diff --git a/scripts/broadcast-ms-sql-discover.nse b/scripts/broadcast-ms-sql-discover.nse index 5798a91ce..777f6bb26 100644 --- a/scripts/broadcast-ms-sql-discover.nse +++ b/scripts/broadcast-ms-sql-discover.nse @@ -2,7 +2,6 @@ description = [[ Discovers Microsoft SQL servers in the same broadcast domain. ]] - -- -- Version 0.1 -- Created 07/12/2010 - v0.1 - created by Patrik Karlsson diff --git a/scripts/broadcast-upnp-info.nse b/scripts/broadcast-upnp-info.nse index 53c82bbc2..cf2cbae14 100644 --- a/scripts/broadcast-upnp-info.nse +++ b/scripts/broadcast-upnp-info.nse @@ -1,5 +1,5 @@ description = [[ -Attempts to extract system information from the UPnP service by running a multicast query. +Attempts to extract system information from the UPnP service by sending a multicast query, then collecting, parsing, and displaying all responses. ]] --- diff --git a/scripts/broadcast-wsdd-discover.nse b/scripts/broadcast-wsdd-discover.nse index 0baee3464..1fc60bb74 100644 --- a/scripts/broadcast-wsdd-discover.nse +++ b/scripts/broadcast-wsdd-discover.nse @@ -1,7 +1,8 @@ description = [[ -Discovers devices supporting the Web Services Dynamic Discovery (WS-Discovery) -protocol. It also attempts to locate any published Windows Communication -Framework (WCF) web services (.NET 4.0 or later). +Uses a multicast query to discover devices supporting the Web Services +Dynamic Discovery (WS-Discovery) protocol. It also attempts to locate +any published Windows Communication Framework (WCF) web services (.NET +4.0 or later). ]] --- diff --git a/scripts/db2-discover.nse b/scripts/db2-discover.nse index f864daad5..ecb733327 100644 --- a/scripts/db2-discover.nse +++ b/scripts/db2-discover.nse @@ -1,5 +1,5 @@ description = [[ -Attempts to discover DB2 servers on the network using UDP. +Attempts to discover DB2 servers on the network by querying open ibm-db2 UDP ports (normally port 523). ]] --- diff --git a/scripts/domcon-brute.nse b/scripts/domcon-brute.nse index 331a11039..46731b246 100644 --- a/scripts/domcon-brute.nse +++ b/scripts/domcon-brute.nse @@ -1,5 +1,5 @@ description = [[ -Performs password guessing against the Lotus Domino Console +Performs brute force password auditing against the Lotus Domino Console. ]] --- @@ -18,8 +18,6 @@ Performs password guessing against the Lotus Domino Console -- x The Driver class contains the driver implementation used by the brute -- library -- --- - -- -- Version 0.1 -- Created 07/12/2010 - v0.1 - created by Patrik Karlsson diff --git a/scripts/domcon-cmd.nse b/scripts/domcon-cmd.nse index d0ba10eb8..c5f7803fa 100644 --- a/scripts/domcon-cmd.nse +++ b/scripts/domcon-cmd.nse @@ -1,5 +1,5 @@ description = [[ -Runs a console command on the Lotus Domino Console +Runs a console command on the Lotus Domino Console using the given authentication credentials (see also: domcon-brute) ]] --- diff --git a/scripts/domino-enum-users.nse b/scripts/domino-enum-users.nse index 5529e930c..f9da40a34 100644 --- a/scripts/domino-enum-users.nse +++ b/scripts/domino-enum-users.nse @@ -1,6 +1,5 @@ description = [[ -A script that attempts to discover valid IBM Lotus Domino users and download -their ID files. (CVE-2006-5835) +Attempts to discover valid IBM Lotus Domino users and download their ID files by exploiting the CVE-2006-5835 vulnerability. ]] --- diff --git a/scripts/firewalk.nse b/scripts/firewalk.nse index 7f3b133c4..fdef80095 100644 --- a/scripts/firewalk.nse +++ b/scripts/firewalk.nse @@ -1,6 +1,6 @@ description = [[ -Try to discover firewall rules with an IP TTL expiration technique known -as "firewalking". +Tries to discover firewall rules using an IP TTL expiration technique known +as firewalking. The scan requires a firewall (or "gateway") and a metric (or "target"). For each filtered port on the target, send a probe with an IP TTL one greater diff --git a/scripts/ftp-proftpd-backdoor.nse b/scripts/ftp-proftpd-backdoor.nse index 909487f7a..9bfda9339 100644 --- a/scripts/ftp-proftpd-backdoor.nse +++ b/scripts/ftp-proftpd-backdoor.nse @@ -2,11 +2,7 @@ -- vim: set filetype=lua : description = [[ -This script tests ProFTPD 1.3.3c for the presence of the backdoor which was -reported as OSVDB-ID 69562. - -It allows the remote execution of commands in a root shell. The command that is -executed by default is id, but that can be changed via script-args. +Tests for the presence of the ProFTPD 1.3.3c backdoor reported as OSVDB-ID 69562. This script attempts to exploit the backdoor using the innocuous id command by default, but that can be changed with the ftp-proftpd-backdoor.cmd script argument. ]] --- diff --git a/scripts/giop-info.nse b/scripts/giop-info.nse index 6bbb10179..24775b728 100644 --- a/scripts/giop-info.nse +++ b/scripts/giop-info.nse @@ -1,5 +1,5 @@ description = [[ -Queries the CORBA naming server for a list of objects +Queries a CORBA naming server for a list of objects. ]] author = "Patrik Karlsson" diff --git a/scripts/hostmap.nse b/scripts/hostmap.nse index c6d8b10f4..c4efca7c7 100644 --- a/scripts/hostmap.nse +++ b/scripts/hostmap.nse @@ -1,10 +1,7 @@ description = [[ -Tries to find hostnames that resolve to the target's IP address. +Tries to find hostnames that resolve to the target's IP address by querying the online database at http://www.bfk.de/bfk_dnslogger.html. -The script works by querying the online database at -http://www.bfk.de/bfk_dnslogger.html. It is in the "external" category -because of this. Be aware that this script could expose the targets of a -scan to a third party. +The script is in the "external" category because it sends target IPs to a third party in order to query their database. ]] --- @@ -34,7 +31,7 @@ scan to a third party. -- | www.sectools.org -- |_seclists.org -author = "Ange Gutek " +author = "Ange Gutek" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" diff --git a/scripts/http-brute.nse b/scripts/http-brute.nse index 7660d5c2d..4b2693fd2 100644 --- a/scripts/http-brute.nse +++ b/scripts/http-brute.nse @@ -1,5 +1,5 @@ description = [[ -Performs password guessing against http basic authentication +Performs brute force password auditing against http basic authentication. ]] --- diff --git a/scripts/http-domino-enum-passwords.nse b/scripts/http-domino-enum-passwords.nse index 4dd32c8cf..502ea77d7 100644 --- a/scripts/http-domino-enum-passwords.nse +++ b/scripts/http-domino-enum-passwords.nse @@ -1,6 +1,7 @@ description = [[ -Attempts to enumerate the hashed Domino Internet Passwords, that by default are accessible to all authenticated users. -The script can also download any Domino ID Files attached to the Person document. +Attempts to enumerate the hashed Domino Internet Passwords that are +accessible by all authenticated users by default. This script can also +download any Domino ID Files attached to the Person document. ]] --- diff --git a/scripts/http-form-brute.nse b/scripts/http-form-brute.nse index 3823a8aec..75e2dd569 100644 --- a/scripts/http-form-brute.nse +++ b/scripts/http-form-brute.nse @@ -1,5 +1,5 @@ description = [[ -Performs password guessing against http form-based authentication +Performs brute force password auditing against http form-based authentication. ]] --- diff --git a/scripts/http-vhosts.nse b/scripts/http-vhosts.nse index f9c6d9499..672ccced3 100644 --- a/scripts/http-vhosts.nse +++ b/scripts/http-vhosts.nse @@ -1,8 +1,8 @@ description = [[ -Searches for web virtual hostnames. +Searches for web virtual hostnames by making a large number of HEAD requests against http servers using common hostnames. -Makes a number of HEAD requests to the same server, providing a different -Host header each time. The hostnames come from a built-in default +Each HEAD request provides a different +Host header. The hostnames come from a built-in default list. Shows the names that return a document. Also shows the location of redirections. diff --git a/scripts/informix-brute.nse b/scripts/informix-brute.nse index 3f2166b2d..0bff86aaf 100644 --- a/scripts/informix-brute.nse +++ b/scripts/informix-brute.nse @@ -1,5 +1,5 @@ description = [[ -Performs password guessing against Informix Dynamic Server +Performs brute force password auditing against IBM Informix Dynamic Server. ]] --- diff --git a/scripts/informix-query.nse b/scripts/informix-query.nse index 1861385d5..24f2ebf45 100644 --- a/scripts/informix-query.nse +++ b/scripts/informix-query.nse @@ -1,5 +1,6 @@ description = [[ -Runs a query against IBM Informix Dynamic Server. +Runs a query against IBM Informix Dynamic Server using the given +authentication credentials (see also: informix-brute). ]] --- diff --git a/scripts/informix-tables.nse b/scripts/informix-tables.nse index 8034d8671..885e23301 100644 --- a/scripts/informix-tables.nse +++ b/scripts/informix-tables.nse @@ -1,5 +1,5 @@ description = [[ -Retrieves a list of tables and column definition for each Informix database +Retrieves a list of tables and column definitions for each database on an Informix server. ]] --- diff --git a/scripts/iscsi-brute.nse b/scripts/iscsi-brute.nse index 15514359b..85ff67e5b 100644 --- a/scripts/iscsi-brute.nse +++ b/scripts/iscsi-brute.nse @@ -1,5 +1,5 @@ description = [[ -Performs password guessing against iSCSI targets +Performs brute force password auditing against iSCSI targets. ]] --- diff --git a/scripts/iscsi-info.nse b/scripts/iscsi-info.nse index 9df76e742..d58779b10 100644 --- a/scripts/iscsi-info.nse +++ b/scripts/iscsi-info.nse @@ -1,5 +1,5 @@ description = [[ -Retrieves information from the remote iSCSI target. +Collects and displays information from remote iSCSI targets. ]] --- diff --git a/scripts/modbus-discover.nse b/scripts/modbus-discover.nse index 06a24ef3b..4479d403d 100644 --- a/scripts/modbus-discover.nse +++ b/scripts/modbus-discover.nse @@ -1,5 +1,5 @@ description = [[ -Enumerates Modbus slave ids (sids) and gets their device information. +Enumerates SCADA Modbus slave ids (sids) and gets their device information. Modbus is one of the popular SCADA protocols. This script does Modbus device information disclosure. It tries to find legal sids (slave ids) of Modbus diff --git a/scripts/nat-pmp-info.nse b/scripts/nat-pmp-info.nse index f0764e580..a243fd76e 100644 --- a/scripts/nat-pmp-info.nse +++ b/scripts/nat-pmp-info.nse @@ -1,5 +1,5 @@ description = [[ -Queries the NAT-PMP service for the external address +Queries a NAT-PMP service for its external address. ]] --- diff --git a/scripts/netbus-auth-bypass.nse b/scripts/netbus-auth-bypass.nse index 2571a9c2d..6640b4668 100644 --- a/scripts/netbus-auth-bypass.nse +++ b/scripts/netbus-auth-bypass.nse @@ -1,6 +1,6 @@ description = [[ -Checks if a NetBus server is vulnerable to authentication bypass. -Servers with this vulnerability can be accessed without knowing +Checks if a NetBus server is vulnerable to an authentication bypass +vulnerability which allows them to be fully accessed without knowing the password. For example a server running on TCP port 12345 on localhost with diff --git a/scripts/netbus-brute.nse b/scripts/netbus-brute.nse index 1d84806d1..872bdb693 100644 --- a/scripts/netbus-brute.nse +++ b/scripts/netbus-brute.nse @@ -1,5 +1,5 @@ description = [[ -Tries to retrieve NetBus password by guessing. +Performs brute force password auditing about the Netbus backdoor ("remote administration") service. ]] --- diff --git a/scripts/netbus-version.nse b/scripts/netbus-version.nse index 516cb0eeb..e080f5185 100644 --- a/scripts/netbus-version.nse +++ b/scripts/netbus-version.nse @@ -1,5 +1,5 @@ description = [[ -Extends version detection to cover NetBuster, a honeypot service +Extends version detection to detect NetBuster, a honeypot service that mimes NetBus. ]] diff --git a/scripts/nrpe-enum.nse b/scripts/nrpe-enum.nse index f439108fe..0b5efb6cc 100644 --- a/scripts/nrpe-enum.nse +++ b/scripts/nrpe-enum.nse @@ -2,10 +2,9 @@ -- vim: set filetype=lua : description = [[ -Queries Nagios Remote Plugin Executor daemons. +Queries Nagios Remote Plugin Executor (NRPE) daemons to obtain information such as load averages, process counts, logged in user information, etc. -Nagios plugins can be remotely queried without authentication through the NRPE -daemon. This script attempts to execute the stock list of commands that are +This script attempts to execute the stock list of commands that are enabled. User-supplied arguments are not supported. ]] diff --git a/scripts/oracle-brute.nse b/scripts/oracle-brute.nse index 6933fb68d..7500b9941 100644 --- a/scripts/oracle-brute.nse +++ b/scripts/oracle-brute.nse @@ -1,5 +1,5 @@ description = [[ -Performs password guessing against Oracle +Performs brute force password auditing against Oracle servers. ]] --- diff --git a/scripts/oracle-enum-users.nse b/scripts/oracle-enum-users.nse index 6e6d7e327..f3fa406f3 100644 --- a/scripts/oracle-enum-users.nse +++ b/scripts/oracle-enum-users.nse @@ -1,9 +1,6 @@ description = [[ -Attempts to determine valid Oracle user names against unpatched Oracle 11g -servers. - -This script does only work against Oracle 11g pre October 2009 Critical Patch -Update (CPU). +Attempts to enumerate valid Oracle user names against Oracle 11g +servers (this bug was fixed in Oracle's October 2009 Critical Patch Update). ]] --- diff --git a/scripts/path-mtu.nse b/scripts/path-mtu.nse index d3b3938b2..a107f2378 100644 --- a/scripts/path-mtu.nse +++ b/scripts/path-mtu.nse @@ -1,5 +1,5 @@ description = [[ -Performs simple Path MTU Discovery to the target host. +Performs simple Path MTU Discovery to target hosts. TCP or UDP packets are sent to the host with the DF (don't fragment) bit set and with varying amounts of data. If an ICMP Fragmentation Needed diff --git a/scripts/resolveall.nse b/scripts/resolveall.nse index 98f2af496..a60c4ea11 100644 --- a/scripts/resolveall.nse +++ b/scripts/resolveall.nse @@ -1,6 +1,8 @@ description = [[ -Resolves hostnames and adds every address (IPv4 or IPv6, depending) to Nmap's -target list. Nmap itself resolves a host but only scans the first address. +Resolves hostnames and adds every address (IPv4 or IPv6, depending on +Nmap mode) to Nmap's target list. This differs from Nmap's normal +host resolution process, which only scans the first address (A or AAAA +record) returned for each host name. ]] --- diff --git a/scripts/rmi-dumpregistry.nse b/scripts/rmi-dumpregistry.nse index 34395a0d5..c290e4eb3 100644 --- a/scripts/rmi-dumpregistry.nse +++ b/scripts/rmi-dumpregistry.nse @@ -1,14 +1,16 @@ description = [[ -This script connects to a remote RMI registry and attempts to dump all -its objects. +Connects to a remote RMI registry and attempts to dump all its objects. -First it tries to -determine the names of all objects bound in the registry, and then it tries to determine information about the objects, -such as the the class names of the superclasses and interfaces. This may, depending on what the registry is used for, give -valuable information about the service. E.g, if the app uses JMX (Java Management eXtensions), you should see an object -called "jmxconnector" on it. +First it tries to determine the names of all objects bound in the +registry, and then it tries to determine information about the +objects, such as the the class names of the superclasses and +interfaces. This may, depending on what the registry is used for, give +valuable information about the service. E.g, if the app uses JMX (Java +Management eXtensions), you should see an object called "jmxconnector" +on it. -It also gives information about where the objects are located, (marked with @:port in the output). +It also gives information about where the objects are located, (marked +with @:port in the output). Some apps give away the classpath, which this scripts catches in so-called "Custom data". ]] diff --git a/scripts/smb-flood.nse b/scripts/smb-flood.nse index edd7a8330..e1d425573 100644 --- a/scripts/smb-flood.nse +++ b/scripts/smb-flood.nse @@ -1,7 +1,7 @@ description = [[ -Exhaust the limit of SMB connections on a remote server by opening as many as we can. +Exhausts the limit of SMB connections on a remote server by opening as many as we can. Most implementations of SMB have a hard global limit of 11 connections for user accounts -and 10 connections for anonymous. Once that limit is exhausted, further connections +and 10 connections for anonymous. Once that limit is reached, further connections are denied. This exploits that limit by taking up all the connections and holding them. This works better with a valid user account, because Windows reserves one slot for valid diff --git a/scripts/stuxnet-detect.nse b/scripts/stuxnet-detect.nse index cb9cf3931..0546b9390 100644 --- a/scripts/stuxnet-detect.nse +++ b/scripts/stuxnet-detect.nse @@ -2,7 +2,7 @@ -- vim: set filetype=lua : description = [[ -This script detects whether a host is infected with the Stuxnet worm. +Detects whether a host is infected with the Stuxnet worm (http://en.wikipedia.org/wiki/Stuxnet). An executable version of the Stuxnet infection will be downloaded if a format for the filename is given on the command line. diff --git a/scripts/svn-brute.nse b/scripts/svn-brute.nse index 28dc1674d..e6fa9e6bf 100644 --- a/scripts/svn-brute.nse +++ b/scripts/svn-brute.nse @@ -1,5 +1,5 @@ description = [[ -Performs password guessing against Subversion +Performs brute force password auditing against Subversion source code control servers. ]] --- diff --git a/scripts/targets-traceroute.nse b/scripts/targets-traceroute.nse index d225e1d30..6d088f073 100644 --- a/scripts/targets-traceroute.nse +++ b/scripts/targets-traceroute.nse @@ -1,8 +1,5 @@ description = [[ -Inserts traceroute hops into the Nmap scanning queue. - -The script needs Nmap traceroute option, and will -only run if the script argument newtargets is given. +Inserts traceroute hops into the Nmap scanning queue. It only functions if Nmap's --traceroute option is used and the newtargets script argument is given. ]] --- diff --git a/scripts/vnc-brute.nse b/scripts/vnc-brute.nse index 2d520d8bb..7294045c5 100644 --- a/scripts/vnc-brute.nse +++ b/scripts/vnc-brute.nse @@ -1,5 +1,5 @@ description = [[ -Performs password guessing against VNC +Performs brute force password auditing against VNC servers. ]] --- diff --git a/scripts/vnc-info.nse b/scripts/vnc-info.nse index 75bc5b587..9ed731681 100644 --- a/scripts/vnc-info.nse +++ b/scripts/vnc-info.nse @@ -1,5 +1,5 @@ description = [[ -Queries a VNC server for the supported security types +Queries a VNC server for the protocol version and supported security types. ]] author = "Patrik Karlsson" diff --git a/scripts/wdb-version.nse b/scripts/wdb-version.nse index 56ae8a498..97c3f77a2 100644 --- a/scripts/wdb-version.nse +++ b/scripts/wdb-version.nse @@ -1,5 +1,6 @@ description = [[ -Gathers information from a Wind DeBug Agent on VxWorks +Detects vulnerabilities and gathers information (such as version +numbers and hardware support) from a VxWorks Wind DeBug Agent. Wind DeBug is a SunRPC-type service that is enabled by default on many devices that use the popular VxWorks real-time embedded operating system. H.D. Moore diff --git a/scripts/wsdd-discover.nse b/scripts/wsdd-discover.nse index 3a16991ee..6fdcf0e2c 100644 --- a/scripts/wsdd-discover.nse +++ b/scripts/wsdd-discover.nse @@ -1,7 +1,8 @@ description = [[ -Discovers devices supporting the Web Services Dynamic Discovery (WS-Discovery) -protocol. It also attempts to locate any published Windows Communication -Framework (WCF) web services (.NET 4.0 or later). +Retrieves and displays information from devices supporting the Web +Services Dynamic Discovery (WS-Discovery) protocol. It also attempts +to locate any published Windows Communication Framework (WCF) web +services (.NET 4.0 or later). ]] ---