From a5d81c3b358b29620b90eda1f1bb1d1f31f005ba Mon Sep 17 00:00:00 2001
From: fyodor <fyodor@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sun, 11 Sep 2011 20:44:07 +0000
Subject: [PATCH] Improve some NSEDoc descriptions

---
 scripts/address-info.nse            |  2 +-
 scripts/bittorrent-discovery.nse    | 11 ++++++-----
 scripts/broadcast-listener.nse      |  2 +-
 scripts/ftp-brute.nse               |  2 +-
 scripts/http-awstatstotals-exec.nse |  2 +-
 scripts/http-joomla-brute.nse       |  2 +-
 scripts/http-vuln-cve2011-3192.nse  |  3 +--
 scripts/http-waf-detect.nse         |  2 +-
 scripts/http-wordpress-brute.nse    |  2 +-
 scripts/http-wp-enum.nse            |  3 +--
 10 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/scripts/address-info.nse b/scripts/address-info.nse
index bbdf3ee46..58083d65d 100644
--- a/scripts/address-info.nse
+++ b/scripts/address-info.nse
@@ -1,5 +1,5 @@
 description = [[
-Shows extra information about IP addresses.
+Shows extra information about IPv6 addresses, such as embedded MAC or IPv4 addresses when applicable.
 
 Some IP address formats encode extra information; for example some IPv4
 addresses encode an IPv4 address or MAC address. This script can decode
diff --git a/scripts/bittorrent-discovery.nse b/scripts/bittorrent-discovery.nse
index 989f6387c..b8abc1ead 100755
--- a/scripts/bittorrent-discovery.nse
+++ b/scripts/bittorrent-discovery.nse
@@ -1,9 +1,10 @@
 description = [[
-Discovers bittorrent peers and nodes using the Bittorrent and DHT protocol when
-supplied with a valid torrent file or a magnet link. The peers implement the 
-Bittorrent protocol and share the torrent, whereas the nodes implement the DHT
-protocol and are used to track the peers. The sets of peers and nodes are not 
-the same, but they usually intersect.
+Discovers bittorrent peers sharing a file based on a user-supplied
+torrent file or magnet link.  Peers implement the Bittorrent protocol
+and share the torrent, whereas the nodes (only shown if the
+include-nodes NSE argument is given) implement the DHT protocol and
+are used to track the peers. The sets of peers and nodes are not the
+same, but they usually intersect.
 
 If the <code>newtargets</code> script-arg is supplied it adds the discovered 
 peers as targets.
diff --git a/scripts/broadcast-listener.nse b/scripts/broadcast-listener.nse
index 21f41d9c1..e10ccf36d 100644
--- a/scripts/broadcast-listener.nse
+++ b/scripts/broadcast-listener.nse
@@ -1,5 +1,5 @@
 description = [[ 
-The script sniffs the network for incoming broadcast communication and
+Sniffs the network for incoming broadcast communication and
 attempts to decode the received packets. It supports protocols like CDP, HSRP,
 Spotify, DropBox, DHCP, ARP and a few more. See packetdecoders.lua for more
 information.
diff --git a/scripts/ftp-brute.nse b/scripts/ftp-brute.nse
index da84a667e..96d572af5 100644
--- a/scripts/ftp-brute.nse
+++ b/scripts/ftp-brute.nse
@@ -1,5 +1,5 @@
 description = [[
-Tries to get FTP login credentials by guessing usernames and passwords.
+Performs brute force password auditing against FTP servers.
 
 This uses the standard unpwdb username/password list. However, in tests FTP servers are 
 significantly slower than other servers when responding, so the number of usernames/passwords
diff --git a/scripts/http-awstatstotals-exec.nse b/scripts/http-awstatstotals-exec.nse
index e5eee9991..321775885 100644
--- a/scripts/http-awstatstotals-exec.nse
+++ b/scripts/http-awstatstotals-exec.nse
@@ -1,5 +1,5 @@
 description = [[
-  http-awstatstotals-exec exploits a remote code execution vulnerability in Awstats Totals 1.0 up to 1.14 and possibly other products based on it. [CVE: 2008-3922] 
+Exploits a remote code execution vulnerability in Awstats Totals 1.0 up to 1.14 and possibly other products based on it (CVE: 2008-3922).
 
 This vulnerability can be exploited through the GET variable sort. The script queries the web server with the command payload encoded using PHP's chr() function:
 <code>?sort={%24{passthru%28chr(117).chr(110).chr(97).chr(109).chr(101).chr(32).chr(45).chr(97)%29}}{%24{exit%28%29}}</code>
diff --git a/scripts/http-joomla-brute.nse b/scripts/http-joomla-brute.nse
index 075f81413..fad9d1fe1 100644
--- a/scripts/http-joomla-brute.nse
+++ b/scripts/http-joomla-brute.nse
@@ -1,5 +1,5 @@
 description = [[
-Performs a brute force password attack against Joomla installations.
+Performs brute force password auditing against Joomla web CMS installations.
 
 This script initially reads the session cookie and parses the security token to perfom the brute force password auditing. 
 It uses the unpwdb and brute libraries to perform password guessing. Any successful guesses are stored using the 
diff --git a/scripts/http-vuln-cve2011-3192.nse b/scripts/http-vuln-cve2011-3192.nse
index b926d3703..f5c1dd99d 100644
--- a/scripts/http-vuln-cve2011-3192.nse
+++ b/scripts/http-vuln-cve2011-3192.nse
@@ -1,6 +1,5 @@
 description = [[
-This script will check for a denial of service vulnerability that has been
-found in the way the multiple overlapping/simple ranges are handled.
+Detects a denial of service vulnerability in the way the Apache web server handles requests for multiple overlapping/simple ranges of a page.
 
 References:
 * http://seclists.org/fulldisclosure/2011/Aug/175
diff --git a/scripts/http-waf-detect.nse b/scripts/http-waf-detect.nse
index 95a3cfb57..7454dd341 100644
--- a/scripts/http-waf-detect.nse
+++ b/scripts/http-waf-detect.nse
@@ -1,5 +1,5 @@
 description = [[
-Determines if a web server is protected by an IPS (Intrusion Prevention System), IDS (Intrusion Detection System) or WAF (Web Application Firewall) by probing the web server with malicious payloads and detecting changes in the response code and body.
+Attempts to determine whether a web server is protected by an IPS (Intrusion Prevention System), IDS (Intrusion Detection System) or WAF (Web Application Firewall) by probing the web server with malicious payloads and detecting changes in the response code and body.
 
 To do this the script will send a "good" request and record the response, afterwards it will match this response against new requests containing 
 malicious payloads. In theory, web applications shouldn't react to malicious requests because we are storing the payloads in a variable that is 
diff --git a/scripts/http-wordpress-brute.nse b/scripts/http-wordpress-brute.nse
index 0b70d2110..0da913287 100644
--- a/scripts/http-wordpress-brute.nse
+++ b/scripts/http-wordpress-brute.nse
@@ -1,5 +1,5 @@
 description = [[
-Performs a brute force password attack against Wordpress installations.
+performs brute force password auditing against Wordpress CMS/blog installations.
 
 This script uses the unpwdb and brute libraries to perform password guessing. Any successful guesses are 
 stored using the credentials library.
diff --git a/scripts/http-wp-enum.nse b/scripts/http-wp-enum.nse
index 1bf2ff130..5151c2957 100644
--- a/scripts/http-wp-enum.nse
+++ b/scripts/http-wp-enum.nse
@@ -1,6 +1,5 @@
 description = [[
-http-wp-enum enumerates usernames in Wordpress installations by exploiting an information disclosure vulnerability 
-existing in versions 2.6, 3.1, 3.1.1, 3.1.3 and 3.2-beta2 and possibly others.
+Enumerates usernames in Wordpress blog/CMS installations by exploiting an information disclosure vulnerability existing in versions 2.6, 3.1, 3.1.1, 3.1.3 and 3.2-beta2 and possibly others.
 
 Original advisory:
 * http://www.talsoft.com.ar/index.php/research/security-advisories/wordpress-user-id-and-user-name-disclosure