diff --git a/scripts/couchdb-databases.nse b/scripts/couchdb-databases.nse index cfe19c2e1..06e73fb62 100644 --- a/scripts/couchdb-databases.nse +++ b/scripts/couchdb-databases.nse @@ -1,9 +1,10 @@ description = [[ Gets database tables from a CouchDB database. + For more info about the CouchDB HTTP API, see http://wiki.apache.org/couchdb/HTTP_database_API. - ]] + --- -- @usage -- nmap -p 5984 --script "couchdb-databases.nse" diff --git a/scripts/couchdb-stats.nse b/scripts/couchdb-stats.nse index 59b52cb0f..294017b5f 100644 --- a/scripts/couchdb-stats.nse +++ b/scripts/couchdb-stats.nse @@ -1,6 +1,7 @@ description = [[ Gets database statistics from a CouchDB database. -For more info about the CouchDB HTTP API, see + +For more info about the CouchDB HTTP API and the statistics, see http://wiki.apache.org/couchdb/Runtime_Statistics and http://wiki.apache.org/couchdb/HTTP_database_API. diff --git a/scripts/ftp-libopie.nse b/scripts/ftp-libopie.nse index c63051730..b36b6ed4c 100644 --- a/scripts/ftp-libopie.nse +++ b/scripts/ftp-libopie.nse @@ -1,7 +1,7 @@ description = [[ -Checks if an FTPd is prone to CVE-2010-1938 (OPIE off-by-one stack overflow). -Vulnerability discovered by Maksymilian Arciemowicz and Adam "pi3" Zabrocki. -See also http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc. +Checks if an FTPd is prone to CVE-2010-1938 (OPIE off-by-one stack overflow), +a vulnerability discovered by Maksymilian Arciemowicz and Adam "pi3" Zabrocki. +See the advisory at http://nmap.org/r/fbsd-sa-opie. Be advised that, if launched against a vulnerable host, this script will crash the FTPd. ]] diff --git a/scripts/http-iis-webdav-vuln.nse b/scripts/http-iis-webdav-vuln.nse index cbbe90657..0b3fa9a30 100644 --- a/scripts/http-iis-webdav-vuln.nse +++ b/scripts/http-iis-webdav-vuln.nse @@ -1,5 +1,5 @@ description = [[ -Checks for a vulnerability in IIS 5.1/6.0 that allows arbitrary users to access secured WebDAV folders by searching for a password-protected folder and attempting to access it. This vulnerability was patched in Microsoft Security Bulletin MS09-020 http://www.microsoft.com/technet/security/bulletin/ms09-020.mspx. +Checks for a vulnerability in IIS 5.1/6.0 that allows arbitrary users to access secured WebDAV folders by searching for a password-protected folder and attempting to access it. This vulnerability was patched in Microsoft Security Bulletin MS09-020, http://nmap.org/r/ms09-020. A list of well known folders (almost 900) is used by default. Each one is checked, and if returns an authentication request (401), another attempt is tried with the malicious encoding. If that attempt returns a successful result (207), then the folder is marked as vulnerable. diff --git a/scripts/http-php-version.nse b/scripts/http-php-version.nse index c0bd36951..7ebd1acca 100644 --- a/scripts/http-php-version.nse +++ b/scripts/http-php-version.nse @@ -1,12 +1,11 @@ description = [[ Attempts to retrieve the PHP version from a web server. PHP has a number of magic queries that return images or text that can vary with the PHP -version. A list of these is at http://www.0php.com/php_easter_egg.php. -This script uses the following queries: - +version. This script uses the following queries: * /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: gets a GIF logo, which changes on April Fool's Day. * /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: gets an HTML credits page. +A list of magic queries is at http://www.0php.com/php_easter_egg.php. The script also checks if any header field value starts with "PHP" and reports that value if found. ]] diff --git a/scripts/http-vmware-path-vuln.nse b/scripts/http-vmware-path-vuln.nse index c786f5bb7..ad65b8df4 100644 --- a/scripts/http-vmware-path-vuln.nse +++ b/scripts/http-vmware-path-vuln.nse @@ -1,5 +1,7 @@ description = [[ -Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server (CVE-2009-3733), originally released by Justin Morehouse and Tony Flick, presented at Shmoocon 2010 (http://fyrmassociates.com/tools.html). +Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server (CVE-2009-3733). + +The vulnerability was originally released by Justin Morehouse and Tony Flick, who presented at Shmoocon 2010 (http://fyrmassociates.com/tools.html). ]] --- diff --git a/scripts/ldap-brute.nse b/scripts/ldap-brute.nse index 358095c32..fce508026 100644 --- a/scripts/ldap-brute.nse +++ b/scripts/ldap-brute.nse @@ -1,6 +1,6 @@ description = [[ -This script makes attempts to brute force LDAP authentication. By default -it uses the builtin username and password lists to do so. In order to use your +Attempts to brute-force LDAP authentication. By default +it uses the built-in username and password lists. In order to use your own lists use the userdb and passdb script arguments. This script does not make any attempt to prevent account lockout! diff --git a/scripts/sslv2.nse b/scripts/sslv2.nse index c3eb9ef1d..654e6028e 100644 --- a/scripts/sslv2.nse +++ b/scripts/sslv2.nse @@ -1,5 +1,5 @@ description = [[ -Determines whether the server supports obsolete and less secure SSL-v2, and discovers which ciphers it +Determines whether the server supports obsolete and less secure SSLv2, and discovers which ciphers it supports. ]]