripts/dicom-brute.nse Normal file
View File

@@ -0,0 +1,80 @@
description = [[
Attempts to brute force the Application Entity Title of a DICOM server (DICOM Service Provider).
Application Entity Titles (AET) are used to restrict responses only to clients knowing the title. Hence,
the called AET is used as a form of password.
]]
---
-- @usage nmap -p4242 --script dicom-brute <target>
-- @usage nmap -sV --script dicom-brute <target>
-- @usage nmap --script dicom-brute --script-args passdb=aets.txt <target>
--
-- @output
-- PORT STATE SERVICE REASON
-- 4242/tcp open vrml-multi-use syn-ack
-- | dicom-brute:
-- | Accounts:
-- | Called Application Entity Title:ORTHANC - Valid credentials
-- |_ Statistics: Performed 5 guesses in 1 seconds, average tps: 5.0
---
author = "Paulino Calderon <calderon()calderonpale.com>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"auth", "brute"}
local shortport = require "shortport"
local dicom = require "dicom"
local stdnse = require "stdnse"
local nmap = require "nmap"
local brute = require "brute"
local creds = require "creds"
portrule = shortport.port_or_service({104, 2345, 2761, 2762, 4242, 11112}, "dicom", "tcp", "open")
Driver = {
new = function(self, host, port)
local o = {}
setmetatable(o, self)
self.__index = self
o.host = host
o.port = port
o.passonly = true
return o
end,
connect = function(self)
return true
end,
disconnect = function(self)
end,
login = function(self, username, password)
stdnse.debug2("Trying with called AE title:%s", password)
local dcm_conn, err = dicom.associate(self.host, self.port, nil, password)
if dcm_conn then
return true, creds.Account:new("Called Application Entity Title", password, creds.State.VALID)
else
return false, brute.Error:new("Incorrect AET")
end
end,
check = function(self)
local dcm_conn, err = dicom.associate(self.host, self.port)
if dcm_conn then
return false, "DICOM SCU allows any AET"
end
return true
end
}
action = function(host, port)
local engine = brute.Engine:new(Driver, host, port)
engine:setMaxThreads(5)
engine.options.script_name = SCRIPT_NAME
engine.options:setOption("passonly", true)
local status, result = engine:start()
return result
end

70
scripts/dicom-ping.nse Normal file
View File

@@ -0,0 +1,70 @@
description = [[
Attempts to discover DICOM servers (DICOM Service Provider) through a partial C-ECHO request.
It also detects if the server allows any called Application Entity Title or not.
The script responds with the message "Called AET check enabled" when the association request
is rejected due configuration. This value can be bruteforced.
C-ECHO requests are commonly known as DICOM ping as they are used to test connectivity.
Normally, a 'DICOM ping' is formed as follows:
* Client -> A-ASSOCIATE request -> Server
* Server -> A-ASSOCIATE ACCEPT/REJECT -> Client
* Client -> C-ECHO request -> Server
* Server -> C-ECHO response -> Client
* Client -> A-RELEASE request -> Server
* Server -> A-RELEASE response -> Client
For this script we only send the A-ASSOCIATE request and look for the success code
in the response as it seems to be a reliable way of detecting DICOM servers.
]]
---
-- @usage nmap -p4242 --script dicom-ping <target>
-- @usage nmap -sV --script dicom-ping <target>
--
-- @output
-- PORT STATE SERVICE REASON
-- 4242/tcp open dicom syn-ack
-- | dicom-ping:
-- | dicom: DICOM Service Provider discovered!
-- |_ config: Called AET check enabled
--
-- @xmloutput
-- <script id="dicom-ping" output="&#xa; dicom: DICOM Service Provider discovered!&#xa;
-- config: Called AET check enabled"><elem key="dicom">DICOM Service Provider discovered!</elem>
-- <elem key="config">Called AET check enabled</elem>
-- </script>
---
author = "Paulino Calderon <calderon()calderonpale.com>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"discovery", "default", "safe", "auth"}
local shortport = require "shortport"
local dicom = require "dicom"
local stdnse = require "stdnse"
local nmap = require "nmap"
portrule = shortport.port_or_service({104, 2345, 2761, 2762, 4242, 11112}, "dicom", "tcp", "open")
action = function(host, port)
local output = stdnse.output_table()
local dcm_conn_status, err = dicom.associate(host, port)
if dcm_conn_status == false then
stdnse.debug1("Association failed:%s", err)
if err == "ASSOCIATE REJECT received" then
port.version.name = "dicom"
nmap.set_port_version(host, port)
output.dicom = "DICOM Service Provider discovered!"
output.config = "Called AET check enabled"
end
return output
end
port.version.name = "dicom"
nmap.set_port_version(host, port)
output.dicom = "DICOM Service Provider discovered!"
output.config = "Any AET is accepted (Insecure)"
return output
end

343
scripts/script.db
View File

@@ -1,6 +1,5 @@
Entry { filename = "acarsd-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "address-info.nse", categories = { "default", "safe", } }
Entry { filename = "afp-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "afp-ls.nse", categories = { "discovery", "safe", } }
Entry { filename = "afp-path-vuln.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "afp-serverinfo.nse", categories = { "default", "discovery", "safe", } }
@@ -19,10 +18,7 @@ Entry { filename = "backorifice-brute.nse", categories = { "brute", "intrusive",
Entry { filename = "backorifice-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "bacnet-info.nse", categories = { "discovery", "version", } }
Entry { filename = "banner.nse", categories = { "discovery", "safe", } }
Entry { filename = "bitcoin-getaddr.nse", categories = { "discovery", "safe", } }
Entry { filename = "bitcoin-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "bitcoinrpc-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "bittorrent-discovery.nse", categories = { "discovery", "safe", } }
Entry { filename = "bjnp-discover.nse", categories = { "discovery", "safe", } }
Entry { filename = "broadcast-ataoe-discover.nse", categories = { "broadcast", "safe", } }
Entry { filename = "broadcast-avahi-dos.nse", categories = { "broadcast", "dos", "intrusive", "vuln", } }
@@ -85,6 +81,8 @@ Entry { filename = "daytime.nse", categories = { "discovery", "safe", } }
Entry { filename = "db2-das-info.nse", categories = { "discovery", "safe", "version", } }
Entry { filename = "deluge-rpc-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "dhcp-discover.nse", categories = { "discovery", "safe", } }
Entry { filename = "dicom-brute.nse", categories = { "auth", "brute", } }
Entry { filename = "dicom-ping.nse", categories = { "auth", "default", "discovery", "safe", } }
Entry { filename = "dict-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "distcc-cve2004-2687.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "dns-blacklist.nse", categories = { "external", "safe", } }
@@ -95,7 +93,6 @@ Entry { filename = "dns-client-subnet-scan.nse", categories = { "discovery", "sa
Entry { filename = "dns-fuzz.nse", categories = { "fuzzer", "intrusive", } }
Entry { filename = "dns-ip6-arpa-scan.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "dns-nsec-enum.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "dns-nsec3-enum.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "dns-nsid.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "dns-random-srcport.nse", categories = { "external", "intrusive", } }
Entry { filename = "dns-random-txid.nse", categories = { "external", "intrusive", } }
@@ -112,7 +109,6 @@ Entry { filename = "domino-enum-users.nse", categories = { "auth", "intrusive",
Entry { filename = "dpap-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "drda-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "drda-info.nse", categories = { "discovery", "safe", "version", } }
Entry { filename = "duplicates.nse", categories = { "safe", } }
Entry { filename = "eap-info.nse", categories = { "broadcast", "safe", } }
Entry { filename = "enip-info.nse", categories = { "discovery", "version", } }
Entry { filename = "epmd-info.nse", categories = { "default", "discovery", "safe", } }
@@ -164,10 +160,8 @@ Entry { filename = "http-backup-finder.nse", categories = { "discovery", "safe",
Entry { filename = "http-barracuda-dir-traversal.nse", categories = { "auth", "exploit", "intrusive", } }
Entry { filename = "http-bigip-cookie.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "http-cakephp-version.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-chrono.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-cisco-anyconnect.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "http-coldfusion-subzero.nse", categories = { "exploit", } }
Entry { filename = "http-comments-displayer.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-config-backup.nse", categories = { "auth", "intrusive", } }
Entry { filename = "http-cookie-flags.nse", categories = { "default", "safe", "vuln", } }
@@ -185,7 +179,6 @@ Entry { filename = "http-drupal-enum.nse", categories = { "discovery", "intrusiv
Entry { filename = "http-enum.nse", categories = { "discovery", "intrusive", "vuln", } }
Entry { filename = "http-errors.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-exif-spider.nse", categories = { "intrusive", } }
Entry { filename = "http-favicon.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "http-feed.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-fetch.nse", categories = { "safe", } }
Entry { filename = "http-fileupload-exploiter.nse", categories = { "exploit", "intrusive", "vuln", } }
@@ -219,7 +212,6 @@ Entry { filename = "http-ntlm-info.nse", categories = { "default", "discovery",
Entry { filename = "http-open-proxy.nse", categories = { "default", "discovery", "external", "safe", } }
Entry { filename = "http-open-redirect.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-passwd.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-php-version.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-phpmyadmin-dir-traversal.nse", categories = { "exploit", "vuln", } }
Entry { filename = "http-phpself-xss.nse", categories = { "fuzzer", "intrusive", "vuln", } }
Entry { filename = "http-proxy-brute.nse", categories = { "brute", "external", "intrusive", } }
@@ -250,13 +242,11 @@ Entry { filename = "http-unsafe-output-escaping.nse", categories = { "discovery"
Entry { filename = "http-useragent-tester.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-userdir-enum.nse", categories = { "auth", "intrusive", } }
Entry { filename = "http-vhosts.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-virustotal.nse", categories = { "external", "malware", "safe", } }
Entry { filename = "http-vlcstreamer-ls.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-vmware-path-vuln.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2006-3392.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2009-3960.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2010-0738.nse", categories = { "auth", "safe", "vuln", } }
Entry { filename = "http-vuln-cve2010-2861.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2011-3192.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2011-3368.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2012-1823.nse", categories = { "exploit", "intrusive", "vuln", } }
@@ -267,332 +257,3 @@ Entry { filename = "http-vuln-cve2014-2126.nse", categories = { "safe", "vuln",
Entry { filename = "http-vuln-cve2014-2127.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2014-2128.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2014-2129.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2014-3704.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2014-8877.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2015-1427.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2015-1635.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2017-1001000.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2017-5638.nse", categories = { "vuln", } }
Entry { filename = "http-vuln-cve2017-5689.nse", categories = { "auth", "exploit", "vuln", } }
Entry { filename = "http-vuln-cve2017-8917.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-vuln-misfortune-cookie.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-vuln-wnr1000-creds.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-waf-detect.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-waf-fingerprint.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-webdav-scan.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "http-wordpress-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "http-wordpress-enum.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-wordpress-users.nse", categories = { "auth", "intrusive", "vuln", } }
Entry { filename = "http-xssed.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "https-redirect.nse", categories = { "version", } }
Entry { filename = "iax2-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "iax2-version.nse", categories = { "version", } }
Entry { filename = "icap-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "iec-identify.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "ike-version.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "imap-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "imap-capabilities.nse", categories = { "default", "safe", } }
Entry { filename = "imap-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "impress-remote-discover.nse", categories = { "brute", "intrusive", } }
Entry { filename = "informix-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "informix-query.nse", categories = { "auth", "intrusive", } }
Entry { filename = "informix-tables.nse", categories = { "auth", "intrusive", } }
Entry { filename = "ip-forwarding.nse", categories = { "discovery", "safe", } }
Entry { filename = "ip-geolocation-geoplugin.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "ip-geolocation-ipinfodb.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "ip-geolocation-map-bing.nse", categories = { "external", "safe", } }
Entry { filename = "ip-geolocation-map-google.nse", categories = { "external", "safe", } }
Entry { filename = "ip-geolocation-map-kml.nse", categories = { "safe", } }
Entry { filename = "ip-geolocation-maxmind.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "ip-https-discover.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ipidseq.nse", categories = { "discovery", "safe", } }
Entry { filename = "ipmi-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "ipmi-cipher-zero.nse", categories = { "safe", "vuln", } }
Entry { filename = "ipmi-version.nse", categories = { "discovery", "safe", } }
Entry { filename = "ipv6-multicast-mld-list.nse", categories = { "broadcast", "discovery", } }
Entry { filename = "ipv6-node-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ipv6-ra-flood.nse", categories = { "dos", "intrusive", } }
Entry { filename = "irc-botnet-channels.nse", categories = { "discovery", "safe", "vuln", } }
Entry { filename = "irc-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "irc-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "irc-sasl-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "irc-unrealircd-backdoor.nse", categories = { "exploit", "intrusive", "malware", "vuln", } }
Entry { filename = "iscsi-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "iscsi-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "isns-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "jdwp-exec.nse", categories = { "exploit", "intrusive", } }
Entry { filename = "jdwp-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "jdwp-inject.nse", categories = { "exploit", "intrusive", } }
Entry { filename = "jdwp-version.nse", categories = { "version", } }
Entry { filename = "knx-gateway-discover.nse", categories = { "broadcast", "discovery", "safe", } }
Entry { filename = "knx-gateway-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "krb5-enum-users.nse", categories = { "auth", "intrusive", } }
Entry { filename = "ldap-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "ldap-novell-getpass.nse", categories = { "discovery", "safe", } }
Entry { filename = "ldap-rootdse.nse", categories = { "discovery", "safe", } }
Entry { filename = "ldap-search.nse", categories = { "discovery", "safe", } }
Entry { filename = "lexmark-config.nse", categories = { "discovery", "safe", } }
Entry { filename = "llmnr-resolve.nse", categories = { "broadcast", "discovery", "safe", } }
Entry { filename = "lltd-discovery.nse", categories = { "broadcast", "discovery", "safe", } }
Entry { filename = "lu-enum.nse", categories = { "brute", "intrusive", } }
Entry { filename = "maxdb-info.nse", categories = { "default", "safe", "version", } }
Entry { filename = "mcafee-epo-agent.nse", categories = { "safe", "version", } }
Entry { filename = "membase-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "membase-http-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "memcached-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "metasploit-info.nse", categories = { "intrusive", "safe", } }
Entry { filename = "metasploit-msgrpc-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "metasploit-xmlrpc-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "mikrotik-routeros-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "mmouse-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "mmouse-exec.nse", categories = { "intrusive", } }
Entry { filename = "modbus-discover.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "mongodb-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "mongodb-databases.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "mongodb-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "mqtt-subscribe.nse", categories = { "discovery", "safe", "version", } }
Entry { filename = "mrinfo.nse", categories = { "broadcast", "discovery", "safe", } }
Entry { filename = "ms-sql-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "ms-sql-config.nse", categories = { "discovery", "safe", } }
Entry { filename = "ms-sql-dac.nse", categories = { "discovery", "safe", } }
Entry { filename = "ms-sql-dump-hashes.nse", categories = { "auth", "discovery", "safe", } }
Entry { filename = "ms-sql-empty-password.nse", categories = { "auth", "intrusive", } }
Entry { filename = "ms-sql-hasdbaccess.nse", categories = { "auth", "discovery", "safe", } }
Entry { filename = "ms-sql-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ms-sql-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ms-sql-query.nse", categories = { "discovery", "safe", } }
Entry { filename = "ms-sql-tables.nse", categories = { "discovery", "safe", } }
Entry { filename = "ms-sql-xp-cmdshell.nse", categories = { "intrusive", } }
Entry { filename = "msrpc-enum.nse", categories = { "discovery", "safe", } }
Entry { filename = "mtrace.nse", categories = { "broadcast", "discovery", "safe", } }
Entry { filename = "murmur-version.nse", categories = { "version", } }
Entry { filename = "mysql-audit.nse", categories = { "discovery", "safe", } }
Entry { filename = "mysql-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "mysql-databases.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "mysql-dump-hashes.nse", categories = { "auth", "discovery", "safe", } }
Entry { filename = "mysql-empty-password.nse", categories = { "auth", "intrusive", } }
Entry { filename = "mysql-enum.nse", categories = { "brute", "intrusive", } }
Entry { filename = "mysql-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "mysql-query.nse", categories = { "auth", "discovery", "safe", } }
Entry { filename = "mysql-users.nse", categories = { "auth", "intrusive", } }
Entry { filename = "mysql-variables.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "mysql-vuln-cve2012-2122.nse", categories = { "discovery", "intrusive", "vuln", } }
Entry { filename = "nat-pmp-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "nat-pmp-mapport.nse", categories = { "discovery", "safe", } }
Entry { filename = "nbd-info.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "nbstat.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ncp-enum-users.nse", categories = { "auth", "safe", } }
Entry { filename = "ncp-serverinfo.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ndmp-fs-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "ndmp-version.nse", categories = { "version", } }
Entry { filename = "nessus-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "nessus-xmlrpc-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "netbus-auth-bypass.nse", categories = { "auth", "safe", "vuln", } }
Entry { filename = "netbus-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "netbus-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "netbus-version.nse", categories = { "version", } }
Entry { filename = "nexpose-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "nfs-ls.nse", categories = { "discovery", "safe", } }
Entry { filename = "nfs-showmount.nse", categories = { "discovery", "safe", } }
Entry { filename = "nfs-statfs.nse", categories = { "discovery", "safe", } }
Entry { filename = "nje-node-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "nje-pass-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "nntp-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "nping-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "nrpe-enum.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "ntp-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ntp-monlist.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "omp2-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "omp2-enum-targets.nse", categories = { "discovery", "safe", } }
Entry { filename = "omron-info.nse", categories = { "discovery", "version", } }
Entry { filename = "openlookup-info.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "openvas-otp-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "openwebnet-discovery.nse", categories = { "discovery", "safe", } }
Entry { filename = "oracle-brute-stealth.nse", categories = { "brute", "intrusive", } }
Entry { filename = "oracle-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "oracle-enum-users.nse", categories = { "auth", "intrusive", } }
Entry { filename = "oracle-sid-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "oracle-tns-version.nse", categories = { "safe", "version", } }
Entry { filename = "ovs-agent-version.nse", categories = { "version", } }
Entry { filename = "p2p-conficker.nse", categories = { "default", "safe", } }
Entry { filename = "path-mtu.nse", categories = { "discovery", "safe", } }
Entry { filename = "pcanywhere-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "pcworx-info.nse", categories = { "discovery", } }
Entry { filename = "pgsql-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "pjl-ready-message.nse", categories = { "intrusive", } }
Entry { filename = "pop3-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "pop3-capabilities.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "pop3-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "pptp-version.nse", categories = { "version", } }
Entry { filename = "puppet-naivesigning.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "qconn-exec.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "qscan.nse", categories = { "discovery", "safe", } }
Entry { filename = "quake1-info.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "quake3-info.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "quake3-master-getservers.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "rdp-enum-encryption.nse", categories = { "discovery", "safe", } }
Entry { filename = "rdp-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "rdp-vuln-ms12-020.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "realvnc-auth-bypass.nse", categories = { "auth", "safe", "vuln", } }
Entry { filename = "redis-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "redis-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "resolveall.nse", categories = { "discovery", "safe", } }
Entry { filename = "reverse-index.nse", categories = { "safe", } }
Entry { filename = "rexec-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "rfc868-time.nse", categories = { "discovery", "safe", "version", } }
Entry { filename = "riak-http-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "rlogin-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "rmi-dumpregistry.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "rmi-vuln-classloader.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "rpc-grind.nse", categories = { "version", } }
Entry { filename = "rpcap-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "rpcap-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "rpcinfo.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "rsa-vuln-roca.nse", categories = { "safe", "vuln", } }
Entry { filename = "rsync-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "rsync-list-modules.nse", categories = { "discovery", "safe", } }
Entry { filename = "rtsp-methods.nse", categories = { "default", "safe", } }
Entry { filename = "rtsp-url-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "rusers.nse", categories = { "discovery", "safe", } }
Entry { filename = "s7-info.nse", categories = { "discovery", "version", } }
Entry { filename = "samba-vuln-cve-2012-1182.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "servicetags.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "shodan-api.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "sip-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "sip-call-spoof.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "sip-enum-users.nse", categories = { "auth", "intrusive", } }
Entry { filename = "sip-methods.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "skypev2-version.nse", categories = { "version", } }
Entry { filename = "smb-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "smb-double-pulsar-backdoor.nse", categories = { "malware", "safe", "vuln", } }
Entry { filename = "smb-enum-domains.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "smb-enum-groups.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "smb-enum-processes.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "smb-enum-services.nse", categories = { "discovery", "intrusive", "safe", } }
Entry { filename = "smb-enum-sessions.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "smb-enum-shares.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "smb-enum-users.nse", categories = { "auth", "intrusive", } }
Entry { filename = "smb-flood.nse", categories = { "dos", "intrusive", } }
Entry { filename = "smb-ls.nse", categories = { "discovery", "safe", } }
Entry { filename = "smb-mbenum.nse", categories = { "discovery", "safe", } }
Entry { filename = "smb-os-discovery.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "smb-print-text.nse", categories = { "intrusive", } }
Entry { filename = "smb-protocols.nse", categories = { "discovery", "safe", } }
Entry { filename = "smb-psexec.nse", categories = { "intrusive", } }
Entry { filename = "smb-security-mode.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "smb-server-stats.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "smb-system-info.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "smb-vuln-conficker.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
Entry { filename = "smb-vuln-cve-2017-7494.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "smb-vuln-cve2009-3103.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
Entry { filename = "smb-vuln-ms06-025.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
Entry { filename = "smb-vuln-ms07-029.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
Entry { filename = "smb-vuln-ms08-067.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
Entry { filename = "smb-vuln-ms10-054.nse", categories = { "dos", "intrusive", "vuln", } }
Entry { filename = "smb-vuln-ms10-061.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "smb-vuln-ms17-010.nse", categories = { "safe", "vuln", } }
Entry { filename = "smb-vuln-regsvc-dos.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
Entry { filename = "smb-vuln-webexec.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "smb-webexec-exploit.nse", categories = { "exploit", "intrusive", } }
Entry { filename = "smb2-capabilities.nse", categories = { "discovery", "safe", } }
Entry { filename = "smb2-security-mode.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "smb2-time.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "smb2-vuln-uptime.nse", categories = { "safe", "vuln", } }
Entry { filename = "smtp-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "smtp-commands.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "smtp-enum-users.nse", categories = { "auth", "external", "intrusive", } }
Entry { filename = "smtp-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "smtp-open-relay.nse", categories = { "discovery", "external", "intrusive", } }
Entry { filename = "smtp-strangeport.nse", categories = { "malware", "safe", } }
Entry { filename = "smtp-vuln-cve2010-4344.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "smtp-vuln-cve2011-1720.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "smtp-vuln-cve2011-1764.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "sniffer-detect.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "snmp-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "snmp-hh3c-logins.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-info.nse", categories = { "default", "safe", "version", } }
Entry { filename = "snmp-interfaces.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-ios-config.nse", categories = { "intrusive", } }
Entry { filename = "snmp-netstat.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-processes.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-sysdescr.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-win32-services.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-win32-shares.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-win32-software.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-win32-users.nse", categories = { "auth", "default", "safe", } }
Entry { filename = "socks-auth-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "socks-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "socks-open-proxy.nse", categories = { "default", "discovery", "external", "safe", } }
Entry { filename = "ssh-auth-methods.nse", categories = { "auth", "intrusive", } }
Entry { filename = "ssh-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "ssh-hostkey.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ssh-publickey-acceptance.nse", categories = { "auth", "intrusive", } }
Entry { filename = "ssh-run.nse", categories = { "intrusive", } }
Entry { filename = "ssh2-enum-algos.nse", categories = { "discovery", "safe", } }
Entry { filename = "sshv1.nse", categories = { "default", "safe", } }
Entry { filename = "ssl-ccs-injection.nse", categories = { "safe", "vuln", } }
Entry { filename = "ssl-cert-intaddr.nse", categories = { "discovery", "safe", "vuln", } }
Entry { filename = "ssl-cert.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ssl-date.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ssl-dh-params.nse", categories = { "safe", "vuln", } }
Entry { filename = "ssl-enum-ciphers.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "ssl-heartbleed.nse", categories = { "safe", "vuln", } }
Entry { filename = "ssl-known-key.nse", categories = { "default", "discovery", "safe", "vuln", } }
Entry { filename = "ssl-poodle.nse", categories = { "safe", "vuln", } }
Entry { filename = "sslv2-drown.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "sslv2.nse", categories = { "default", "safe", } }
Entry { filename = "sstp-discover.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "stun-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "stun-version.nse", categories = { "version", } }
Entry { filename = "stuxnet-detect.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "supermicro-ipmi-conf.nse", categories = { "exploit", "vuln", } }
Entry { filename = "svn-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "targets-asn.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "targets-ipv6-map4to6.nse", categories = { "discovery", } }
Entry { filename = "targets-ipv6-multicast-echo.nse", categories = { "broadcast", "discovery", } }
Entry { filename = "targets-ipv6-multicast-invalid-dst.nse", categories = { "broadcast", "discovery", } }
Entry { filename = "targets-ipv6-multicast-mld.nse", categories = { "broadcast", "discovery", } }
Entry { filename = "targets-ipv6-multicast-slaac.nse", categories = { "broadcast", "discovery", } }
Entry { filename = "targets-ipv6-wordlist.nse", categories = { "discovery", } }
Entry { filename = "targets-sniffer.nse", categories = { "broadcast", "discovery", "safe", } }
Entry { filename = "targets-traceroute.nse", categories = { "discovery", "safe", } }
Entry { filename = "targets-xml.nse", categories = { "safe", } }
Entry { filename = "teamspeak2-version.nse", categories = { "version", } }
Entry { filename = "telnet-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "telnet-encryption.nse", categories = { "discovery", "safe", } }
Entry { filename = "telnet-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "tftp-enum.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "tls-alpn.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "tls-nextprotoneg.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "tls-ticketbleed.nse", categories = { "safe", "vuln", } }
Entry { filename = "tn3270-screen.nse", categories = { "discovery", "safe", } }
Entry { filename = "tor-consensus-checker.nse", categories = { "external", "safe", } }
Entry { filename = "traceroute-geolocation.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "tso-brute.nse", categories = { "intrusive", } }
Entry { filename = "tso-enum.nse", categories = { "brute", "intrusive", } }
Entry { filename = "ubiquiti-discovery.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "unittest.nse", categories = { "safe", } }
Entry { filename = "unusual-port.nse", categories = { "safe", } }
Entry { filename = "upnp-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "url-snarf.nse", categories = { "safe", } }
Entry { filename = "ventrilo-info.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "versant-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "vmauthd-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "vmware-version.nse", categories = { "discovery", "safe", "version", } }
Entry { filename = "vnc-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "vnc-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "vnc-title.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "voldemort-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "vtam-enum.nse", categories = { "brute", "intrusive", } }
Entry { filename = "vulners.nse", categories = { "external", "safe", "vuln", } }
Entry { filename = "vuze-dht-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "wdb-version.nse", categories = { "default", "discovery", "safe", "version", "vuln", } }
Entry { filename = "weblogic-t3-info.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "whois-domain.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "whois-ip.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "wsdd-discover.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "x11-access.nse", categories = { "auth", "default", "safe", } }
Entry { filename = "xdmcp-discover.nse", categories = { "discovery", "safe", } }
Entry { filename = "xmlrpc-methods.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "xmpp-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "xmpp-info.nse", categories = { "default", "discovery", "safe", "version", } }