diff --git a/scripts/http-enum.nse b/scripts/http-enum.nse index 2151c9abd..5f723be0b 100644 --- a/scripts/http-enum.nse +++ b/scripts/http-enum.nse @@ -53,14 +53,14 @@ database can specify their own criteria for accepting a page as valid. -- Interesting ports on test.skullsecurity.org (208.81.2.52): -- PORT STATE SERVICE REASON -- 80/tcp open http syn-ack --- | http-enum: --- | | /icons/: Icons and images --- | | /images/: Icons and images --- | | /robots.txt: Robots file --- | | /sw/auth/login.aspx: Citrix WebTop --- | | /images/outlook.jpg: Outlook Web Access --- | | /nfservlets/servlet/SPSRouterServlet/: netForensics --- |_ |_ /nfservlets/servlet/SPSRouterServlet/: netForensics +-- | http-enum: +-- | /icons/: Icons and images +-- | /images/: Icons and images +-- | /robots.txt: Robots file +-- | /sw/auth/login.aspx: Citrix WebTop +-- | /images/outlook.jpg: Outlook Web Access +-- | /nfservlets/servlet/SPSRouterServlet/: netForensics +-- |_ /nfservlets/servlet/SPSRouterServlet/: netForensics author = "Ron Bowes, Andrew Orr, Rob Nicholls" diff --git a/scripts/http-malware-host.nse b/scripts/http-malware-host.nse index 42655066f..ff08985f4 100644 --- a/scripts/http-malware-host.nse +++ b/scripts/http-malware-host.nse @@ -23,9 +23,9 @@ technique! -- 80/tcp open http syn-ack -- |_ http-malware-host: Host appears to be clean -- 8080/tcp open http-proxy syn-ack --- | http-malware-host: --- | | Host appears to be infected (/ts/in.cgi?open2 redirects to http://last-another-life.ru:8080/index.php) --- |_ |_ See: http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/ +-- | http-malware-host: +-- | Host appears to be infected (/ts/in.cgi?open2 redirects to http://last-another-life.ru:8080/index.php) +-- |_ See: http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/ -- author = "Ron Bowes" diff --git a/scripts/p2p-conficker.nse b/scripts/p2p-conficker.nse index 8a31ddcd3..b8fc8b4fa 100644 --- a/scripts/p2p-conficker.nse +++ b/scripts/p2p-conficker.nse @@ -66,21 +66,21 @@ who contributed! -- @output -- Clean machine (results printed only if extra verbosity ("-vv")is specified): -- Host script results: --- | p2p-conficker: Checking for Conficker.C or higher... --- | | Check 1 (port 44329/tcp): CLEAN (Couldn't connect) --- | | Check 2 (port 33824/tcp): CLEAN (Couldn't connect) --- | | Check 3 (port 31380/udp): CLEAN (Failed to receive data) --- | | Check 4 (port 52600/udp): CLEAN (Failed to receive data) --- |_ |_ 0/4 checks: Host is CLEAN or ports are blocked +-- | p2p-conficker: Checking for Conficker.C or higher... +-- | Check 1 (port 44329/tcp): CLEAN (Couldn't connect) +-- | Check 2 (port 33824/tcp): CLEAN (Couldn't connect) +-- | Check 3 (port 31380/udp): CLEAN (Failed to receive data) +-- | Check 4 (port 52600/udp): CLEAN (Failed to receive data) +-- |_ 0/4 checks: Host is CLEAN or ports are blocked -- -- Infected machine (results always printed): -- Host script results: --- | p2p-conficker: Checking for Conficker.C or higher... --- | | Check 1 (port 18707/tcp): INFECTED (Received valid data) --- | | Check 2 (port 65273/tcp): INFECTED (Received valid data) --- | | Check 3 (port 11722/udp): INFECTED (Received valid data) --- | | Check 4 (port 12690/udp): INFECTED (Received valid data) --- |_ |_ 4/4 checks: Host is likely INFECTED +-- | p2p-conficker: Checking for Conficker.C or higher... +-- | Check 1 (port 18707/tcp): INFECTED (Received valid data) +-- | Check 2 (port 65273/tcp): INFECTED (Received valid data) +-- | Check 3 (port 11722/udp): INFECTED (Received valid data) +-- | Check 4 (port 12690/udp): INFECTED (Received valid data) +-- |_ 4/4 checks: Host is likely INFECTED -- ----------------------------------------------------------------------- @@ -635,7 +635,7 @@ action = function(host) table.insert(response, string.format("Check %d (port %d/%s): INFECTED (%s)", checks, port, "udp", reason)) count = count + 1 else - table.insert(response, string.format("| Check %d (port %d/%s): CLEAN (%s)", checks, port, "udp", reason)) + table.insert(response, string.format("Check %d (port %d/%s): CLEAN (%s)", checks, port, "udp", reason)) end end diff --git a/scripts/smb-brute.nse b/scripts/smb-brute.nse index d129022b7..cc24d9236 100644 --- a/scripts/smb-brute.nse +++ b/scripts/smb-brute.nse @@ -76,17 +76,17 @@ determined with a fairly efficient bruteforce. For example, if the actual passwo -- --@output -- Host script results: --- | smb-brute: --- | | bad name:test => Valid credentials --- | | consoletest:test => Valid credentials, password must be changed at next logon --- | | guest: => Valid credentials, account disabled --- | | mixcase:BuTTeRfLY1 => Valid credentials --- | | test:password1 => Valid credentials, account expired --- | | this:password => Valid credentials, account cannot log in at current time --- | | thisisaverylong:password => Valid credentials --- | | thisisaverylongname:password => Valid credentials --- | | thisisaverylongnamev:password => Valid credentials --- |_ |_ web:TeSt => Valid credentials, account disabled +-- | smb-brute: +-- | bad name:test => Valid credentials +-- | consoletest:test => Valid credentials, password must be changed at next logon +-- | guest: => Valid credentials, account disabled +-- | mixcase:BuTTeRfLY1 => Valid credentials +-- | test:password1 => Valid credentials, account expired +-- | this:password => Valid credentials, account cannot log in at current time +-- | thisisaverylong:password => Valid credentials +-- | thisisaverylongname:password => Valid credentials +-- | thisisaverylongnamev:password => Valid credentials +-- |_ web:TeSt => Valid credentials, account disabled -- -- @args smblockout This argument will force the script to continue if it -- locks out an account or thinks it will lock out an account.