PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

mostly documentation cleanup, though I also moved ftp-anon into the safe category since I don't think it is any more intrusive than other scripts in that category

Browse Source
This commit is contained in:
fyodor
2008-11-07 04:35:22 +00:00
parent 4df1143f2b
commit 989f48be6d
24 changed files with 47 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/asn-query.nse
View File

@@ -7,7 +7,7 @@ turn queries a third-party service provided by Team Cymru
use by Nmap.
The responses to these queries contain both Origin and Peer ASNs and
their descriptions, displayed along with the BG Prefix and Country Code.
their descriptions, displayed along with the BGP Prefix and Country Code.
The script caches results to reduce the number of queries and should
perform a single query for all scanned targets in a BG Prefix present in
@@ -16,7 +16,7 @@ Team Cymru's database.
Be aware that any targets against which this script is run will be sent
to and potentially recorded by one or more DNS servers and Team Cymru.
In addition your IP address will be sent along with the ASN to a DNS
server (your default DNS server, or whichever you specified with the
server (your default DNS server, or whichever one you specified with the
<code>dns</code> script argument).
]]

2
scripts/dns-random-srcport.nse
View File

@@ -1,7 +1,7 @@
description = [[
Checks a DNS server for the predictable-port recursion vulnerability.
Predictable source ports can make a DNS server vulnerable to cache poisoning
attacks (CVE-2008-1447).
attacks (see CVE-2008-1447).
The script works by querying porttest.dns-oarc.net.
Be aware that any targets against which this script is run will be sent to and

2
scripts/dns-random-txid.nse
View File

@@ -2,7 +2,7 @@
description = [[
Checks a DNS server for the predictable-TXID DNS recursion
vulnerability. Predictable TXID values can make a DNS server vulnerable to
cache poisoning attacks (CVE-2008-1447).
cache poisoning attacks (see CVE-2008-1447).
The script works by querying txidtest.dns-oarc.net.
Be aware that any targets against which this script is run will be sent to and

2
scripts/finger.nse
View File

@@ -1,5 +1,5 @@
description = [[
Attempts to get a list of usernames via the finger service.
Attempts to retrieve a list of usernames using the finger service.
]]
author = "Eddie Bell <ejlbell@gmail.com>"

2
scripts/ftp-anon.nse
View File

@@ -8,7 +8,7 @@ Checks if an FTP server allows anonymous logins.
author = "Eddie Bell <ejlbell@gmail.com>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "auth", "intrusive"}
categories = {"default", "auth", "safe"}
require "shortport"

8
scripts/html-title.nse
View File

@@ -3,14 +3,16 @@ Shows the title of the default page of a web server.
The script will follow no more than one HTTP redirect, and only if the
redirection leads to the same host. The script may send a DNS query to
determine if the host the redirect leads to has the same IP address as the
determine whether the host the redirect leads to has the same IP address as the
original target.
]]
---
--@output
-- 80/tcp open http syn-ack
-- |_ html-title: Foo.
-- Interesting ports on scanme.nmap.org (64.13.134.52):
-- PORT STATE SERVICE
-- 80/tcp open http
-- |_ html-title.nse: Go ahead and ScanMe!
author = "Diman Todorov <diman.todorov@gmail.com>"

2
scripts/http-auth.nse
View File

@@ -1,5 +1,5 @@
description = [[
Gets the authentication scheme and realm of a web service that requires
Retrieves the authentication scheme and realm of a web service that requires
authentication.
]]

4
scripts/http-open-proxy.nse
View File

@@ -1,10 +1,10 @@
description=[[
Checks if an HTTP proxy is open.
The script attempts to connect to www.google.com through the proxy and checks
The script attempts to connect to www.google.com through the (possible) proxy and checks
for a <code>Server: gws</code> header field in the response.
If the target is an open proxy, this script will cause the target to retrieve a
If the target is an open proxy, this script causes the target to retrieve a
web page from www.google.com.
]]

2
scripts/http-passwd.nse
View File

@@ -1,6 +1,6 @@
description = [[
Checks if a web server is vulnerable to directory traversal by attempting to
retrieve /etc/passwd.
retrieve <code>/etc/passwd</code> using various traversal methods such as requestiong <code>../../../../etc/passwd</code>.
]]
-- 07/20/2007:

3
scripts/iax2-version.nse
View File

@@ -1,8 +1,7 @@
description = [[
Detects the UDP IAX2 service.
The script sends an IAX Control Frame POKE request and checks for a proper
response.
The script sends an Inter-Asterisk eXchange (IAX) Revision 2 Control Frame POKE request and checks for a proper response. This protocol is used to enable VoIP connections between servers as well as client-server communication.
]]
author = "Ferdy Riphagen <f.riphagen@nsec.nl>"

6
scripts/identd-owners.nse
View File

@@ -1,8 +1,6 @@
description = [[
Attempts to find the owner of a scanned port.
The script makes a connection to the auth port (113) and queries the owner of
an open port.
Attempts to find the owner of an open TCP port by querying an identd
(auth - port 113) daemon which must also be open on the target system.
]]
author = "Diman Todorov <diman.todorov@gmail.com>"

6
scripts/irc-info.nse
View File

@@ -7,11 +7,11 @@ It uses STATS, LUSERS, and other queries to obtain this information.
---
-- @output
-- 6665/tcp open irc
-- | irc-info: Server: foo.bar.net
-- | Version: hyperion-1.0.2b(381). foo.bar.net
-- | irc-info: Server: target.example.org
-- | Version: hyperion-1.0.2b(381). target.example.org
-- | Lservers/Lusers: 0/4204
-- | Uptime: 106 days, 2:46:30
-- | Source host: bar.foo.net
-- | Source host: source.example.org
-- |_ Source ident: OK n=nmap
author = "Doug Hoyte"

2
scripts/ms-sql-info.nse
View File

@@ -1,5 +1,5 @@
description = [[
Attempts to extract information from Microsoft SQL Server.
Attempts to extract information from Microsoft SQL Server instances.
]]
-- rev 1.0 (2007-06-09)

6
scripts/mysql-info.nse
View File

@@ -3,8 +3,8 @@ Connects to a MySQL server and prints information such as the protocol and
version numbers, thread ID, status, capabilities, and the password salt.
If service detection is performed and the server appears to be blocking
our host or is blocked from too many connections, then we don't bother
running this script (see the portrule).
our host or is blocked because of too many connections, then this script isn't run
(see the portrule).
]]
---
@@ -13,7 +13,7 @@ running this script (see the portrule).
-- | mysql-info: Protocol: 10
-- | Version: 5.0.51a-3ubuntu5.1
-- | Thread ID: 7
-- | Some Capabilities: Connect with DB, Compress, Transactions, Secure Connection
-- | Some Capabilities: Connect with DB, Transactions, Secure Connection
-- | Status: Autocommit
-- |_ Salt: bYyt\NQ/4V6IN+*3`imj

12
scripts/nbstat.nse
View File

@@ -1,5 +1,5 @@
description = [[
Attempt's to get the target's NetBIOS names and MAC address.
Attempt's to retrieve the target's NetBIOS names and MAC address.
By default, the script displays the name of the computer and the logged-in
user; if the verbosity is turned up, it displays all names the system thinks it
@@ -12,14 +12,14 @@ owns.
--
-- @output
-- (no verbose)\n
-- |_ nbstat: NetBIOS name: TEST1, NetBIOS user: RON, NetBIOS MAC: 00:0c:29:f9:d9:28\n
-- |_ nbstat: NetBIOS name: TST, NetBIOS user: RON, NetBIOS MAC: 00:0c:29:f9:d9:28\n
--\n
-- (verbose)\n
-- | nbstat: NetBIOS name: TEST1, NetBIOS user: RON, NetBIOS MAC: 00:0c:29:f9:d9:28\n
-- | Name: TEST1<00> Flags: <unique><active>\n
-- | Name: TEST1<20> Flags: <unique><active>\n
-- | nbstat: NetBIOS name: TST, NetBIOS user: RON, NetBIOS MAC: 00:0c:29:f9:d9:28\n
-- | Name: TST<00> Flags: <unique><active>\n
-- | Name: TST<20> Flags: <unique><active>\n
-- | Name: WORKGROUP<00> Flags: <group><active>\n
-- | Name: TEST1<03> Flags: <unique><active>\n
-- | Name: TST<03> Flags: <unique><active>\n
-- | Name: WORKGROUP<1e> Flags: <group><active>\n
-- | Name: RON<03> Flags: <unique><active>\n
-- | Name: WORKGROUP<1d> Flags: <unique><active>\n

2
scripts/pop3-capabilities.nse
View File

@@ -1,5 +1,5 @@
description = [[
Retrieves POP3 server capabilities.
Retrieves POP3 email server capabilities.
]]
---

2
scripts/pptp-version.nse
View File

@@ -1,5 +1,5 @@
description = [[
Attempts to extract system information from the PPTP service.
Attempts to extract system information from the point-to-point tunneling protocol (PPTP) service.
]]
-- rev 0.2 (11-14-2007)

10
scripts/smtp-strangeport.nse
View File

@@ -1,14 +1,14 @@
description = [[
Checks if SMTP is running on a non-standard port.
This usually indicates crackers or script kiddies have set up a backdoor on the
system to send spam or control your machine.
This may indicate that crackers or script kiddies have set up a backdoor on the
system to send spam or control the machine.
]]
---
-- @output
-- 22/tcp open ssh
-- |_ smtp-strangeport: Warning: smtp is running on a strange port
-- 22/tcp open smtp
-- |_ smtp-strangeport: Mail server on unusual port: possible malware
author = "Diman Todorov <diman.todorov@gmail.com>"
@@ -35,6 +35,6 @@ portrule = function(host, port)
end
action = function()
return "Warning: smtp is running on a strange port"
return "Mail server on unusual port: possible malware"
end

2
scripts/sniffer-detect.nse
View File

@@ -1,7 +1,7 @@
description = [[
Checks if a target on a local Ethernet has its network card in promiscuous mode.
The technique is described at
The techniques used are described at
http://www.securityfriday.com/promiscuous_detection_01.pdf.
]]

2
scripts/snmp-brute.nse
View File

@@ -1,5 +1,5 @@
description = [[
Attempts to find an SNMP community string by brute force.
Attempts to find an SNMP community string by brute force guessing.
]]
-- 2008-07-03

9
scripts/sql-injection.nse
View File

@@ -6,14 +6,11 @@ The script spiders an HTTP server looking for URLs containing queries. It then
proceeds to combine crafted SQL commands with susceptible URLs in order to
obtain errors. The errors are analysed to see if the URL is vulnerable to
attack. This uses the most basic form of SQL injection but anything more
complication is more suited to a standalone tool. Both meta and HTTP redirects
complicated is better suited to a standalone tool. Both meta-style and HTTP redirects
are supported.
It is not advisable to run this against unknown hosts.
We may not have access to the server's true hostname. This means we cannot
access virtually hosted sites and cannot follow absolute links when the
hostname is different from the resolved IP address
We may not have access to the target web server's true hostname, which can prevent access to
virtually hosted sites. This script only follows absolute links when the host name component is the same as the target server's reverse-DNS name.
]]
require('url')

4
scripts/ssh-hostkey.nse
View File

@@ -1,9 +1,7 @@
description = [[
Shows SSH hostkeys.
Shows fingerprint or fingerprint and key depending on verbosity level. Puts the
found hostkeys in nmap.registry for other scripts to use them. You can control
the output with the <code>ssh_hostkey</code> script argument.
Shows the target SSH server's key fingerprint and (with high enough verbosity level) the public key itself. It records the discovered host keys in <code>nmap.registry</code> for use by other scripts. Output can be controlled with the <code>ssh_hostkey</code> script argument.
]]
---

2
scripts/sshv1.nse
View File

@@ -1,5 +1,5 @@
description = [[
Checks if an SSH server supports SSH Protocol Version 1.
Checks if an SSH server supports the obsolete and less secure SSH Protocol Version 1.
]]
author = "Brandon Enright <bmenrigh@ucsd.edu>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

4
scripts/sslv2.nse
View File

@@ -1,6 +1,6 @@
description = [[
Determines whether the server (still) supports SSL-v2, and what ciphers it
offers.
Determines whether the server supports obsolete and less secure SSL-v2, and discovers which ciphers it
supports.
]]
---