PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 06:01:28 +00:00
Code Issues Projects Releases Wiki Activity

Adds new NSE library for DICOM and scripts dicom-ping and dicom-brute to discover and brute force DICOM servers

Browse Source
This commit is contained in:
paulino
2019-08-05 06:30:36 +00:00
parent f513575f5c
commit 4f5b659767
5 changed files with 433 additions and 341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGELOG
View File

@@ -1,5 +1,14 @@
#Nmap Changelog ($Id$); -*-text-*-
o [NSE] New script, dicom-brute.nse, attempts to brute force the called
Application Entity Title of DICOM servers. [Paulino Calderon]
o [NSE] New script, dicom-ping.nse, discovers DICOM servers and determines
if any Application Entity Title is allowed to connect. [Paulino Calderon]
o [NSE] New library, dicom.lua, implements the DICOM protocol used for
storing and transfering medical images. [Paulino Calderon]
o [NSE][GH#1665] The HTTP library no longer crashes when code requests digest
authentication but the server does not provide the necessary authentication
header. [nnposter]

272
nselib/dicom.lua Normal file
View File

@@ -0,0 +1,272 @@
--
-- DICOM library
--
-- This library implements (partially) the DICOM protocol. This protocol is used to
-- capture, store and distribute medical images.
--
-- From Wikipedia:
-- The core application of the DICOM standard is to capture, store and distribute
-- medical images. The standard also provides services related to imaging such as
-- managing imaging procedure worklists, printing images on film or digital media
-- like DVDs, reporting procedure status like completion of an imaging acquisition,
-- confirming successful archiving of images, encrypting datasets, removing patient
-- identifying information from datasets, organizing layouts of images for review,
-- saving image manipulations and annotations, calibrating image displays, encoding
-- ECGs, encoding CAD results, encoding structured measurement data, and storing
-- acquisition protocols.
--
-- OPTIONS:
-- *<code>called_aet</code> - If set it changes the called Application Entity Title
-- used in the requests. Default: ANY-SCP
-- *<code>calling_aet</code> - If set it changes the calling Application Entity Title
-- used in the requests. Default: ECHOSCU
--
-- @args dicom.called_aet Called Application Entity Title. Default: ANY-SCP
-- @args dicom.calling_aet Calling Application Entity Title. Default: ECHOSCU
--
-- @author Paulino Calderon <paulino@calderonpale.com>
-- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html
---
local nmap = require "nmap"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
_ENV = stdnse.module("dicom", stdnse.seeall)
local MIN_SIZE_ASSOC_REQ = 68
local MAX_SIZE_PDU = 128000
local MIN_HEADER_LEN = 6
local PDU_NAMES = {}
local PDU_CODES = {}
PDU_CODES =
{
ASSOCIATE_REQUEST = 0x01,
ASSOCIATE_ACCEPT = 0x02,
ASSOCIATE_REJECT = 0x03,
DATA = 0x04,
RELEASE_REQUEST = 0x05,
RELEASE_RESPONSE = 0x06,
ABORT = 0x07
}
for i, v in pairs(PDU_CODES) do
PDU_NAMES[v] = i
end
---
-- start_connection(host, port) starts socket to DICOM service
--
-- @param host Host object
-- @param port Port table
-- @return (status, socket) If status is true, socket of DICOM object is set.
-- If status is false, socket is the error message.
---
function start_connection(host, port)
local dcm = {}
local status, err
dcm['socket'] = nmap.new_socket()
status, err = dcm['socket']:connect(host, port, "tcp")
if(status == false) then
return false, "DICOM: Failed to connect to host: " .. err
end
return true, dcm
end
---
-- send(dcm, data) Sends DICOM packet over established socket
--
-- @param dcm DICOM object
-- @param data Data to send
-- @return status True if data was sent correctly, otherwise false and error message is returned.
---
function send(dcm, data)
local status, err
stdnse.debug2("DICOM: Sending DICOM packet (%d)", #data)
if dcm['socket'] then
status, err = dcm['socket']:send(data)
if status == false then
return false, err
end
else
return false, "No socket found. Check your DICOM object"
end
return true
end
---
-- receive(dcm) Reads DICOM packets over an established socket
--
-- @param dcm DICOM object
-- @return (status, data) Returns data if status true, otherwise data is the error message.
---
function receive(dcm)
local status, data = dcm['socket']:receive()
if status == false then
return false, data
end
stdnse.debug1("DICOM: receive() read %d bytes", #data)
return true, data
end
---
-- pdu_header_encode(pdu_type, length) encodes the DICOM PDU header
--
-- @param pdu_type PDU type as ann unsigned integer
-- @param length Length of the DICOM message
-- @return (status, dcm) If status is true, the DICOM object with the header set is returned.
-- If status is false, dcm is the error message.
---
function pdu_header_encode(pdu_type, length)
-- Some simple sanity checks, we do not check ranges to allow users to create malformed packets.
if not(type(pdu_type)) == "number" then
return false, "PDU Type must be an unsigned integer. Range:0-7"
end
if not(type(length)) == "number" then
return false, "Length must be an unsigned integer."
end
local header = string.pack("<B >B I4",
pdu_type, -- PDU Type ( 1 byte - unsigned integer in Big Endian )
0, -- Reserved section ( 1 byte that should be set to 0x0 )
length) -- PDU Length ( 4 bytes - unsigned integer in Little Endian)
if #header < MIN_HEADER_LEN then
return false, "Header must be at least 6 bytes. Something went wrong."
end
return true, header
end
---
-- associate(host, port) Attempts to associate to a DICOM Service Provider by sending an A-ASSOCIATE request.
--
-- @param host Host object
-- @param port Port object
-- @return (status, dcm) If status is true, the DICOM object is returned.
-- If status is false, dcm is the error message.
---
function associate(host, port, calling_aet, called_aet)
local application_context = ""
local presentation_context = ""
local userinfo_context = ""
local status, dcm = start_connection(host, port)
if status == false then
return false, dcm
end
local application_context_name = "1.2.840.10008.3.1.1.1"
application_context = string.pack(">B B I2 c" .. #application_context_name,
0x10,
0x0,
#application_context_name,
application_context_name)
local abstract_syntax_name = "1.2.840.10008.1.1"
local transfer_syntax_name = "1.2.840.10008.1.2"
presentation_context = string.pack(">B B I2 B B B B B B I2 c" .. #abstract_syntax_name .. "B B I2 c".. #transfer_syntax_name,
0x20, -- Presentation context type ( 1 byte )
0x0, -- Reserved ( 1 byte )
0x2e, -- Item Length ( 2 bytes )
0x1, -- Presentation context id ( 1 byte )
0x0,0x0,0x0, -- Reserved ( 3 bytes )
0x30, -- Abstract Syntax Tree ( 1 byte )
0x0, -- Reserved ( 1 byte )
0x11, -- Item Length ( 2 bytes )
abstract_syntax_name,
0x40, -- Transfer Syntax ( 1 byte )
0x0, -- Reserved ( 1 byte )
0x11, -- Item Length ( 2 bytes )
transfer_syntax_name)
local implementation_id = "1.2.276.0.7230010.3.0.3.6.2"
local implementation_version = "OFFIS_DCMTK_362"
userinfo_context = string.pack(">B B I2 B B I2 I4 B B I2 c" .. #implementation_id .. " B B I2 c".. #implementation_version,
0x50, -- Type 0x50 (1 byte)
0x0, -- Reserved ( 1 byte )
0x3a, -- Length ( 2 bytes )
0x51, -- Type 0x51 ( 1 byte)
0x0, -- Reserved ( 1 byte)
0x04, -- Length ( 2 bytes )
0x4000, -- DATA ( 4 bytes )
0x52, -- Type 0x52 (1 byte)
0x0,
0x1b,
implementation_id,
0x55,
0x0,
0x0f,
implementation_version)
local called_ae_title = called_aet or stdnse.get_script_args("dicom.called_aet") or "ANY-SCP"
local calling_ae_title = calling_aet or stdnse.get_script_args("dicom.calling_aet") or "ECHOSCU"
if #called_ae_title > 16 or #calling_ae_title > 16 then
return false, "Calling/Called Application Entity Title must be less than 16 bytes"
end
called_ae_title = called_ae_title .. string.rep(" ", 16 - #called_ae_title)
calling_ae_title = calling_ae_title .. string.rep(" ", 16 - #calling_ae_title)
-- ASSOCIATE request
local assoc_request = string.pack(">I2 I2 c16 c16 c32 c" .. application_context:len() .. " c" .. presentation_context:len() .. " c" .. userinfo_context:len(),
0x1, -- Protocol version ( 2 bytes )
0x0, -- Reserved section ( 2 bytes that should be set to 0x0 )
called_ae_title, -- Called AE title ( 16 bytes)
calling_ae_title, -- Calling AE title ( 16 bytes)
0x0, -- Reserved section ( 32 bytes set to 0x0 )
application_context,
presentation_context,
userinfo_context)
local status, header = pdu_header_encode(PDU_CODES["ASSOCIATE_REQUEST"], #assoc_request)
-- Something might be wrong with our header
if status == false then
return false, header
end
assoc_request = header .. assoc_request
stdnse.debug2("PDU len minus header:%d", #assoc_request-#header)
if #assoc_request < MIN_SIZE_ASSOC_REQ then
return false, string.format("ASSOCIATE request PDU must be at least %d bytes and we tried to send %d.", MIN_SIZE_ASSOC_REQ, #assoc_request)
end
status, err = send(dcm, assoc_request)
if status == false then
return false, string.format("Couldn't send ASSOCIATE request:%s", err)
end
status, err = receive(dcm)
if status == false then
return false, string.format("Couldn't read ASSOCIATE response:%s", err)
end
local resp_type, _, resp_length, resp_version = string.unpack(">B B I4 I2", err)
stdnse.debug1("PDU Type:%d Length:%d Protocol:%d", resp_type, resp_length, resp_version)
if resp_type == PDU_CODES["ASSOCIATE_ACCEPT"] then
stdnse.debug1("ASSOCIATE ACCEPT message found!")
return true, dcm
elseif resp_type == PDU_CODES["ASSOCIATE_REJECT"] then
stdnse.debug1("ASSOCIATE REJECT message found!")
return false, "ASSOCIATE REJECT received"
else
return false, "Received unknown response"
end
end
function send_pdata(dicom, data)
local status, header = pdu_header_encode(PDU_CODES["DATA"], #data)
if status == false then
return false, header
end
local err
status, err = send(dicom, header .. data)
if status == false then
return false, err
end
end
return _ENV

80
scripts/dicom-brute.nse Normal file
View File

@@ -0,0 +1,80 @@
description = [[
Attempts to brute force the Application Entity Title of a DICOM server (DICOM Service Provider).
Application Entity Titles (AET) are used to restrict responses only to clients knowing the title. Hence,
the called AET is used as a form of password.
]]
---
-- @usage nmap -p4242 --script dicom-brute <target>
-- @usage nmap -sV --script dicom-brute <target>
-- @usage nmap --script dicom-brute --script-args passdb=aets.txt <target>
--
-- @output
-- PORT STATE SERVICE REASON
-- 4242/tcp open vrml-multi-use syn-ack
-- | dicom-brute:
-- | Accounts:
-- | Called Application Entity Title:ORTHANC - Valid credentials
-- |_ Statistics: Performed 5 guesses in 1 seconds, average tps: 5.0
---
author = "Paulino Calderon <calderon()calderonpale.com>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"auth", "brute"}
local shortport = require "shortport"
local dicom = require "dicom"
local stdnse = require "stdnse"
local nmap = require "nmap"
local brute = require "brute"
local creds = require "creds"
portrule = shortport.port_or_service({104, 2345, 2761, 2762, 4242, 11112}, "dicom", "tcp", "open")
Driver = {
new = function(self, host, port)
local o = {}
setmetatable(o, self)
self.__index = self
o.host = host
o.port = port
o.passonly = true
return o
end,
connect = function(self)
return true
end,
disconnect = function(self)
end,
login = function(self, username, password)
stdnse.debug2("Trying with called AE title:%s", password)
local dcm_conn, err = dicom.associate(self.host, self.port, nil, password)
if dcm_conn then
return true, creds.Account:new("Called Application Entity Title", password, creds.State.VALID)
else
return false, brute.Error:new("Incorrect AET")
end
end,
check = function(self)
local dcm_conn, err = dicom.associate(self.host, self.port)
if dcm_conn then
return false, "DICOM SCU allows any AET"
end
return true
end
}
action = function(host, port)
local engine = brute.Engine:new(Driver, host, port)
engine:setMaxThreads(5)
engine.options.script_name = SCRIPT_NAME
engine.options:setOption("passonly", true)
local status, result = engine:start()
return result
end

70
scripts/dicom-ping.nse Normal file
View File

@@ -0,0 +1,70 @@
description = [[
Attempts to discover DICOM servers (DICOM Service Provider) through a partial C-ECHO request.
It also detects if the server allows any called Application Entity Title or not.
The script responds with the message "Called AET check enabled" when the association request
is rejected due configuration. This value can be bruteforced.
C-ECHO requests are commonly known as DICOM ping as they are used to test connectivity.
Normally, a 'DICOM ping' is formed as follows:
* Client -> A-ASSOCIATE request -> Server
* Server -> A-ASSOCIATE ACCEPT/REJECT -> Client
* Client -> C-ECHO request -> Server
* Server -> C-ECHO response -> Client
* Client -> A-RELEASE request -> Server
* Server -> A-RELEASE response -> Client
For this script we only send the A-ASSOCIATE request and look for the success code
in the response as it seems to be a reliable way of detecting DICOM servers.
]]
---
-- @usage nmap -p4242 --script dicom-ping <target>
-- @usage nmap -sV --script dicom-ping <target>
--
-- @output
-- PORT STATE SERVICE REASON
-- 4242/tcp open dicom syn-ack
-- | dicom-ping:
-- | dicom: DICOM Service Provider discovered!
-- |_ config: Called AET check enabled
--
-- @xmloutput
-- <script id="dicom-ping" output="&#xa; dicom: DICOM Service Provider discovered!&#xa;
-- config: Called AET check enabled"><elem key="dicom">DICOM Service Provider discovered!</elem>
-- <elem key="config">Called AET check enabled</elem>
-- </script>
---
author = "Paulino Calderon <calderon()calderonpale.com>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"discovery", "default", "safe", "auth"}
local shortport = require "shortport"
local dicom = require "dicom"
local stdnse = require "stdnse"
local nmap = require "nmap"
portrule = shortport.port_or_service({104, 2345, 2761, 2762, 4242, 11112}, "dicom", "tcp", "open")
action = function(host, port)
local output = stdnse.output_table()
local dcm_conn_status, err = dicom.associate(host, port)
if dcm_conn_status == false then
stdnse.debug1("Association failed:%s", err)
if err == "ASSOCIATE REJECT received" then
port.version.name = "dicom"
nmap.set_port_version(host, port)
output.dicom = "DICOM Service Provider discovered!"
output.config = "Called AET check enabled"
end
return output
end
port.version.name = "dicom"
nmap.set_port_version(host, port)
output.dicom = "DICOM Service Provider discovered!"
output.config = "Any AET is accepted (Insecure)"
return output
end

343
scripts/script.db
View File

@@ -1,6 +1,5 @@
Entry { filename = "acarsd-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "address-info.nse", categories = { "default", "safe", } }
Entry { filename = "afp-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "afp-ls.nse", categories = { "discovery", "safe", } }
Entry { filename = "afp-path-vuln.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "afp-serverinfo.nse", categories = { "default", "discovery", "safe", } }
@@ -19,10 +18,7 @@ Entry { filename = "backorifice-brute.nse", categories = { "brute", "intrusive",
Entry { filename = "backorifice-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "bacnet-info.nse", categories = { "discovery", "version", } }
Entry { filename = "banner.nse", categories = { "discovery", "safe", } }
Entry { filename = "bitcoin-getaddr.nse", categories = { "discovery", "safe", } }
Entry { filename = "bitcoin-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "bitcoinrpc-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "bittorrent-discovery.nse", categories = { "discovery", "safe", } }
Entry { filename = "bjnp-discover.nse", categories = { "discovery", "safe", } }
Entry { filename = "broadcast-ataoe-discover.nse", categories = { "broadcast", "safe", } }
Entry { filename = "broadcast-avahi-dos.nse", categories = { "broadcast", "dos", "intrusive", "vuln", } }
@@ -85,6 +81,8 @@ Entry { filename = "daytime.nse", categories = { "discovery", "safe", } }
Entry { filename = "db2-das-info.nse", categories = { "discovery", "safe", "version", } }
Entry { filename = "deluge-rpc-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "dhcp-discover.nse", categories = { "discovery", "safe", } }
Entry { filename = "dicom-brute.nse", categories = { "auth", "brute", } }
Entry { filename = "dicom-ping.nse", categories = { "auth", "default", "discovery", "safe", } }
Entry { filename = "dict-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "distcc-cve2004-2687.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "dns-blacklist.nse", categories = { "external", "safe", } }
@@ -95,7 +93,6 @@ Entry { filename = "dns-client-subnet-scan.nse", categories = { "discovery", "sa
Entry { filename = "dns-fuzz.nse", categories = { "fuzzer", "intrusive", } }
Entry { filename = "dns-ip6-arpa-scan.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "dns-nsec-enum.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "dns-nsec3-enum.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "dns-nsid.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "dns-random-srcport.nse", categories = { "external", "intrusive", } }
Entry { filename = "dns-random-txid.nse", categories = { "external", "intrusive", } }
@@ -112,7 +109,6 @@ Entry { filename = "domino-enum-users.nse", categories = { "auth", "intrusive",
Entry { filename = "dpap-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "drda-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "drda-info.nse", categories = { "discovery", "safe", "version", } }
Entry { filename = "duplicates.nse", categories = { "safe", } }
Entry { filename = "eap-info.nse", categories = { "broadcast", "safe", } }
Entry { filename = "enip-info.nse", categories = { "discovery", "version", } }
Entry { filename = "epmd-info.nse", categories = { "default", "discovery", "safe", } }
@@ -164,10 +160,8 @@ Entry { filename = "http-backup-finder.nse", categories = { "discovery", "safe",
Entry { filename = "http-barracuda-dir-traversal.nse", categories = { "auth", "exploit", "intrusive", } }
Entry { filename = "http-bigip-cookie.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "http-cakephp-version.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-chrono.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-cisco-anyconnect.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "http-coldfusion-subzero.nse", categories = { "exploit", } }
Entry { filename = "http-comments-displayer.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-config-backup.nse", categories = { "auth", "intrusive", } }
Entry { filename = "http-cookie-flags.nse", categories = { "default", "safe", "vuln", } }
@@ -185,7 +179,6 @@ Entry { filename = "http-drupal-enum.nse", categories = { "discovery", "intrusiv
Entry { filename = "http-enum.nse", categories = { "discovery", "intrusive", "vuln", } }
Entry { filename = "http-errors.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-exif-spider.nse", categories = { "intrusive", } }
Entry { filename = "http-favicon.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "http-feed.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-fetch.nse", categories = { "safe", } }
Entry { filename = "http-fileupload-exploiter.nse", categories = { "exploit", "intrusive", "vuln", } }
@@ -219,7 +212,6 @@ Entry { filename = "http-ntlm-info.nse", categories = { "default", "discovery",
Entry { filename = "http-open-proxy.nse", categories = { "default", "discovery", "external", "safe", } }
Entry { filename = "http-open-redirect.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-passwd.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-php-version.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-phpmyadmin-dir-traversal.nse", categories = { "exploit", "vuln", } }
Entry { filename = "http-phpself-xss.nse", categories = { "fuzzer", "intrusive", "vuln", } }
Entry { filename = "http-proxy-brute.nse", categories = { "brute", "external", "intrusive", } }
@@ -250,13 +242,11 @@ Entry { filename = "http-unsafe-output-escaping.nse", categories = { "discovery"
Entry { filename = "http-useragent-tester.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-userdir-enum.nse", categories = { "auth", "intrusive", } }
Entry { filename = "http-vhosts.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-virustotal.nse", categories = { "external", "malware", "safe", } }
Entry { filename = "http-vlcstreamer-ls.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-vmware-path-vuln.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2006-3392.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2009-3960.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2010-0738.nse", categories = { "auth", "safe", "vuln", } }
Entry { filename = "http-vuln-cve2010-2861.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2011-3192.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2011-3368.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2012-1823.nse", categories = { "exploit", "intrusive", "vuln", } }
@@ -267,332 +257,3 @@ Entry { filename = "http-vuln-cve2014-2126.nse", categories = { "safe", "vuln",
Entry { filename = "http-vuln-cve2014-2127.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2014-2128.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2014-2129.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2014-3704.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2014-8877.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2015-1427.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-vuln-cve2015-1635.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2017-1001000.nse", categories = { "safe", "vuln", } }
Entry { filename = "http-vuln-cve2017-5638.nse", categories = { "vuln", } }
Entry { filename = "http-vuln-cve2017-5689.nse", categories = { "auth", "exploit", "vuln", } }
Entry { filename = "http-vuln-cve2017-8917.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-vuln-misfortune-cookie.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "http-vuln-wnr1000-creds.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-waf-detect.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-waf-fingerprint.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-webdav-scan.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "http-wordpress-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "http-wordpress-enum.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "http-wordpress-users.nse", categories = { "auth", "intrusive", "vuln", } }
Entry { filename = "http-xssed.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "https-redirect.nse", categories = { "version", } }
Entry { filename = "iax2-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "iax2-version.nse", categories = { "version", } }
Entry { filename = "icap-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "iec-identify.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "ike-version.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "imap-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "imap-capabilities.nse", categories = { "default", "safe", } }
Entry { filename = "imap-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "impress-remote-discover.nse", categories = { "brute", "intrusive", } }
Entry { filename = "informix-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "informix-query.nse", categories = { "auth", "intrusive", } }
Entry { filename = "informix-tables.nse", categories = { "auth", "intrusive", } }
Entry { filename = "ip-forwarding.nse", categories = { "discovery", "safe", } }
Entry { filename = "ip-geolocation-geoplugin.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "ip-geolocation-ipinfodb.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "ip-geolocation-map-bing.nse", categories = { "external", "safe", } }
Entry { filename = "ip-geolocation-map-google.nse", categories = { "external", "safe", } }
Entry { filename = "ip-geolocation-map-kml.nse", categories = { "safe", } }
Entry { filename = "ip-geolocation-maxmind.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "ip-https-discover.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ipidseq.nse", categories = { "discovery", "safe", } }
Entry { filename = "ipmi-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "ipmi-cipher-zero.nse", categories = { "safe", "vuln", } }
Entry { filename = "ipmi-version.nse", categories = { "discovery", "safe", } }
Entry { filename = "ipv6-multicast-mld-list.nse", categories = { "broadcast", "discovery", } }
Entry { filename = "ipv6-node-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ipv6-ra-flood.nse", categories = { "dos", "intrusive", } }
Entry { filename = "irc-botnet-channels.nse", categories = { "discovery", "safe", "vuln", } }
Entry { filename = "irc-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "irc-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "irc-sasl-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "irc-unrealircd-backdoor.nse", categories = { "exploit", "intrusive", "malware", "vuln", } }
Entry { filename = "iscsi-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "iscsi-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "isns-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "jdwp-exec.nse", categories = { "exploit", "intrusive", } }
Entry { filename = "jdwp-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "jdwp-inject.nse", categories = { "exploit", "intrusive", } }
Entry { filename = "jdwp-version.nse", categories = { "version", } }
Entry { filename = "knx-gateway-discover.nse", categories = { "broadcast", "discovery", "safe", } }
Entry { filename = "knx-gateway-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "krb5-enum-users.nse", categories = { "auth", "intrusive", } }
Entry { filename = "ldap-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "ldap-novell-getpass.nse", categories = { "discovery", "safe", } }
Entry { filename = "ldap-rootdse.nse", categories = { "discovery", "safe", } }
Entry { filename = "ldap-search.nse", categories = { "discovery", "safe", } }
Entry { filename = "lexmark-config.nse", categories = { "discovery", "safe", } }
Entry { filename = "llmnr-resolve.nse", categories = { "broadcast", "discovery", "safe", } }
Entry { filename = "lltd-discovery.nse", categories = { "broadcast", "discovery", "safe", } }
Entry { filename = "lu-enum.nse", categories = { "brute", "intrusive", } }
Entry { filename = "maxdb-info.nse", categories = { "default", "safe", "version", } }
Entry { filename = "mcafee-epo-agent.nse", categories = { "safe", "version", } }
Entry { filename = "membase-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "membase-http-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "memcached-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "metasploit-info.nse", categories = { "intrusive", "safe", } }
Entry { filename = "metasploit-msgrpc-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "metasploit-xmlrpc-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "mikrotik-routeros-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "mmouse-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "mmouse-exec.nse", categories = { "intrusive", } }
Entry { filename = "modbus-discover.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "mongodb-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "mongodb-databases.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "mongodb-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "mqtt-subscribe.nse", categories = { "discovery", "safe", "version", } }
Entry { filename = "mrinfo.nse", categories = { "broadcast", "discovery", "safe", } }
Entry { filename = "ms-sql-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "ms-sql-config.nse", categories = { "discovery", "safe", } }
Entry { filename = "ms-sql-dac.nse", categories = { "discovery", "safe", } }
Entry { filename = "ms-sql-dump-hashes.nse", categories = { "auth", "discovery", "safe", } }
Entry { filename = "ms-sql-empty-password.nse", categories = { "auth", "intrusive", } }
Entry { filename = "ms-sql-hasdbaccess.nse", categories = { "auth", "discovery", "safe", } }
Entry { filename = "ms-sql-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ms-sql-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ms-sql-query.nse", categories = { "discovery", "safe", } }
Entry { filename = "ms-sql-tables.nse", categories = { "discovery", "safe", } }
Entry { filename = "ms-sql-xp-cmdshell.nse", categories = { "intrusive", } }
Entry { filename = "msrpc-enum.nse", categories = { "discovery", "safe", } }
Entry { filename = "mtrace.nse", categories = { "broadcast", "discovery", "safe", } }
Entry { filename = "murmur-version.nse", categories = { "version", } }
Entry { filename = "mysql-audit.nse", categories = { "discovery", "safe", } }
Entry { filename = "mysql-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "mysql-databases.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "mysql-dump-hashes.nse", categories = { "auth", "discovery", "safe", } }
Entry { filename = "mysql-empty-password.nse", categories = { "auth", "intrusive", } }
Entry { filename = "mysql-enum.nse", categories = { "brute", "intrusive", } }
Entry { filename = "mysql-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "mysql-query.nse", categories = { "auth", "discovery", "safe", } }
Entry { filename = "mysql-users.nse", categories = { "auth", "intrusive", } }
Entry { filename = "mysql-variables.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "mysql-vuln-cve2012-2122.nse", categories = { "discovery", "intrusive", "vuln", } }
Entry { filename = "nat-pmp-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "nat-pmp-mapport.nse", categories = { "discovery", "safe", } }
Entry { filename = "nbd-info.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "nbstat.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ncp-enum-users.nse", categories = { "auth", "safe", } }
Entry { filename = "ncp-serverinfo.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ndmp-fs-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "ndmp-version.nse", categories = { "version", } }
Entry { filename = "nessus-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "nessus-xmlrpc-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "netbus-auth-bypass.nse", categories = { "auth", "safe", "vuln", } }
Entry { filename = "netbus-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "netbus-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "netbus-version.nse", categories = { "version", } }
Entry { filename = "nexpose-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "nfs-ls.nse", categories = { "discovery", "safe", } }
Entry { filename = "nfs-showmount.nse", categories = { "discovery", "safe", } }
Entry { filename = "nfs-statfs.nse", categories = { "discovery", "safe", } }
Entry { filename = "nje-node-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "nje-pass-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "nntp-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "nping-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "nrpe-enum.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "ntp-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ntp-monlist.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "omp2-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "omp2-enum-targets.nse", categories = { "discovery", "safe", } }
Entry { filename = "omron-info.nse", categories = { "discovery", "version", } }
Entry { filename = "openlookup-info.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "openvas-otp-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "openwebnet-discovery.nse", categories = { "discovery", "safe", } }
Entry { filename = "oracle-brute-stealth.nse", categories = { "brute", "intrusive", } }
Entry { filename = "oracle-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "oracle-enum-users.nse", categories = { "auth", "intrusive", } }
Entry { filename = "oracle-sid-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "oracle-tns-version.nse", categories = { "safe", "version", } }
Entry { filename = "ovs-agent-version.nse", categories = { "version", } }
Entry { filename = "p2p-conficker.nse", categories = { "default", "safe", } }
Entry { filename = "path-mtu.nse", categories = { "discovery", "safe", } }
Entry { filename = "pcanywhere-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "pcworx-info.nse", categories = { "discovery", } }
Entry { filename = "pgsql-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "pjl-ready-message.nse", categories = { "intrusive", } }
Entry { filename = "pop3-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "pop3-capabilities.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "pop3-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "pptp-version.nse", categories = { "version", } }
Entry { filename = "puppet-naivesigning.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "qconn-exec.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "qscan.nse", categories = { "discovery", "safe", } }
Entry { filename = "quake1-info.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "quake3-info.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "quake3-master-getservers.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "rdp-enum-encryption.nse", categories = { "discovery", "safe", } }
Entry { filename = "rdp-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "rdp-vuln-ms12-020.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "realvnc-auth-bypass.nse", categories = { "auth", "safe", "vuln", } }
Entry { filename = "redis-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "redis-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "resolveall.nse", categories = { "discovery", "safe", } }
Entry { filename = "reverse-index.nse", categories = { "safe", } }
Entry { filename = "rexec-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "rfc868-time.nse", categories = { "discovery", "safe", "version", } }
Entry { filename = "riak-http-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "rlogin-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "rmi-dumpregistry.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "rmi-vuln-classloader.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "rpc-grind.nse", categories = { "version", } }
Entry { filename = "rpcap-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "rpcap-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "rpcinfo.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "rsa-vuln-roca.nse", categories = { "safe", "vuln", } }
Entry { filename = "rsync-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "rsync-list-modules.nse", categories = { "discovery", "safe", } }
Entry { filename = "rtsp-methods.nse", categories = { "default", "safe", } }
Entry { filename = "rtsp-url-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "rusers.nse", categories = { "discovery", "safe", } }
Entry { filename = "s7-info.nse", categories = { "discovery", "version", } }
Entry { filename = "samba-vuln-cve-2012-1182.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "servicetags.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "shodan-api.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "sip-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "sip-call-spoof.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "sip-enum-users.nse", categories = { "auth", "intrusive", } }
Entry { filename = "sip-methods.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "skypev2-version.nse", categories = { "version", } }
Entry { filename = "smb-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "smb-double-pulsar-backdoor.nse", categories = { "malware", "safe", "vuln", } }
Entry { filename = "smb-enum-domains.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "smb-enum-groups.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "smb-enum-processes.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "smb-enum-services.nse", categories = { "discovery", "intrusive", "safe", } }
Entry { filename = "smb-enum-sessions.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "smb-enum-shares.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "smb-enum-users.nse", categories = { "auth", "intrusive", } }
Entry { filename = "smb-flood.nse", categories = { "dos", "intrusive", } }
Entry { filename = "smb-ls.nse", categories = { "discovery", "safe", } }
Entry { filename = "smb-mbenum.nse", categories = { "discovery", "safe", } }
Entry { filename = "smb-os-discovery.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "smb-print-text.nse", categories = { "intrusive", } }
Entry { filename = "smb-protocols.nse", categories = { "discovery", "safe", } }
Entry { filename = "smb-psexec.nse", categories = { "intrusive", } }
Entry { filename = "smb-security-mode.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "smb-server-stats.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "smb-system-info.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "smb-vuln-conficker.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
Entry { filename = "smb-vuln-cve-2017-7494.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "smb-vuln-cve2009-3103.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
Entry { filename = "smb-vuln-ms06-025.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
Entry { filename = "smb-vuln-ms07-029.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
Entry { filename = "smb-vuln-ms08-067.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
Entry { filename = "smb-vuln-ms10-054.nse", categories = { "dos", "intrusive", "vuln", } }
Entry { filename = "smb-vuln-ms10-061.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "smb-vuln-ms17-010.nse", categories = { "safe", "vuln", } }
Entry { filename = "smb-vuln-regsvc-dos.nse", categories = { "dos", "exploit", "intrusive", "vuln", } }
Entry { filename = "smb-vuln-webexec.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "smb-webexec-exploit.nse", categories = { "exploit", "intrusive", } }
Entry { filename = "smb2-capabilities.nse", categories = { "discovery", "safe", } }
Entry { filename = "smb2-security-mode.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "smb2-time.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "smb2-vuln-uptime.nse", categories = { "safe", "vuln", } }
Entry { filename = "smtp-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "smtp-commands.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "smtp-enum-users.nse", categories = { "auth", "external", "intrusive", } }
Entry { filename = "smtp-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "smtp-open-relay.nse", categories = { "discovery", "external", "intrusive", } }
Entry { filename = "smtp-strangeport.nse", categories = { "malware", "safe", } }
Entry { filename = "smtp-vuln-cve2010-4344.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "smtp-vuln-cve2011-1720.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "smtp-vuln-cve2011-1764.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "sniffer-detect.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "snmp-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "snmp-hh3c-logins.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-info.nse", categories = { "default", "safe", "version", } }
Entry { filename = "snmp-interfaces.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-ios-config.nse", categories = { "intrusive", } }
Entry { filename = "snmp-netstat.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-processes.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-sysdescr.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-win32-services.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-win32-shares.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-win32-software.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "snmp-win32-users.nse", categories = { "auth", "default", "safe", } }
Entry { filename = "socks-auth-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "socks-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "socks-open-proxy.nse", categories = { "default", "discovery", "external", "safe", } }
Entry { filename = "ssh-auth-methods.nse", categories = { "auth", "intrusive", } }
Entry { filename = "ssh-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "ssh-hostkey.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ssh-publickey-acceptance.nse", categories = { "auth", "intrusive", } }
Entry { filename = "ssh-run.nse", categories = { "intrusive", } }
Entry { filename = "ssh2-enum-algos.nse", categories = { "discovery", "safe", } }
Entry { filename = "sshv1.nse", categories = { "default", "safe", } }
Entry { filename = "ssl-ccs-injection.nse", categories = { "safe", "vuln", } }
Entry { filename = "ssl-cert-intaddr.nse", categories = { "discovery", "safe", "vuln", } }
Entry { filename = "ssl-cert.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ssl-date.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "ssl-dh-params.nse", categories = { "safe", "vuln", } }
Entry { filename = "ssl-enum-ciphers.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "ssl-heartbleed.nse", categories = { "safe", "vuln", } }
Entry { filename = "ssl-known-key.nse", categories = { "default", "discovery", "safe", "vuln", } }
Entry { filename = "ssl-poodle.nse", categories = { "safe", "vuln", } }
Entry { filename = "sslv2-drown.nse", categories = { "intrusive", "vuln", } }
Entry { filename = "sslv2.nse", categories = { "default", "safe", } }
Entry { filename = "sstp-discover.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "stun-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "stun-version.nse", categories = { "version", } }
Entry { filename = "stuxnet-detect.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "supermicro-ipmi-conf.nse", categories = { "exploit", "vuln", } }
Entry { filename = "svn-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "targets-asn.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "targets-ipv6-map4to6.nse", categories = { "discovery", } }
Entry { filename = "targets-ipv6-multicast-echo.nse", categories = { "broadcast", "discovery", } }
Entry { filename = "targets-ipv6-multicast-invalid-dst.nse", categories = { "broadcast", "discovery", } }
Entry { filename = "targets-ipv6-multicast-mld.nse", categories = { "broadcast", "discovery", } }
Entry { filename = "targets-ipv6-multicast-slaac.nse", categories = { "broadcast", "discovery", } }
Entry { filename = "targets-ipv6-wordlist.nse", categories = { "discovery", } }
Entry { filename = "targets-sniffer.nse", categories = { "broadcast", "discovery", "safe", } }
Entry { filename = "targets-traceroute.nse", categories = { "discovery", "safe", } }
Entry { filename = "targets-xml.nse", categories = { "safe", } }
Entry { filename = "teamspeak2-version.nse", categories = { "version", } }
Entry { filename = "telnet-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "telnet-encryption.nse", categories = { "discovery", "safe", } }
Entry { filename = "telnet-ntlm-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "tftp-enum.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "tls-alpn.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "tls-nextprotoneg.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "tls-ticketbleed.nse", categories = { "safe", "vuln", } }
Entry { filename = "tn3270-screen.nse", categories = { "discovery", "safe", } }
Entry { filename = "tor-consensus-checker.nse", categories = { "external", "safe", } }
Entry { filename = "traceroute-geolocation.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "tso-brute.nse", categories = { "intrusive", } }
Entry { filename = "tso-enum.nse", categories = { "brute", "intrusive", } }
Entry { filename = "ubiquiti-discovery.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "unittest.nse", categories = { "safe", } }
Entry { filename = "unusual-port.nse", categories = { "safe", } }
Entry { filename = "upnp-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "url-snarf.nse", categories = { "safe", } }
Entry { filename = "ventrilo-info.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "versant-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "vmauthd-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "vmware-version.nse", categories = { "discovery", "safe", "version", } }
Entry { filename = "vnc-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "vnc-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "vnc-title.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "voldemort-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "vtam-enum.nse", categories = { "brute", "intrusive", } }
Entry { filename = "vulners.nse", categories = { "external", "safe", "vuln", } }
Entry { filename = "vuze-dht-info.nse", categories = { "discovery", "safe", } }
Entry { filename = "wdb-version.nse", categories = { "default", "discovery", "safe", "version", "vuln", } }
Entry { filename = "weblogic-t3-info.nse", categories = { "default", "discovery", "safe", "version", } }
Entry { filename = "whois-domain.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "whois-ip.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "wsdd-discover.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "x11-access.nse", categories = { "auth", "default", "safe", } }
Entry { filename = "xdmcp-discover.nse", categories = { "discovery", "safe", } }
Entry { filename = "xmlrpc-methods.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "xmpp-brute.nse", categories = { "brute", "intrusive", } }
Entry { filename = "xmpp-info.nse", categories = { "default", "discovery", "safe", "version", } }