Went through all the new (since 5.51) scripts and improved (I hope) the nsedoc descriptions a bit and made some other very minor cleanups

scripts/creds-summary.nse

@@ -1,5 +1,5 @@
 description = [[
-Lists all discovered credentials at end of scan
+Lists all discovered credentials (e.g. from brute force and default password checking scripts) at end of scan
 ]]
 
 ---

scripts/dns-brute.nse

@@ -1,5 +1,5 @@
 description = [[
-Attempts to enumerate DNS hostnames by brute force guessing.
+Attempts to enumerate DNS hostnames by brute force guessing of common subdomains.
 ]]
 -- 2011-01-26
 
@@ -22,7 +22,7 @@ Attempts to enumerate DNS hostnames by brute force guessing.
 -- |     ns1.foo.com - 127.0.0.4
 -- |_    admin.foo.com - 127.0.0.5
 
-author = "cirrus"
+author = "Cirrus"
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 

scripts/dns-service-discovery.nse

@@ -1,5 +1,5 @@
 description=[[ 
-Attempts to discover a hosts services using the DNS Service Discovery protocol.
+Attempts to discover target hosts' services using the DNS Service Discovery protocol.
 
 The script first sends a query for _services._dns-sd._udp.local to get a
 list of services. It then sends a followup query for each one to try to

scripts/dpap-brute.nse

@@ -1,5 +1,5 @@
 description = [[
-Performs password guessing against an iPhoto Library
+Performs brute force password auditing against an iPhoto Library.
 ]]
 
 

scripts/http-affiliate-id.nse

@@ -1,6 +1,7 @@
 description = [[
-Grabs affiliate network IDs from an HTML page. These can be used to
+Grabs affiliate network IDs (e.g. Google AdSense or Analytics, Amazon
-identify pages with the same owner.
+Associates, etc.) from a web page. These can be used to identify pages
+with the same owner.
 
 If there is more than one target using an ID, the postrule of this
 script shows the ID along with a list of the targets using it.

scripts/http-barracuda-dir-traversal.nse

@@ -1,10 +1,13 @@
 description = [[
-Attempts to retrieve the configuration settings from the MySQL database 
+Attempts to retrieve the configuration settings from a Barracuda
-dump on a Barracuda Networks Spam & Virus Firewall device using the 
+Networks Spam & Virus Firewall device using the directory traversal
-directory traversal vulnerability in the "locale" parameter of 
+vulnerability described at
-"/cgi-mod/view_help.cgi" or "/cgi-bin/view_help.cgi".
+http://seclists.org/fulldisclosure/2010/Oct/119.
 
-The web administration interface runs on port 8000 by default.
+This vulnerability is in the "locale" parameter of
+"/cgi-mod/view_help.cgi" or "/cgi-bin/view_help.cgi", allowing the
+information to be retrieved from a MySQL database dump.  The web
+administration interface runs on port 8000 by default.
 
 Barracuda Networks Spam & Virus Firewall <= 4.1.1.021 Remote Configuration Retrieval
 Original exploit by ShadowHatesYou <Shadow@SquatThis.net>

scripts/http-cakephp-version.nse

@@ -1,5 +1,5 @@
 description = [[
-Obtains the CakePHP version of a web application built with the CakePHP framework. This script depends on default files shipped with the CakePHP framework.
+Obtains the CakePHP version of a web application built with the CakePHP framework by fingerprinting default files shipped with the CakePHP framework.
 
 This script queries the files 'vendors.php', 'cake.generic.css', 'cake.icon.png' and 'cake.icon.gif' to try to obtain the version of the CakePHP installation.
 Since installations that had been upgraded are prone to false positives due to old files that aren't removed, the script displays 3 different versions:

scripts/http-majordomo2-dir-traversal.nse

@@ -1,5 +1,7 @@
 description = [[
-Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. (CVE-2011-0049). 
+Exploits a directory traversal vulnerability existing in the
+Majordomo2 mailing list manager to retrieve remote
+files. (CVE-2011-0049).
 
 Vulnerability originally discovered by Michael Brooks.
 

scripts/http-wp-plugins.nse

@@ -1,5 +1,6 @@
 description = [[
-Tries to give a list of installed WordPress plugins.
+Tries to obtain a list of installed WordPress plugins by brute force
+testing for known plugins.
 
 The script will brute force the /wp-content/plugins/ folder with a dictionnary
 of 14K (and counting) known WP plugins. Anything but a 404 means that a given
@@ -31,7 +32,7 @@ check the first 100 ones. Users can tweak this with an option (see below).
 -- |   stats
 -- |_  wp-to-twitter
 
-author = "Ange Gutek <ange.gutek@gmail.com>"
+author = "Ange Gutek"
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 

scripts/ip-geolocation-geobytes.nse

@@ -1,8 +1,10 @@
 description = [[
-This script looks up the host's IP address using the Geobytes geolocation web 
+Tries to identify the physical location of an IP address using the
-service. The limit of lookups using this service is 20 requests per hour. Once 
+Geobytes geolocation web service
-the limit is reached, an nmap.registry["ip-geolocation-geobytes"].blocked 
+(http://www.geobytes.com/iplocator.htm). The limit of lookups using
-boolean is set so no further requests are made during a scan.
+this service is 20 requests per hour. Once the limit is reached, an
+nmap.registry["ip-geolocation-geobytes"].blocked boolean is set so no
+further requests are made during a scan.
 ]]
 
 ---

scripts/ip-geolocation-geoplugin.nse

@@ -1,6 +1,7 @@
 description = [[
-This script looks up the host's IP address using the Geoplugin geolocation web 
+Tries to identify the physical location of an IP address using the
-service. There is no limit on lookups using this service.
+Geoplugin geolocation web service (http://www.geoplugin.com/). There
+is no limit on lookups using this service.
 ]]
 
 ---

scripts/ip-geolocation-ipinfodb.nse

@@ -1,7 +1,10 @@
 description = [[
-This script looks up the host's IP address using the IPInfoDB geolocation web 
+Tries to identify the physical location of an IP address using the
-service. There is no limit on requests to this service. However, the API key 
+IPInfoDB geolocation web service
-used is obtained through a free registration with the service.
+(http://ipinfodb.com/ip_location_api.php).
+
+There is no limit on requests to this service. However, the API key
+used was obtained through a free registration with the service.
 ]]
 
 ---

scripts/ip-geolocation-maxmind.nse

@@ -1,8 +1,9 @@
 description = [[
-Geolocation lookup by IP address in a Maxmind database. This script supports 
+Tries to identify the physical location of an IP address using a
-queries using all Maxmind databases that are supported by their API including 
+Geolocation Maxmind database file (available from
-the commercial ones. The databases can be obtained at: 
+http://www.maxmind.com/app/ip-location). This script supports queries
-http://www.maxmind.com/app/ip-location
+using all Maxmind databases that are supported by their API including
+the commercial ones.
 ]]
 
 ---

scripts/ip-geolocation-quova.nse

@@ -1,6 +1,8 @@
 description = [[
-This script looks up the host's IP address using the Quova geolocation web 
+Tries to identify the physical location of an IP address using the
-service. It uses three API keys obtained through a free registration. The limit
+Quova geolocation web service (http://www.quova.com/).
+
+It uses three API keys obtained through a free registration. The limit
 on lookups is 1000 per API key per day, and 2 per API key per second.
 ]]
 

scripts/ldap-novell-getpass.nse

@@ -1,5 +1,7 @@
 description = [[
-Attempts to retrieve the Novell Universal Password for a user.
+Attempts to retrieve the Novell Universal Password for a user. You
+must already have (and include in script arguments) the username and password for an eDirectory server
+administrative account.
 ]]
 
 ---

scripts/mac-geolocation.nse

@@ -1,9 +1,9 @@
 description = [[
 Looks up geolocation information for BSSID (MAC) addresses of WiFi access points
 in the Google geolocation database. Geolocation information in this databasea 
-usually includes information including coordinates, country, state, city, 
+usually includes coordinates, country, state, city, 
-street address etc. The MAC addresses can be supplied as an argument 
+street address, etc. The MAC addresses can be supplied as an argument 
-<code>macs</code>, or in the registry under
+<code>mac-geolocation.macs</code>, or in the registry under
 <code>nmap.registry.[host.ip][mac-geolocation]</code>.
 ]]
 
@@ -11,8 +11,8 @@ street address etc. The MAC addresses can be supplied as an argument
 -- @usage
 -- nmap --script mac-geolocation <target> --script-args 'mac-geolocation.macs="00:24:B2:1E:24:FE,00:23:69:2A:B1:27"'
 --
--- @arg macs a list of MAC addresses separated by "," for which to do a geolocation lookup 
+-- @arg mac-geolocation.macs a list of MAC addresses separated by "," for which to do a geolocation lookup 
--- @arg extra_info include additional information in the output such as lookup accuracy, street address etc.
+-- @arg mac-geolocation.extra_info include additional information in the output such as lookup accuracy, street address etc.
 --
 -- @output Location info arranged by MAC and geolocation database
 -- | mac-geolocation: 

scripts/mysql-audit.nse

@@ -1,5 +1,7 @@
 description = [[
-Audit MySQL database server
+Audit MySQL database server security configuration against parts of
+the CIS MySQL v1.0.2 benchmark (the engine can be used for other MySQL
+audits by creating appropriate audit files).
 ]]
 
 

scripts/ncp-enum-users.nse

@@ -1,5 +1,5 @@
 description = [[
-Retrieves a list of all eDirectory users from the NCP service
+Retrieves a list of all eDirectory users from the Novell NetWare Core Protocol (NCP) service.
 ]]
 
 ---

scripts/ncp-serverinfo.nse

@@ -1,5 +1,6 @@
 description = [[
-Gets NCP Server Information
+Retrieves eDirectory server information (OS version, server name,
+mounts, etc.) from the Novell NetWare Core Protocol (NCP) service.
 ]]
 
 ---

scripts/nping-brute.nse

@@ -1,5 +1,5 @@
 description = [[
-Performs brute force password auditing against the Nping Echo service.
+Performs brute force password auditing against an Nping Echo service.
 
 See http://nmap.org/book/nping-man-echo-mode.html for Echo Mode
 documentation.

scripts/omp2-enum-targets.nse

@@ -1,5 +1,5 @@
 description = [[
-Attempts to get the list of targets from an OpenVAS Manager server.
+Attempts to retrieve the list of target systems and networks from an OpenVAS Manager server.
 
 The script authenticates on the manager using provided or previously cracked
 credentials and gets the list of defined targets for each account.

scripts/ovs-agent-version.nse

@@ -1,5 +1,6 @@
 description = [[
-Detects the version of an OVSAgentServer.
+Detects the version of an Oracle OVSAgentServer by fingerprinting
+responses to an HTTP GET request and an XML-RPC method call.
 
 Version 2.2 of OVSAgentServer returns a distinctive string in response to an
 HTTP GET request. However version 3.0 returns a generic response that looks like

scripts/quake3-master-getservers.nse

@@ -1,5 +1,5 @@
 description = [[
-Queries Quake 3 styled master servers for game servers.
+Queries Quake3-style master servers for game servers (many games other than Quake 3 use this same protocol).
 ]]
 
 ---

scripts/servicetags.nse

@@ -1,5 +1,5 @@
 description = [[
-Attempts to extract system information from the Service Tags.
+Attempts to extract system information (OS, hardware, etc.) from the Sun Service Tags service (UDP port 6481).
 
 Based on protocol specs from
 http://arc.opensolaris.org/caselog/PSARC/2006/638/stdiscover_protocolv2.pdf

scripts/sip-brute.nse

@@ -1,5 +1,5 @@
 description = [[
-Attempts to brute-force SIP accounts
+Performs brute force password auditing against Session Initiation Protocol (SIP - http://en.wikipedia.org/wiki/Session_Initiation_Protocol) accounts.  This protocol is most commonly associated with VoIP sessions.
 ]]
 
 ---

scripts/sip-enum-users.nse

@@ -1,6 +1,8 @@
 description = [[
-Attempts to enumerate valid user account using SIP. Currently only the SIP
+Attempts to enumerate valid user account using SIP (Session Initiation
-server Asterisk is supported. 
+Protocol - http://en.wikipedia.org/wiki/Session_Initiation_Protocol).
+This protocol is most commonly associated with VoIP
+sessions. Currently only the SIP server Asterisk is supported.
 
 * Asterisk
 	- The script enumerates valid accounts by checking the SIP servers response

scripts/smtp-vuln-cve2011-1720.nse

@@ -1,6 +1,8 @@
 description = [[
-Checks for a Memory corruption in the Postfix SMTP server when it uses
+Checks for a memory corruption in the Postfix SMTP server when it uses
-Cyrus SASL library authentication mechanisms (CVE-2011-1720).
+Cyrus SASL library authentication mechanisms (CVE-2011-1720).  This
+vulnerability can allow denial of service and possibly remote code
+execution.
 
 Reference:
 * http://www.postfix.org/CVE-2011-1720.html

scripts/snmp-ios-config.nse

@@ -1,5 +1,5 @@
 description = [[
-Download IOS configuration using SNMP RW (v1) and displays the result or saves it to a file.
+Attempts to downloads Cisco router IOS configuration files using SNMP RW (v1) and display or save them.
 ]]
 
 ---

scripts/ssl-known-key.nse

@@ -2,12 +2,14 @@
 -- vim: set filetype=lua :
 
 description = [[
-This script checks whether the SSL certificate used by a host has a fingerprint
+Checks whether the SSL certificate used by a host has a fingerprint
-that matches the ones in a database.
+that matches the ones in database of problematic keys.
 
-The database checked is currently from LittleBlackBox 0.1, but any file of
+The only database currently checked the LittleBlackBox 0.1 database of
-fingerprints will serve just as well. One suggestion is the list of the weak
+comprimised keys from various devices, but any file of fingerprints
-Debian OpenSSL keys.
+will serve just as well. For example, this could be used to find weak
+Debian OpenSSL keys using the widely available (but too large to
+include with Nmap) list.
 ]]
 
 ---

scripts/targets-sniffer.nse

@@ -2,9 +2,10 @@
 -- vim: set filetype=lua :
 
 description = [[
-Sniffs the local network for a configurable amount of time and prints
+Sniffs the local network for a configurable amount of time (10 seconds
-discovered addresses. If <code>newtargets</code> is true, adds the addresses to
+by default) and prints discovered addresses. If the
-the queue to be scanned.
+<code>newtargets</code> script argument is set, discovered addresses
+are added to the scan queue.
 
 Requires root privileges. Either the <code>targets-sniffer.iface</code> script
 argument or <code>-e</code> Nmap option to define which interface to use.
@@ -27,7 +28,7 @@ argument or <code>-e</code> Nmap option to define which interface to use.
 
 -- Thanks to everyone for the feedback and especially Henri Doreau for his detailed feedback and suggestions
 
-author = "Nick Nikolaou <nikolasnikolaou1@gmail.com>"
+author = "Nick Nikolaou"
 categories = {"broadcast", "discovery"}
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 

scripts/xmpp.nse

@@ -1,5 +1,5 @@
 description = [[
-Connect to XMPP server (port 5222) and collect server information such as:
+Connects to an XMPP server (port 5222) and collects server information such as
 supported auth mechanisms, compression methods and whether TLS is supported
 and mandatory.
 ]]