Went through all the new (since 5.51) scripts and improved (I hope) the nsedoc descriptions a bit and made some other very minor cleanups

scripts/creds-summary.nse

@@ -1,5 +1,5 @@
 description = [[
-Lists all discovered credentials at end of scan
+Lists all discovered credentials (e.g. from brute force and default password checking scripts) at end of scan
 ]]
 
 ---

scripts/dns-brute.nse

@@ -1,5 +1,5 @@
 description = [[
-Attempts to enumerate DNS hostnames by brute force guessing.
+Attempts to enumerate DNS hostnames by brute force guessing of common subdomains.
 ]]
 -- 2011-01-26
 
@@ -22,7 +22,7 @@ Attempts to enumerate DNS hostnames by brute force guessing.
 -- |     ns1.foo.com - 127.0.0.4
 -- |_    admin.foo.com - 127.0.0.5
 
-author = "cirrus"
+author = "Cirrus"
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 

scripts/dns-service-discovery.nse

@@ -1,5 +1,5 @@
 description=[[ 
-Attempts to discover a hosts services using the DNS Service Discovery protocol.
+Attempts to discover target hosts' services using the DNS Service Discovery protocol.
 
 The script first sends a query for _services._dns-sd._udp.local to get a
 list of services. It then sends a followup query for each one to try to

scripts/dpap-brute.nse

@@ -1,5 +1,5 @@
 description = [[
-Performs password guessing against an iPhoto Library
+Performs brute force password auditing against an iPhoto Library.
 ]]
 
 

scripts/http-affiliate-id.nse

@@ -1,6 +1,7 @@
 description = [[
-Grabs affiliate network IDs from an HTML page. These can be used to
-identify pages with the same owner.
+Grabs affiliate network IDs (e.g. Google AdSense or Analytics, Amazon
+Associates, etc.) from a web page. These can be used to identify pages
+with the same owner.
 
 If there is more than one target using an ID, the postrule of this
 script shows the ID along with a list of the targets using it.

scripts/http-barracuda-dir-traversal.nse

@@ -1,10 +1,13 @@
 description = [[
-Attempts to retrieve the configuration settings from the MySQL database 
-dump on a Barracuda Networks Spam & Virus Firewall device using the 
-directory traversal vulnerability in the "locale" parameter of 
-"/cgi-mod/view_help.cgi" or "/cgi-bin/view_help.cgi".
+Attempts to retrieve the configuration settings from a Barracuda
+Networks Spam & Virus Firewall device using the directory traversal
+vulnerability described at
+http://seclists.org/fulldisclosure/2010/Oct/119.
 
-The web administration interface runs on port 8000 by default.
+This vulnerability is in the "locale" parameter of
+"/cgi-mod/view_help.cgi" or "/cgi-bin/view_help.cgi", allowing the
+information to be retrieved from a MySQL database dump.  The web
+administration interface runs on port 8000 by default.
 
 Barracuda Networks Spam & Virus Firewall <= 4.1.1.021 Remote Configuration Retrieval
 Original exploit by ShadowHatesYou <Shadow@SquatThis.net>

scripts/http-cakephp-version.nse

@@ -1,5 +1,5 @@
 description = [[
-Obtains the CakePHP version of a web application built with the CakePHP framework. This script depends on default files shipped with the CakePHP framework.
+Obtains the CakePHP version of a web application built with the CakePHP framework by fingerprinting default files shipped with the CakePHP framework.
 
 This script queries the files 'vendors.php', 'cake.generic.css', 'cake.icon.png' and 'cake.icon.gif' to try to obtain the version of the CakePHP installation.
 Since installations that had been upgraded are prone to false positives due to old files that aren't removed, the script displays 3 different versions:

scripts/http-majordomo2-dir-traversal.nse

@@ -1,5 +1,7 @@
 description = [[
-Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. (CVE-2011-0049). 
+Exploits a directory traversal vulnerability existing in the
+Majordomo2 mailing list manager to retrieve remote
+files. (CVE-2011-0049).
 
 Vulnerability originally discovered by Michael Brooks.
 

scripts/http-wp-plugins.nse

@@ -1,5 +1,6 @@
 description = [[
-Tries to give a list of installed WordPress plugins.
+Tries to obtain a list of installed WordPress plugins by brute force
+testing for known plugins.
 
 The script will brute force the /wp-content/plugins/ folder with a dictionnary
 of 14K (and counting) known WP plugins. Anything but a 404 means that a given
@@ -31,7 +32,7 @@ check the first 100 ones. Users can tweak this with an option (see below).
 -- |   stats
 -- |_  wp-to-twitter
 
-author = "Ange Gutek <ange.gutek@gmail.com>"
+author = "Ange Gutek"
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 

scripts/ip-geolocation-geobytes.nse

@@ -1,8 +1,10 @@
 description = [[
-This script looks up the host's IP address using the Geobytes geolocation web 
-service. The limit of lookups using this service is 20 requests per hour. Once 
-the limit is reached, an nmap.registry["ip-geolocation-geobytes"].blocked 
-boolean is set so no further requests are made during a scan.
+Tries to identify the physical location of an IP address using the
+Geobytes geolocation web service
+(http://www.geobytes.com/iplocator.htm). The limit of lookups using
+this service is 20 requests per hour. Once the limit is reached, an
+nmap.registry["ip-geolocation-geobytes"].blocked boolean is set so no
+further requests are made during a scan.
 ]]
 
 ---

scripts/ip-geolocation-geoplugin.nse

@@ -1,6 +1,7 @@
 description = [[
-This script looks up the host's IP address using the Geoplugin geolocation web 
-service. There is no limit on lookups using this service.
+Tries to identify the physical location of an IP address using the
+Geoplugin geolocation web service (http://www.geoplugin.com/). There
+is no limit on lookups using this service.
 ]]
 
 ---

scripts/ip-geolocation-ipinfodb.nse

@@ -1,7 +1,10 @@
 description = [[
-This script looks up the host's IP address using the IPInfoDB geolocation web 
-service. There is no limit on requests to this service. However, the API key 
-used is obtained through a free registration with the service.
+Tries to identify the physical location of an IP address using the
+IPInfoDB geolocation web service
+(http://ipinfodb.com/ip_location_api.php).
+
+There is no limit on requests to this service. However, the API key
+used was obtained through a free registration with the service.
 ]]
 
 ---

scripts/ip-geolocation-maxmind.nse

@@ -1,8 +1,9 @@
 description = [[
-Geolocation lookup by IP address in a Maxmind database. This script supports 
-queries using all Maxmind databases that are supported by their API including 
-the commercial ones. The databases can be obtained at: 
-http://www.maxmind.com/app/ip-location
+Tries to identify the physical location of an IP address using a
+Geolocation Maxmind database file (available from
+http://www.maxmind.com/app/ip-location). This script supports queries
+using all Maxmind databases that are supported by their API including
+the commercial ones.
 ]]
 
 ---

scripts/ip-geolocation-quova.nse

@@ -1,6 +1,8 @@
 description = [[
-This script looks up the host's IP address using the Quova geolocation web 
-service. It uses three API keys obtained through a free registration. The limit
+Tries to identify the physical location of an IP address using the
+Quova geolocation web service (http://www.quova.com/).
+
+It uses three API keys obtained through a free registration. The limit
 on lookups is 1000 per API key per day, and 2 per API key per second.
 ]]
 

scripts/ldap-novell-getpass.nse

@@ -1,5 +1,7 @@
 description = [[
-Attempts to retrieve the Novell Universal Password for a user.
+Attempts to retrieve the Novell Universal Password for a user. You
+must already have (and include in script arguments) the username and password for an eDirectory server
+administrative account.
 ]]
 
 ---

scripts/mac-geolocation.nse

@@ -1,9 +1,9 @@
 description = [[
 Looks up geolocation information for BSSID (MAC) addresses of WiFi access points
 in the Google geolocation database. Geolocation information in this databasea 
-usually includes information including coordinates, country, state, city, 
-street address etc. The MAC addresses can be supplied as an argument 
-<code>macs</code>, or in the registry under
+usually includes coordinates, country, state, city, 
+street address, etc. The MAC addresses can be supplied as an argument 
+<code>mac-geolocation.macs</code>, or in the registry under
 <code>nmap.registry.[host.ip][mac-geolocation]</code>.
 ]]
 
@@ -11,8 +11,8 @@ street address etc. The MAC addresses can be supplied as an argument
 -- @usage
 -- nmap --script mac-geolocation <target> --script-args 'mac-geolocation.macs="00:24:B2:1E:24:FE,00:23:69:2A:B1:27"'
 --
--- @arg macs a list of MAC addresses separated by "," for which to do a geolocation lookup 
--- @arg extra_info include additional information in the output such as lookup accuracy, street address etc.
+-- @arg mac-geolocation.macs a list of MAC addresses separated by "," for which to do a geolocation lookup 
+-- @arg mac-geolocation.extra_info include additional information in the output such as lookup accuracy, street address etc.
 --
 -- @output Location info arranged by MAC and geolocation database
 -- | mac-geolocation: 

scripts/mysql-audit.nse

@@ -1,5 +1,7 @@
 description = [[
-Audit MySQL database server
+Audit MySQL database server security configuration against parts of
+the CIS MySQL v1.0.2 benchmark (the engine can be used for other MySQL
+audits by creating appropriate audit files).
 ]]
 
 

scripts/ncp-enum-users.nse

@@ -1,5 +1,5 @@
 description = [[
-Retrieves a list of all eDirectory users from the NCP service
+Retrieves a list of all eDirectory users from the Novell NetWare Core Protocol (NCP) service.
 ]]
 
 ---

scripts/ncp-serverinfo.nse

@@ -1,5 +1,6 @@
 description = [[
-Gets NCP Server Information
+Retrieves eDirectory server information (OS version, server name,
+mounts, etc.) from the Novell NetWare Core Protocol (NCP) service.
 ]]
 
 ---

scripts/nping-brute.nse

@@ -1,5 +1,5 @@
 description = [[
-Performs brute force password auditing against the Nping Echo service.
+Performs brute force password auditing against an Nping Echo service.
 
 See http://nmap.org/book/nping-man-echo-mode.html for Echo Mode
 documentation.

scripts/omp2-enum-targets.nse

@@ -1,5 +1,5 @@
 description = [[
-Attempts to get the list of targets from an OpenVAS Manager server.
+Attempts to retrieve the list of target systems and networks from an OpenVAS Manager server.
 
 The script authenticates on the manager using provided or previously cracked
 credentials and gets the list of defined targets for each account.

scripts/ovs-agent-version.nse

@@ -1,5 +1,6 @@
 description = [[
-Detects the version of an OVSAgentServer.
+Detects the version of an Oracle OVSAgentServer by fingerprinting
+responses to an HTTP GET request and an XML-RPC method call.
 
 Version 2.2 of OVSAgentServer returns a distinctive string in response to an
 HTTP GET request. However version 3.0 returns a generic response that looks like

scripts/quake3-master-getservers.nse

@@ -1,5 +1,5 @@
 description = [[
-Queries Quake 3 styled master servers for game servers.
+Queries Quake3-style master servers for game servers (many games other than Quake 3 use this same protocol).
 ]]
 
 ---

scripts/servicetags.nse

@@ -1,5 +1,5 @@
 description = [[
-Attempts to extract system information from the Service Tags.
+Attempts to extract system information (OS, hardware, etc.) from the Sun Service Tags service (UDP port 6481).
 
 Based on protocol specs from
 http://arc.opensolaris.org/caselog/PSARC/2006/638/stdiscover_protocolv2.pdf

scripts/sip-brute.nse

@@ -1,5 +1,5 @@
 description = [[
-Attempts to brute-force SIP accounts
+Performs brute force password auditing against Session Initiation Protocol (SIP - http://en.wikipedia.org/wiki/Session_Initiation_Protocol) accounts.  This protocol is most commonly associated with VoIP sessions.
 ]]
 
 ---

scripts/sip-enum-users.nse

@@ -1,6 +1,8 @@
 description = [[
-Attempts to enumerate valid user account using SIP. Currently only the SIP
-server Asterisk is supported. 
+Attempts to enumerate valid user account using SIP (Session Initiation
+Protocol - http://en.wikipedia.org/wiki/Session_Initiation_Protocol).
+This protocol is most commonly associated with VoIP
+sessions. Currently only the SIP server Asterisk is supported.
 
 * Asterisk
 	- The script enumerates valid accounts by checking the SIP servers response

scripts/smtp-vuln-cve2011-1720.nse

@@ -1,6 +1,8 @@
 description = [[
-Checks for a Memory corruption in the Postfix SMTP server when it uses
-Cyrus SASL library authentication mechanisms (CVE-2011-1720).
+Checks for a memory corruption in the Postfix SMTP server when it uses
+Cyrus SASL library authentication mechanisms (CVE-2011-1720).  This
+vulnerability can allow denial of service and possibly remote code
+execution.
 
 Reference:
 * http://www.postfix.org/CVE-2011-1720.html

scripts/snmp-ios-config.nse

@@ -1,5 +1,5 @@
 description = [[
-Download IOS configuration using SNMP RW (v1) and displays the result or saves it to a file.
+Attempts to downloads Cisco router IOS configuration files using SNMP RW (v1) and display or save them.
 ]]
 
 ---

scripts/ssl-known-key.nse

@@ -2,12 +2,14 @@
 -- vim: set filetype=lua :
 
 description = [[
-This script checks whether the SSL certificate used by a host has a fingerprint
-that matches the ones in a database.
+Checks whether the SSL certificate used by a host has a fingerprint
+that matches the ones in database of problematic keys.
 
-The database checked is currently from LittleBlackBox 0.1, but any file of
-fingerprints will serve just as well. One suggestion is the list of the weak
-Debian OpenSSL keys.
+The only database currently checked the LittleBlackBox 0.1 database of
+comprimised keys from various devices, but any file of fingerprints
+will serve just as well. For example, this could be used to find weak
+Debian OpenSSL keys using the widely available (but too large to
+include with Nmap) list.
 ]]
 
 ---

scripts/targets-sniffer.nse

@@ -2,9 +2,10 @@
 -- vim: set filetype=lua :
 
 description = [[
-Sniffs the local network for a configurable amount of time and prints
-discovered addresses. If <code>newtargets</code> is true, adds the addresses to
-the queue to be scanned.
+Sniffs the local network for a configurable amount of time (10 seconds
+by default) and prints discovered addresses. If the
+<code>newtargets</code> script argument is set, discovered addresses
+are added to the scan queue.
 
 Requires root privileges. Either the <code>targets-sniffer.iface</code> script
 argument or <code>-e</code> Nmap option to define which interface to use.
@@ -27,7 +28,7 @@ argument or <code>-e</code> Nmap option to define which interface to use.
 
 -- Thanks to everyone for the feedback and especially Henri Doreau for his detailed feedback and suggestions
 
-author = "Nick Nikolaou <nikolasnikolaou1@gmail.com>"
+author = "Nick Nikolaou"
 categories = {"broadcast", "discovery"}
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 

scripts/xmpp.nse

@@ -1,5 +1,5 @@
 description = [[
-Connect to XMPP server (port 5222) and collect server information such as:
+Connects to an XMPP server (port 5222) and collects server information such as
 supported auth mechanisms, compression methods and whether TLS is supported
 and mandatory.
 ]]