PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 12:41:29 +00:00
Code Issues Projects Releases Wiki Activity

Edit some script descriptions for better line breaks when rendered as

Browse Source 
PDF. Some long URLs were replaced by short redirects under
http://nmap.org/r/.
This commit is contained in:
david
2010-07-17 16:47:31 +00:00
parent 204c2ba4b0
commit bccb8ead89
8 changed files with 16 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
scripts/couchdb-databases.nse
View File

@@ -1,9 +1,10 @@
description = [[
Gets database tables from a CouchDB database.
For more info about the CouchDB HTTP API, see
http://wiki.apache.org/couchdb/HTTP_database_API.
]]
---
-- @usage
-- nmap -p 5984 --script "couchdb-databases.nse" <host>

3
scripts/couchdb-stats.nse
View File

@@ -1,6 +1,7 @@
description = [[
Gets database statistics from a CouchDB database.
For more info about the CouchDB HTTP API, see
For more info about the CouchDB HTTP API and the statistics, see
http://wiki.apache.org/couchdb/Runtime_Statistics
and
http://wiki.apache.org/couchdb/HTTP_database_API.

6
scripts/ftp-libopie.nse
View File

@@ -1,7 +1,7 @@
description = [[
Checks if an FTPd is prone to CVE-2010-1938 (OPIE off-by-one stack overflow).
Vulnerability discovered by Maksymilian Arciemowicz and Adam "pi3" Zabrocki.
See also http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc.
Checks if an FTPd is prone to CVE-2010-1938 (OPIE off-by-one stack overflow),
a vulnerability discovered by Maksymilian Arciemowicz and Adam "pi3" Zabrocki.
See the advisory at http://nmap.org/r/fbsd-sa-opie.
Be advised that, if launched against a vulnerable host, this script will crash the FTPd.
]]

2
scripts/http-iis-webdav-vuln.nse
View File

@@ -1,5 +1,5 @@
description = [[
Checks for a vulnerability in IIS 5.1/6.0 that allows arbitrary users to access secured WebDAV folders by searching for a password-protected folder and attempting to access it. This vulnerability was patched in Microsoft Security Bulletin MS09-020 http://www.microsoft.com/technet/security/bulletin/ms09-020.mspx.
Checks for a vulnerability in IIS 5.1/6.0 that allows arbitrary users to access secured WebDAV folders by searching for a password-protected folder and attempting to access it. This vulnerability was patched in Microsoft Security Bulletin MS09-020, http://nmap.org/r/ms09-020.
A list of well known folders (almost 900) is used by default. Each one is checked, and if returns an authentication request (401), another attempt is tried with the malicious encoding. If that attempt returns a successful result (207), then the folder is marked as vulnerable.

5
scripts/http-php-version.nse
View File

@@ -1,12 +1,11 @@
description = [[
Attempts to retrieve the PHP version from a web server. PHP has a number
of magic queries that return images or text that can vary with the PHP
version. A list of these is at http://www.0php.com/php_easter_egg.php.
This script uses the following queries:
version. This script uses the following queries:
* <code>/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42</code>: gets a GIF logo, which changes on April Fool's Day.
* <code>/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000</code>: gets an HTML credits page.
A list of magic queries is at http://www.0php.com/php_easter_egg.php.
The script also checks if any header field value starts with
<code>"PHP"</code> and reports that value if found.
]]

4
scripts/http-vmware-path-vuln.nse
View File

@@ -1,5 +1,7 @@
description = [[
Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server (CVE-2009-3733), originally released by Justin Morehouse and Tony Flick, presented at Shmoocon 2010 (http://fyrmassociates.com/tools.html).
Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server (CVE-2009-3733).
The vulnerability was originally released by Justin Morehouse and Tony Flick, who presented at Shmoocon 2010 (http://fyrmassociates.com/tools.html).
]]
---

4
scripts/ldap-brute.nse
View File

@@ -1,6 +1,6 @@
description = [[
This script makes attempts to brute force LDAP authentication. By default
it uses the builtin username and password lists to do so. In order to use your
Attempts to brute-force LDAP authentication. By default
it uses the built-in username and password lists. In order to use your
own lists use the <code>userdb</code> and <code>passdb</code> script arguments.
This script does not make any attempt to prevent account lockout!

2
scripts/sslv2.nse
View File

@@ -1,5 +1,5 @@
description = [[
Determines whether the server supports obsolete and less secure SSL-v2, and discovers which ciphers it
Determines whether the server supports obsolete and less secure SSLv2, and discovers which ciphers it
supports.
]]