diff --git a/scripts/asn-query.nse b/scripts/asn-query.nse
index 666cb0693..37a05d1f0 100644
--- a/scripts/asn-query.nse
+++ b/scripts/asn-query.nse
@@ -7,7 +7,7 @@ turn queries a third-party service provided by Team Cymru
use by Nmap.
The responses to these queries contain both Origin and Peer ASNs and
-their descriptions, displayed along with the BG Prefix and Country Code.
+their descriptions, displayed along with the BGP Prefix and Country Code.
The script caches results to reduce the number of queries and should
perform a single query for all scanned targets in a BG Prefix present in
@@ -16,7 +16,7 @@ Team Cymru's database.
Be aware that any targets against which this script is run will be sent
to and potentially recorded by one or more DNS servers and Team Cymru.
In addition your IP address will be sent along with the ASN to a DNS
-server (your default DNS server, or whichever you specified with the
+server (your default DNS server, or whichever one you specified with the
dns script argument).
]]
diff --git a/scripts/dns-random-srcport.nse b/scripts/dns-random-srcport.nse
index 853dd8e1e..2ba513b35 100644
--- a/scripts/dns-random-srcport.nse
+++ b/scripts/dns-random-srcport.nse
@@ -1,7 +1,7 @@
description = [[
Checks a DNS server for the predictable-port recursion vulnerability.
Predictable source ports can make a DNS server vulnerable to cache poisoning
-attacks (CVE-2008-1447).
+attacks (see CVE-2008-1447).
The script works by querying porttest.dns-oarc.net.
Be aware that any targets against which this script is run will be sent to and
diff --git a/scripts/dns-random-txid.nse b/scripts/dns-random-txid.nse
index d6fe9df9d..db3c55819 100644
--- a/scripts/dns-random-txid.nse
+++ b/scripts/dns-random-txid.nse
@@ -2,7 +2,7 @@
description = [[
Checks a DNS server for the predictable-TXID DNS recursion
vulnerability. Predictable TXID values can make a DNS server vulnerable to
-cache poisoning attacks (CVE-2008-1447).
+cache poisoning attacks (see CVE-2008-1447).
The script works by querying txidtest.dns-oarc.net.
Be aware that any targets against which this script is run will be sent to and
diff --git a/scripts/finger.nse b/scripts/finger.nse
index fda3f68fc..daa5e6ede 100644
--- a/scripts/finger.nse
+++ b/scripts/finger.nse
@@ -1,5 +1,5 @@
description = [[
-Attempts to get a list of usernames via the finger service.
+Attempts to retrieve a list of usernames using the finger service.
]]
author = "Eddie Bell "
diff --git a/scripts/ftp-anon.nse b/scripts/ftp-anon.nse
index 9ef634d79..e12c8b992 100644
--- a/scripts/ftp-anon.nse
+++ b/scripts/ftp-anon.nse
@@ -8,7 +8,7 @@ Checks if an FTP server allows anonymous logins.
author = "Eddie Bell "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"default", "auth", "intrusive"}
+categories = {"default", "auth", "safe"}
require "shortport"
diff --git a/scripts/html-title.nse b/scripts/html-title.nse
index 1009dc0d7..c3b095562 100644
--- a/scripts/html-title.nse
+++ b/scripts/html-title.nse
@@ -3,14 +3,16 @@ Shows the title of the default page of a web server.
The script will follow no more than one HTTP redirect, and only if the
redirection leads to the same host. The script may send a DNS query to
-determine if the host the redirect leads to has the same IP address as the
+determine whether the host the redirect leads to has the same IP address as the
original target.
]]
---
--@output
--- 80/tcp open http syn-ack
--- |_ html-title: Foo.
+-- Interesting ports on scanme.nmap.org (64.13.134.52):
+-- PORT STATE SERVICE
+-- 80/tcp open http
+-- |_ html-title.nse: Go ahead and ScanMe!
author = "Diman Todorov "
diff --git a/scripts/http-auth.nse b/scripts/http-auth.nse
index 65a098819..58b97a311 100644
--- a/scripts/http-auth.nse
+++ b/scripts/http-auth.nse
@@ -1,5 +1,5 @@
description = [[
-Gets the authentication scheme and realm of a web service that requires
+Retrieves the authentication scheme and realm of a web service that requires
authentication.
]]
diff --git a/scripts/http-open-proxy.nse b/scripts/http-open-proxy.nse
index c77a0efca..b802c31f4 100644
--- a/scripts/http-open-proxy.nse
+++ b/scripts/http-open-proxy.nse
@@ -1,10 +1,10 @@
description=[[
Checks if an HTTP proxy is open.
-The script attempts to connect to www.google.com through the proxy and checks
+The script attempts to connect to www.google.com through the (possible) proxy and checks
for a Server: gws header field in the response.
-If the target is an open proxy, this script will cause the target to retrieve a
+If the target is an open proxy, this script causes the target to retrieve a
web page from www.google.com.
]]
diff --git a/scripts/http-passwd.nse b/scripts/http-passwd.nse
index 793e68fa1..be4f1c893 100644
--- a/scripts/http-passwd.nse
+++ b/scripts/http-passwd.nse
@@ -1,6 +1,6 @@
description = [[
Checks if a web server is vulnerable to directory traversal by attempting to
-retrieve /etc/passwd.
+retrieve /etc/passwd using various traversal methods such as requestiong ../../../../etc/passwd.
]]
-- 07/20/2007:
diff --git a/scripts/iax2-version.nse b/scripts/iax2-version.nse
index 8c03d280c..3f48496d0 100644
--- a/scripts/iax2-version.nse
+++ b/scripts/iax2-version.nse
@@ -1,8 +1,7 @@
description = [[
Detects the UDP IAX2 service.
-The script sends an IAX Control Frame POKE request and checks for a proper
-response.
+The script sends an Inter-Asterisk eXchange (IAX) Revision 2 Control Frame POKE request and checks for a proper response. This protocol is used to enable VoIP connections between servers as well as client-server communication.
]]
author = "Ferdy Riphagen "
diff --git a/scripts/identd-owners.nse b/scripts/identd-owners.nse
index 2c4dfaec8..2512d7122 100644
--- a/scripts/identd-owners.nse
+++ b/scripts/identd-owners.nse
@@ -1,8 +1,6 @@
description = [[
-Attempts to find the owner of a scanned port.
-
-The script makes a connection to the auth port (113) and queries the owner of
-an open port.
+Attempts to find the owner of an open TCP port by querying an identd
+(auth - port 113) daemon which must also be open on the target system.
]]
author = "Diman Todorov "
diff --git a/scripts/irc-info.nse b/scripts/irc-info.nse
index a46c1037a..67682a1ba 100644
--- a/scripts/irc-info.nse
+++ b/scripts/irc-info.nse
@@ -7,11 +7,11 @@ It uses STATS, LUSERS, and other queries to obtain this information.
---
-- @output
-- 6665/tcp open irc
--- | irc-info: Server: foo.bar.net
--- | Version: hyperion-1.0.2b(381). foo.bar.net
+-- | irc-info: Server: target.example.org
+-- | Version: hyperion-1.0.2b(381). target.example.org
-- | Lservers/Lusers: 0/4204
-- | Uptime: 106 days, 2:46:30
--- | Source host: bar.foo.net
+-- | Source host: source.example.org
-- |_ Source ident: OK n=nmap
author = "Doug Hoyte"
diff --git a/scripts/ms-sql-info.nse b/scripts/ms-sql-info.nse
index 5559f3ba7..b883d1434 100644
--- a/scripts/ms-sql-info.nse
+++ b/scripts/ms-sql-info.nse
@@ -1,5 +1,5 @@
description = [[
-Attempts to extract information from Microsoft SQL Server.
+Attempts to extract information from Microsoft SQL Server instances.
]]
-- rev 1.0 (2007-06-09)
diff --git a/scripts/mysql-info.nse b/scripts/mysql-info.nse
index 6e4ae3de8..39ef91620 100644
--- a/scripts/mysql-info.nse
+++ b/scripts/mysql-info.nse
@@ -3,8 +3,8 @@ Connects to a MySQL server and prints information such as the protocol and
version numbers, thread ID, status, capabilities, and the password salt.
If service detection is performed and the server appears to be blocking
-our host or is blocked from too many connections, then we don't bother
-running this script (see the portrule).
+our host or is blocked because of too many connections, then this script isn't run
+(see the portrule).
]]
---
@@ -13,7 +13,7 @@ running this script (see the portrule).
-- | mysql-info: Protocol: 10
-- | Version: 5.0.51a-3ubuntu5.1
-- | Thread ID: 7
--- | Some Capabilities: Connect with DB, Compress, Transactions, Secure Connection
+-- | Some Capabilities: Connect with DB, Transactions, Secure Connection
-- | Status: Autocommit
-- |_ Salt: bYyt\NQ/4V6IN+*3`imj
diff --git a/scripts/nbstat.nse b/scripts/nbstat.nse
index e58d0cf0f..29a7c4bed 100644
--- a/scripts/nbstat.nse
+++ b/scripts/nbstat.nse
@@ -1,5 +1,5 @@
description = [[
-Attempt's to get the target's NetBIOS names and MAC address.
+Attempt's to retrieve the target's NetBIOS names and MAC address.
By default, the script displays the name of the computer and the logged-in
user; if the verbosity is turned up, it displays all names the system thinks it
@@ -12,14 +12,14 @@ owns.
--
-- @output
-- (no verbose)\n
--- |_ nbstat: NetBIOS name: TEST1, NetBIOS user: RON, NetBIOS MAC: 00:0c:29:f9:d9:28\n
+-- |_ nbstat: NetBIOS name: TST, NetBIOS user: RON, NetBIOS MAC: 00:0c:29:f9:d9:28\n
--\n
-- (verbose)\n
--- | nbstat: NetBIOS name: TEST1, NetBIOS user: RON, NetBIOS MAC: 00:0c:29:f9:d9:28\n
--- | Name: TEST1<00> Flags: \n
--- | Name: TEST1<20> Flags: \n
+-- | nbstat: NetBIOS name: TST, NetBIOS user: RON, NetBIOS MAC: 00:0c:29:f9:d9:28\n
+-- | Name: TST<00> Flags: \n
+-- | Name: TST<20> Flags: \n
-- | Name: WORKGROUP<00> Flags: \n
--- | Name: TEST1<03> Flags: \n
+-- | Name: TST<03> Flags: \n
-- | Name: WORKGROUP<1e> Flags: \n
-- | Name: RON<03> Flags: \n
-- | Name: WORKGROUP<1d> Flags: \n
diff --git a/scripts/pop3-capabilities.nse b/scripts/pop3-capabilities.nse
index 114db0c78..737a4cb43 100644
--- a/scripts/pop3-capabilities.nse
+++ b/scripts/pop3-capabilities.nse
@@ -1,5 +1,5 @@
description = [[
-Retrieves POP3 server capabilities.
+Retrieves POP3 email server capabilities.
]]
---
diff --git a/scripts/pptp-version.nse b/scripts/pptp-version.nse
index 87ab8d333..3a8340557 100644
--- a/scripts/pptp-version.nse
+++ b/scripts/pptp-version.nse
@@ -1,5 +1,5 @@
description = [[
-Attempts to extract system information from the PPTP service.
+Attempts to extract system information from the point-to-point tunneling protocol (PPTP) service.
]]
-- rev 0.2 (11-14-2007)
diff --git a/scripts/smtp-strangeport.nse b/scripts/smtp-strangeport.nse
index a1a5ae3ab..ca8123dd3 100644
--- a/scripts/smtp-strangeport.nse
+++ b/scripts/smtp-strangeport.nse
@@ -1,14 +1,14 @@
description = [[
Checks if SMTP is running on a non-standard port.
-This usually indicates crackers or script kiddies have set up a backdoor on the
-system to send spam or control your machine.
+This may indicate that crackers or script kiddies have set up a backdoor on the
+system to send spam or control the machine.
]]
---
-- @output
--- 22/tcp open ssh
--- |_ smtp-strangeport: Warning: smtp is running on a strange port
+-- 22/tcp open smtp
+-- |_ smtp-strangeport: Mail server on unusual port: possible malware
author = "Diman Todorov "
@@ -35,6 +35,6 @@ portrule = function(host, port)
end
action = function()
- return "Warning: smtp is running on a strange port"
+ return "Mail server on unusual port: possible malware"
end
diff --git a/scripts/sniffer-detect.nse b/scripts/sniffer-detect.nse
index 0c49beb60..72985aa08 100644
--- a/scripts/sniffer-detect.nse
+++ b/scripts/sniffer-detect.nse
@@ -1,7 +1,7 @@
description = [[
Checks if a target on a local Ethernet has its network card in promiscuous mode.
-The technique is described at
+The techniques used are described at
http://www.securityfriday.com/promiscuous_detection_01.pdf.
]]
diff --git a/scripts/snmp-brute.nse b/scripts/snmp-brute.nse
index bb2ef73ba..6e67b44c6 100644
--- a/scripts/snmp-brute.nse
+++ b/scripts/snmp-brute.nse
@@ -1,5 +1,5 @@
description = [[
-Attempts to find an SNMP community string by brute force.
+Attempts to find an SNMP community string by brute force guessing.
]]
-- 2008-07-03
diff --git a/scripts/sql-injection.nse b/scripts/sql-injection.nse
index a98fac303..8b7442024 100644
--- a/scripts/sql-injection.nse
+++ b/scripts/sql-injection.nse
@@ -6,14 +6,11 @@ The script spiders an HTTP server looking for URLs containing queries. It then
proceeds to combine crafted SQL commands with susceptible URLs in order to
obtain errors. The errors are analysed to see if the URL is vulnerable to
attack. This uses the most basic form of SQL injection but anything more
-complication is more suited to a standalone tool. Both meta and HTTP redirects
+complicated is better suited to a standalone tool. Both meta-style and HTTP redirects
are supported.
-It is not advisable to run this against unknown hosts.
-
-We may not have access to the server's true hostname. This means we cannot
-access virtually hosted sites and cannot follow absolute links when the
-hostname is different from the resolved IP address
+We may not have access to the target web server's true hostname, which can prevent access to
+virtually hosted sites. This script only follows absolute links when the host name component is the same as the target server's reverse-DNS name.
]]
require('url')
diff --git a/scripts/ssh-hostkey.nse b/scripts/ssh-hostkey.nse
index ccfc9103a..a840e1cf1 100644
--- a/scripts/ssh-hostkey.nse
+++ b/scripts/ssh-hostkey.nse
@@ -1,9 +1,7 @@
description = [[
Shows SSH hostkeys.
-Shows fingerprint or fingerprint and key depending on verbosity level. Puts the
-found hostkeys in nmap.registry for other scripts to use them. You can control
-the output with the ssh_hostkey script argument.
+Shows the target SSH server's key fingerprint and (with high enough verbosity level) the public key itself. It records the discovered host keys in nmap.registry for use by other scripts. Output can be controlled with the ssh_hostkey script argument.
]]
---
diff --git a/scripts/sshv1.nse b/scripts/sshv1.nse
index b0f43f789..1643b61fa 100644
--- a/scripts/sshv1.nse
+++ b/scripts/sshv1.nse
@@ -1,5 +1,5 @@
description = [[
-Checks if an SSH server supports SSH Protocol Version 1.
+Checks if an SSH server supports the obsolete and less secure SSH Protocol Version 1.
]]
author = "Brandon Enright "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
diff --git a/scripts/sslv2.nse b/scripts/sslv2.nse
index fb7827b7d..7c1c36df7 100644
--- a/scripts/sslv2.nse
+++ b/scripts/sslv2.nse
@@ -1,6 +1,6 @@
description = [[
-Determines whether the server (still) supports SSL-v2, and what ciphers it
-offers.
+Determines whether the server supports obsolete and less secure SSL-v2, and discovers which ciphers it
+supports.
]]
---