Did some NSEDoc cleanup on many of the 45 NSE scripts which are new since the 5.35DC1 Nmap release. Emphasis was on the first paragraph of the description, since that is shown on the front page of http://nmap.org/nsedoc and I'm planning to use that description verbatim (except for removing tags like <code>) for the CHANGELOG

2025-12-12 10:49:02 +00:00 · 2011-01-14 10:20:51 +00:00
parent ed12841d70
commit a84c2e4498
39 changed files with 69 additions and 78 deletions
--- a/scripts/broadcast-ms-sql-discover.nse
+++ b/scripts/broadcast-ms-sql-discover.nse
@@ -2,7 +2,6 @@ description = [[
 Discovers Microsoft SQL servers in the same broadcast domain.
 ]]

-
 --
 -- Version 0.1
 -- Created 07/12/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
--- a/scripts/broadcast-upnp-info.nse
+++ b/scripts/broadcast-upnp-info.nse
@@ -1,5 +1,5 @@
 description = [[
-Attempts to extract system information from the UPnP service by running a multicast query.
+Attempts to extract system information from the UPnP service by sending a multicast query, then collecting, parsing, and displaying all responses.
 ]]

 ---
--- a/scripts/broadcast-wsdd-discover.nse
+++ b/scripts/broadcast-wsdd-discover.nse
@@ -1,7 +1,8 @@
 description = [[ 
-Discovers devices supporting the Web Services Dynamic Discovery (WS-Discovery)
-protocol. It also attempts to locate any published Windows Communication
-Framework (WCF) web services (.NET 4.0 or later).
+Uses a multicast query to discover devices supporting the Web Services
+Dynamic Discovery (WS-Discovery) protocol. It also attempts to locate
+any published Windows Communication Framework (WCF) web services (.NET
+4.0 or later).
 ]]

 ---
--- a/scripts/db2-discover.nse
+++ b/scripts/db2-discover.nse
@@ -1,5 +1,5 @@
 description = [[
-Attempts to discover DB2 servers on the network using UDP.
+Attempts to discover DB2 servers on the network by querying open ibm-db2 UDP ports (normally port 523).
 ]]

 ---
--- a/scripts/domcon-brute.nse
+++ b/scripts/domcon-brute.nse
@@ -1,5 +1,5 @@
 description = [[
-Performs password guessing against the Lotus Domino Console
+Performs brute force password auditing against the Lotus Domino Console.
 ]]

 ---
@@ -18,8 +18,6 @@ Performs password guessing against the Lotus Domino Console
 --   x The Driver class contains the driver implementation used by the brute
 --     library
 --
--
-
 --
 -- Version 0.1
 -- Created 07/12/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
--- a/scripts/domcon-cmd.nse
+++ b/scripts/domcon-cmd.nse
@@ -1,5 +1,5 @@
 description = [[
-Runs a console command on the Lotus Domino Console
+Runs a console command on the Lotus Domino Console using the given authentication credentials (see also: domcon-brute)
 ]]

 ---
--- a/scripts/domino-enum-users.nse
+++ b/scripts/domino-enum-users.nse
@@ -1,6 +1,5 @@
 description = [[
-A script that attempts to discover valid IBM Lotus Domino users and download
-their ID files. (CVE-2006-5835)
+Attempts to discover valid IBM Lotus Domino users and download their ID files by exploiting the CVE-2006-5835 vulnerability.
 ]]

 ---
--- a/scripts/firewalk.nse
+++ b/scripts/firewalk.nse
@@ -1,6 +1,6 @@
 description = [[
-Try to discover firewall rules with an IP TTL expiration technique known
-as "firewalking".
+Tries to discover firewall rules using an IP TTL expiration technique known
+as firewalking.

 The scan requires a firewall (or "gateway") and a metric (or "target").
 For each filtered port on the target, send a probe with an IP TTL one greater
--- a/scripts/ftp-proftpd-backdoor.nse
+++ b/scripts/ftp-proftpd-backdoor.nse
@@ -2,11 +2,7 @@
 -- vim: set filetype=lua :

 description = [[
-This script tests ProFTPD 1.3.3c for the presence of the backdoor which was
-reported as OSVDB-ID 69562.
-
-It allows the remote execution of commands in a root shell. The command that is
-executed by default is <code>id</code>, but that can be changed via script-args.
+Tests for the presence of the ProFTPD 1.3.3c backdoor reported as OSVDB-ID 69562. This script attempts to exploit the backdoor using the innocuous <code>id</code> command by default, but that can be changed with the <code>ftp-proftpd-backdoor.cmd</code> script argument.
 ]]

 ---
--- a/scripts/giop-info.nse
+++ b/scripts/giop-info.nse
@@ -1,5 +1,5 @@
 description = [[
-Queries the CORBA naming server for a list of objects
+Queries a CORBA naming server for a list of objects.
 ]]

 author = "Patrik Karlsson"
--- a/scripts/hostmap.nse
+++ b/scripts/hostmap.nse
@@ -1,10 +1,7 @@
 description = [[
-Tries to find hostnames that resolve to the target's IP address.
+Tries to find hostnames that resolve to the target's IP address by querying the online database at http://www.bfk.de/bfk_dnslogger.html.

-The script works by querying the online database at
-http://www.bfk.de/bfk_dnslogger.html. It is in the "external" category
-because of this. Be aware that this script could expose the targets of a
-scan to a third party.
+The script is in the "external" category because it sends target IPs to a third party in order to query their database.
 ]]

 ---
@@ -34,7 +31,7 @@ scan to a third party.
 -- | www.sectools.org
 -- |_seclists.org

-author = "Ange Gutek <ange.gutek@gmail.com>"
+author = "Ange Gutek"

 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

--- a/scripts/http-brute.nse
+++ b/scripts/http-brute.nse
@@ -1,5 +1,5 @@
 description = [[
-Performs password guessing against http basic authentication
+Performs brute force password auditing against http basic authentication.
 ]]

 ---
--- a/scripts/http-domino-enum-passwords.nse
+++ b/scripts/http-domino-enum-passwords.nse
@@ -1,6 +1,7 @@
 description = [[
-Attempts to enumerate the hashed Domino Internet Passwords, that by default are accessible to all authenticated users.
-The script can also download any Domino ID Files attached to the Person document. 
+Attempts to enumerate the hashed Domino Internet Passwords that are
+accessible by all authenticated users by default. This script can also
+download any Domino ID Files attached to the Person document.
 ]]

 ---
--- a/scripts/http-form-brute.nse
+++ b/scripts/http-form-brute.nse
@@ -1,5 +1,5 @@
 description = [[
-Performs password guessing against http form-based authentication
+Performs brute force password auditing against http form-based authentication.
 ]]

 ---
--- a/scripts/http-vhosts.nse
+++ b/scripts/http-vhosts.nse
@@ -1,8 +1,8 @@
 description = [[
-Searches for web virtual hostnames.
+Searches for web virtual hostnames by making a large number of HEAD requests against http servers using common hostnames.

-Makes a number of HEAD requests to the same server, providing a different
-<code>Host</code> header each time. The hostnames come from a built-in default
+Each HEAD request provides a different
+<code>Host</code> header. The hostnames come from a built-in default
 list. Shows the names that return a document. Also shows the location of
 redirections.

--- a/scripts/informix-brute.nse
+++ b/scripts/informix-brute.nse
@@ -1,5 +1,5 @@
 description = [[
-Performs password guessing against Informix Dynamic Server
+Performs brute force password auditing against IBM Informix Dynamic Server.
 ]]

 ---
--- a/scripts/informix-query.nse
+++ b/scripts/informix-query.nse
@@ -1,5 +1,6 @@
 description = [[
-Runs a query against IBM Informix Dynamic Server.
+Runs a query against IBM Informix Dynamic Server using the given
+authentication credentials (see also: informix-brute).
 ]]

 ---
--- a/scripts/informix-tables.nse
+++ b/scripts/informix-tables.nse
@@ -1,5 +1,5 @@
 description = [[
-Retrieves a list of tables and column definition for each Informix database
+Retrieves a list of tables and column definitions for each database on an Informix server.
 ]]

 ---
--- a/scripts/iscsi-brute.nse
+++ b/scripts/iscsi-brute.nse
@@ -1,5 +1,5 @@
 description = [[
-Performs password guessing against iSCSI targets
+Performs brute force password auditing against iSCSI targets.
 ]]

 ---
--- a/scripts/iscsi-info.nse
+++ b/scripts/iscsi-info.nse
@@ -1,5 +1,5 @@
 description = [[
-Retrieves information from the remote iSCSI target.
+Collects and displays information from remote iSCSI targets.
 ]]

 ---
--- a/scripts/modbus-discover.nse
+++ b/scripts/modbus-discover.nse
@@ -1,5 +1,5 @@
 description = [[
-Enumerates Modbus slave ids (sids) and gets their device information.
+Enumerates SCADA Modbus slave ids (sids) and gets their device information.

 Modbus is one of the popular SCADA protocols. This script does Modbus device
 information disclosure. It tries to find legal sids (slave ids) of Modbus
--- a/scripts/nat-pmp-info.nse
+++ b/scripts/nat-pmp-info.nse
@@ -1,5 +1,5 @@
 description = [[
-Queries the NAT-PMP service for the external address
+Queries a NAT-PMP service for its external address.
 ]]

 ---
--- a/scripts/netbus-auth-bypass.nse
+++ b/scripts/netbus-auth-bypass.nse
@@ -1,6 +1,6 @@
 description = [[
-Checks if a NetBus server is vulnerable to authentication bypass.
-Servers with this vulnerability can be accessed without knowing
+Checks if a NetBus server is vulnerable to an authentication bypass
+vulnerability which allows them to be fully accessed without knowing
 the password.

 For example a server running on TCP port 12345 on localhost with
--- a/scripts/netbus-brute.nse
+++ b/scripts/netbus-brute.nse
@@ -1,5 +1,5 @@
 description = [[
-Tries to retrieve NetBus password by guessing.
+Performs brute force password auditing about the Netbus backdoor ("remote administration") service.
 ]]

 ---
--- a/scripts/netbus-version.nse
+++ b/scripts/netbus-version.nse
@@ -1,5 +1,5 @@
 description = [[
-Extends version detection to cover NetBuster, a honeypot service
+Extends version detection to detect NetBuster, a honeypot service
 that mimes NetBus.
 ]]

--- a/scripts/nrpe-enum.nse
+++ b/scripts/nrpe-enum.nse
@@ -2,10 +2,9 @@
 -- vim: set filetype=lua :

 description = [[
-Queries Nagios Remote Plugin Executor daemons.
+Queries Nagios Remote Plugin Executor (NRPE) daemons to obtain information such as load averages, process counts, logged in user information, etc.

-Nagios plugins can be remotely queried without authentication through the NRPE
-daemon. This script attempts to execute the stock list of commands that are
+This script attempts to execute the stock list of commands that are
 enabled. User-supplied arguments are not supported.
 ]]

--- a/scripts/oracle-brute.nse
+++ b/scripts/oracle-brute.nse
@@ -1,5 +1,5 @@
 description = [[
-Performs password guessing against Oracle
+Performs brute force password auditing against Oracle servers.
 ]]

 ---
--- a/scripts/oracle-enum-users.nse
+++ b/scripts/oracle-enum-users.nse
@@ -1,9 +1,6 @@
 description = [[
-Attempts to determine valid Oracle user names against unpatched Oracle 11g
-servers.
-
-This script does only work against Oracle 11g pre October 2009 Critical Patch
-Update (CPU).
+Attempts to enumerate valid Oracle user names against Oracle 11g
+servers (this bug was fixed in Oracle's October 2009 Critical Patch Update).
 ]]

 ---
--- a/scripts/path-mtu.nse
+++ b/scripts/path-mtu.nse
@@ -1,5 +1,5 @@
 description = [[
-Performs simple Path MTU Discovery to the target host.
+Performs simple Path MTU Discovery to target hosts.

 TCP or UDP packets are sent to the host with the DF (don't fragment) bit
 set and with varying amounts of data.  If an ICMP Fragmentation Needed
--- a/scripts/resolveall.nse
+++ b/scripts/resolveall.nse
@@ -1,6 +1,8 @@
 description = [[
-Resolves hostnames and adds every address (IPv4 or IPv6, depending) to Nmap's
-target list.  Nmap itself resolves a host but only scans the first address.
+Resolves hostnames and adds every address (IPv4 or IPv6, depending on
+Nmap mode) to Nmap's target list.  This differs from Nmap's normal
+host resolution process, which only scans the first address (A or AAAA
+record) returned for each host name.
 ]]

 ---
--- a/scripts/rmi-dumpregistry.nse
+++ b/scripts/rmi-dumpregistry.nse
@@ -1,14 +1,16 @@
 description = [[
-This script connects to a remote RMI registry and attempts to dump all
-its objects.
+Connects to a remote RMI registry and attempts to dump all its objects.

-First it tries to 
-determine the names of all objects bound in the registry, and then it tries to determine information about the objects, 
-such as the the class names of the superclasses and interfaces. This may, depending on what the registry is used for, give
-valuable information about the service. E.g, if the app uses JMX (Java Management eXtensions), you should see an object
-called "jmxconnector" on it. 
+First it tries to determine the names of all objects bound in the
+registry, and then it tries to determine information about the
+objects, such as the the class names of the superclasses and
+interfaces. This may, depending on what the registry is used for, give
+valuable information about the service. E.g, if the app uses JMX (Java
+Management eXtensions), you should see an object called "jmxconnector"
+on it.

-It also gives information about where the objects are located, (marked with @<ip>:port in the output). 
+It also gives information about where the objects are located, (marked
+with @<ip>:port in the output).

 Some apps give away the classpath, which this scripts catches in so-called "Custom data". 
 ]]
--- a/scripts/smb-flood.nse
+++ b/scripts/smb-flood.nse
@@ -1,7 +1,7 @@
 description = [[
-Exhaust the limit of SMB connections on a remote server by opening as many as we can. 
+Exhausts the limit of SMB connections on a remote server by opening as many as we can. 
 Most implementations of SMB have a hard global limit of 11 connections for user accounts
-and 10 connections for anonymous.  Once that limit is exhausted, further connections
+and 10 connections for anonymous.  Once that limit is reached, further connections
 are denied. This exploits that limit by taking up all the connections and holding them. 

 This works better with a valid user account, because Windows reserves one slot for valid
--- a/scripts/stuxnet-detect.nse
+++ b/scripts/stuxnet-detect.nse
@@ -2,7 +2,7 @@
 -- vim: set filetype=lua :

 description = [[
-This script detects whether a host is infected with the Stuxnet worm.
+Detects whether a host is infected with the Stuxnet worm (http://en.wikipedia.org/wiki/Stuxnet).

 An executable version of the Stuxnet infection will be downloaded if a format
 for the filename is given on the command line.
--- a/scripts/svn-brute.nse
+++ b/scripts/svn-brute.nse
@@ -1,5 +1,5 @@
 description = [[
-Performs password guessing against Subversion
+Performs brute force password auditing against Subversion source code control servers.
 ]]

 ---
--- a/scripts/targets-traceroute.nse
+++ b/scripts/targets-traceroute.nse
@@ -1,8 +1,5 @@
 description = [[
-Inserts traceroute hops into the Nmap scanning queue.
-
-The script needs Nmap <code>traceroute</code> option, and will
-only run if the script argument <code>newtargets</code> is given.
+Inserts traceroute hops into the Nmap scanning queue. It only functions if Nmap's <code>--traceroute</code> option is used and the <code>newtargets</code> script argument is given.
 ]]

 ---
--- a/scripts/vnc-brute.nse
+++ b/scripts/vnc-brute.nse
@@ -1,5 +1,5 @@
 description = [[
-Performs password guessing against VNC
+Performs brute force password auditing against VNC servers.
 ]]

 ---
--- a/scripts/vnc-info.nse
+++ b/scripts/vnc-info.nse
@@ -1,5 +1,5 @@
 description = [[
-Queries a VNC server for the supported security types
+Queries a VNC server for the protocol version and supported security types.
 ]]

 author = "Patrik Karlsson"
--- a/scripts/wdb-version.nse
+++ b/scripts/wdb-version.nse
@@ -1,5 +1,6 @@
 description = [[
-Gathers information from a Wind DeBug Agent on VxWorks
+Detects vulnerabilities and gathers information (such as version
+numbers and hardware support) from a VxWorks Wind DeBug Agent.

 Wind DeBug is a SunRPC-type service that is enabled by default on many devices
 that use the popular VxWorks real-time embedded operating system. H.D. Moore
--- a/scripts/wsdd-discover.nse
+++ b/scripts/wsdd-discover.nse
@@ -1,7 +1,8 @@
 description = [[ 
-Discovers devices supporting the Web Services Dynamic Discovery (WS-Discovery)
-protocol. It also attempts to locate any published Windows Communication
-Framework (WCF) web services (.NET 4.0 or later).
+Retrieves and displays information from devices supporting the Web
+Services Dynamic Discovery (WS-Discovery) protocol. It also attempts
+to locate any published Windows Communication Framework (WCF) web
+services (.NET 4.0 or later).
 ]]

 ---