Minor description updates (and sometimes just text reformatting) for some of the 85 new scripts(!) since Nmap 6.01

scripts/broadcast-bjnp-discover.nse

@@ -1,7 +1,7 @@
 description = [[
-Attempts to discover Canon devices (Printers/Scanners) supporting the BJNP
-protocol. Discovery is performed by sending BJNP Discover requests to the
-network broadcast address for both ports associated with the protocol.
+Attempts to discover Canon devices (Printers/Scanners) supporting the
+BJNP protocol by sending BJNP Discover requests to the network
+broadcast address for both ports associated with the protocol.
 
 The script then attempts to retrieve the model, version and some additional
 information for all discovered devices.

scripts/broadcast-eigrp-discovery.nse

@@ -11,7 +11,8 @@ local coroutine = require "coroutine"
 local string = require "string"
 
 description = [[
-Network discovery and routing information gathering through Cisco's EIGRP.
+Performs network discovery and routing information gathering through
+Cisco's EIGRP protocol.
 
 The script works by sending an EIGRP Hello packet with the specified Autonomous
 System value to the 224.0.0.10 multicast address and listening for EIGRP Update

scripts/dns-check-zone.nse

@@ -5,7 +5,7 @@ local ipOps = require "ipOps"
 
 description = [[
 Checks DNS zone configuration against best practices, including RFC 1912.
-The configuration checks are divided into categories that each have a number
+The configuration checks are divided into categories which each have a number
 of different tests. 
 ]]
 

scripts/eppc-enum-processes.nse

@@ -5,7 +5,7 @@ local stdnse    = require('stdnse')
 local tab       = require('tab')
 
 description = [[
-Attempt to enumerate process info over the Apple Remote Event protocol.
+Attempts to enumerate process info over the Apple Remote Event protocol.
 When accessing an application over the Apple Remote Event protocol the
 service responds with the uid and pid of the application, if it is running,
 prior to requesting authentication.

scripts/http-frontpage-login.nse

@@ -7,7 +7,7 @@ local vulns = require "vulns"
 
 
 description = [[
-Check if target machines are vulnerable to anonymous Frontpage login.
+Checks whether target machines are vulnerable to anonymous Frontpage login.
 
 Older, default configurations of Frontpage extensions allow
 remote user to login anonymously which may lead to server compromise.

scripts/http-git.nse

@@ -23,9 +23,7 @@ local stdnse = require("stdnse")
 local strbuf = require("strbuf")
 local string = require("string")
 local table = require("table")
-description = [[ Checks for a Git repository found in a website's document root (GET /.git/<something> HTTP/1.1)
-Gets as much information about the repository as possible, including language/framework, Github
-username, last commit message, and repository description.
+description = [[ Checks for a Git repository found in a website's document root (/.git/<something>) then retrieves as much repo information as possible, including language/framework, Github username, last commit message, and repository description.
 ]]
 
 categories = { "safe", "vuln", "default" }

scripts/http-rfi-spider.nse

@@ -1,7 +1,5 @@
 description = [[
-Crawls webservers in search of RFI vulnerabilities.
-It tests every form field it finds and
-every parameter of a URL containing a query.
+Crawls webservers in search of RFI (remote file inclusion) vulnerabilities. It tests every form field it finds and every parameter of a URL containing a query.
 ]]
 
 ---

scripts/http-sitemap-generator.nse

@@ -1,7 +1,8 @@
 description = [[
-Spiders a web server and displays its directory structure along with number and types
-of files in each folder. Note that files listed as having an 'Other' extension are ones
-that have no extension or that are a root document.
+Spiders a web server and displays its directory structure along with
+number and types of files in each folder. Note that files listed as
+having an 'Other' extension are ones that have no extension or that
+are a root document.
 ]]
 
 ---

scripts/http-slowloris-check.nse

@@ -9,7 +9,7 @@ local http = require "http"
 
 
 description = [[
-Tests a web server for vulnerability to the Slowloris DoS attack.
+Tests a web server for vulnerability to the Slowloris DoS attack without actually launching a DoS attack.
 
 Slowloris was described at Defcon 17 by RSnake
 (see http://ha.ckers.org/slowloris/).

scripts/http-slowloris.nse

@@ -8,7 +8,7 @@ local http = require "http"
 local comm = require "comm"
 
 description = [[
-Tests a web server for vulnerability to the Slowloris DoS attack.
+Tests a web server for vulnerability to the Slowloris DoS attack by launching a Slowlaris attack.
 
 Slowloris was described at Defcon 17 by RSnake
 (see http://ha.ckers.org/slowloris/).

scripts/ipv6-ra-flood.nse

@@ -6,7 +6,7 @@ local string = require "string"
 local os = require "os"
 
 description = [[ Generates a flood of Router Adverisments (RA) with random source MAC addresses and IPv6 prefixes. Computers, which have stateless autoconfiguration enabled by default (every major OS), 
-will start to compute IPv6 suffix and update their routing table to reflect the accepted annoucement. This will cause 100% CPU usage, thus preventing to process other application requests.
+will start to compute IPv6 suffix and update their routing table to reflect the accepted annoucement. This will cause 100% CPU usage on Windows and platforms, preventing to process other application requests.
 
 Vulnerable platforms:
 * All Cisco IOS ASA with firmware < November 2010

scripts/jdwp-exec.nse

@@ -7,13 +7,11 @@ local shortport = require "shortport"
 local string = require "string"
 
 description = [[
-Script to exploit java's remote debugging port. 
-
-When remote debugging port is left open, it is possible to inject 
-java bytecode and achieve remote code execution.
-
-Script abuses this to inject and execute Java class file that 
-executes the supplied shell command and returns its output.
+Attempts to exploit java's remote debugging port. When remote debugging
+port is left open, it is possible to inject java bytecode and achieve
+remote code execution.  This script abuses this to inject and execute
+a Java class file that executes the supplied shell command and returns
+its output.
 
 The script injects the JDWPSystemInfo class from 
 nselib/jdwp-class/ and executes its run() method which 

scripts/jdwp-info.nse

@@ -7,13 +7,10 @@ local shortport = require "shortport"
 local string = require "string"
 
 description = [[
-Script to exploit java's remote debugging port. 
-
-When remote debugging port is left open, it is possible to inject 
-java bytecode and achieve remote code execution.
-
-Script abuses this to inject and execute Java class file that 
-returns remote system information.
+Attempts to exploit java's remote debugging port.  When remote
+debugging port is left open, it is possible to inject java bytecode
+and achieve remote code execution.  This script injects and execute a
+Java class file that returns remote system information.
 ]]
 
 author = "Aleksandar Nikolic" 

scripts/jdwp-inject.nse

@@ -7,10 +7,7 @@ local shortport = require "shortport"
 local string = require "string"
 
 description = [[
-Script to exploit java's remote debugging port. 
-
-When remote debugging port is left open, it is possible to inject 
-java bytecode and achieve remote code execution.
+Attempts to exploit java's remote debugging port.  When remote debugging port is left open, it is possible to inject  java bytecode and achieve remote code execution.  This script allows injection of arbitrary class files.
 
 After injection, class' run() method is executed.
 Method run() has no parameters, and is expected to return a string.

scripts/mcafee-epo-agent.nse

@@ -9,7 +9,7 @@
 --   2012/06/20: new portrule by Daniel Miller
 
 description = [[
-Check if ePO agent is running on port 8081 or port identified as ePO Agent port
+Check if ePO agent is running on port 8081 or port identified as ePO Agent port.
 ]]
 
 ---

scripts/metasploit-msgrpc-brute.nse

@@ -7,7 +7,7 @@ local bin = require "bin"
 local creds = require "creds"
 
 description = [[
-Performs brute force username and password guessing against 
+Performs brute force username and password auditing against 
 Metasploit msgrpc interface.
 
 ]]

scripts/ms-sql-dac.nse

@@ -6,17 +6,21 @@ local string = require "string"
 local table = require "table"
 
 description = [[
-Queries the Microsoft SQL Browser service for the DAC (Dedicated Admin Connection) port
-of a given, or all SQL Server instances. The DAC port is used to connect to the database 
-instance when normal connection attempts fail, for example, when server is hanging, out 
-of memory or in other bad states. In addition, the DAC port provides an admin with
-access to system objects otherwise not accessible over normal connections.
+Queries the Microsoft SQL Browser service for the DAC (Dedicated Admin
+Connection) port of a given (or all) SQL Server instance. The DAC port
+is used to connect to the database instance when normal connection
+attempts fail, for example, when server is hanging, out of memory or
+in other bad states. In addition, the DAC port provides an admin with
+access to system objects otherwise not accessible over normal
+connections.
 
-The DAC feature is accessible on the loopback adapter per default, but can be activated
-for remote access by setting the 'remote admin connection' configuration value to 1. In
-some cases, when DAC has been remotely enabled but later disabled, the sql browser 
-service may incorrectly report it as available. The script therefore attempts to connect 
-to the reported port in order to verify whether it's accessible or not.
+The DAC feature is accessible on the loopback adapter per default, but
+can be activated for remote access by setting the 'remote admin
+connection' configuration value to 1. In some cases, when DAC has been
+remotely enabled but later disabled, the sql browser service may
+incorrectly report it as available. The script therefore attempts to
+connect to the reported port in order to verify whether it's
+accessible or not.
 ]]
 
 ---

scripts/msrpc-enum.nse

@@ -5,7 +5,7 @@ local stdnse = require "stdnse"
 local table = require "table"
 
 description = [[
-Script queries MSRPC endpoint mapper for a list of mapped 
+Queries an MSRPC endpoint mapper for a list of mapped 
 services and displays the gathered information.
 
 As it is using smb library, you can specify optional

scripts/mysql-dump-hashes.nse

@@ -5,8 +5,7 @@ local stdnse = require "stdnse"
 
 description = [[
 Dumps the password hashes from an MySQL server in a format suitable for
-cracking by tools such as John-the-ripper. In order to do so the user
-needs to have the appropriate DB privileges (root).
+cracking by tools such as John the Ripper.  Appropriate DB privileges (root) are required.
 
 The <code>username</code> and <code>password</code> arguments take precedence
 over credentials discovered by the mysql-brute and mysql-empty-password

scripts/mysql-vuln-cve2012-2122.nse

@@ -1,19 +1,25 @@
 description = [[
-Attempts to bypass authentication in MySQL and MariaDB servers by exploiting CVE2012-2122. If its vulnerable, it will also attempt to dump the MySQL usernames and password hashes. All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are
-vulnerable but depending if memcmp() returns an arbitrary integer outside of -128..127 range.
 
-"When a user connects to MariaDB/MySQL, a token (SHA
-over a password and a random scramble string) is calculated and compared
-with the expected value. Because of incorrect casting, it might've
-happened that the token and the expected value were considered equal,
-even if the memcmp() returned a non-zero value. In this case
-MySQL/MariaDB would think that the password is correct, even while it is
-not.  Because the protocol uses random strings, the probability of
-hitting this bug is about 1/256.
-Which means, if one knows a user name to connect (and "root" almost
-always exists), she can connect using *any* password by repeating
-connection attempts. ~300 attempts takes only a fraction of second, so
-basically account password protection is as good as nonexistent."
+Attempts to bypass authentication in MySQL and MariaDB servers by
+exploiting CVE2012-2122. If its vulnerable, it will also attempt to
+dump the MySQL usernames and password hashes.
+
+All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are
+vulnerable but exploitation depends on whether memcmp() returns an
+arbitrary integer outside of -128..127 range.
+
+"When a user connects to MariaDB/MySQL, a token (SHA over a password
+and a random scramble string) is calculated and compared with the
+expected value. Because of incorrect casting, it might've happened
+that the token and the expected value were considered equal, even if
+the memcmp() returned a non-zero value. In this case MySQL/MariaDB
+would think that the password is correct, even while it is not.
+Because the protocol uses random strings, the probability of hitting
+this bug is about 1/256.  Which means, if one knows a user name to
+connect (and "root" almost always exists), she can connect using *any*
+password by repeating connection attempts. ~300 attempts takes only a
+fraction of second, so basically account password protection is as
+good as nonexistent."
 
 Original public advisory:
 * http://seclists.org/oss-sec/2012/q2/493

scripts/oracle-brute-stealth.nse

@@ -12,11 +12,14 @@ local unpwdb = require "unpwdb"
 local openssl = stdnse.silent_require "openssl"
 
 description = [[
-Exploits the CVE-2012-3137 vulnerability, a weaknes in Oracle's O5LOGIN authentication scheme.
-The vulnerability exists in Oracle 11g R1,R2 and allows linking the session key to a password hash.
-When initiating an authentication attempt as a valid user the server will respond with a session key and salt.
-Once received the script will disconnect the connection thereby not recording the login attempt.
-The session key and salt can then be used to brute force the users password.
+Exploits the CVE-2012-3137 vulnerability, a weaknes in Oracle's
+O5LOGIN authentication scheme.  The vulnerability exists in Oracle 11g
+R1/R2 and allows linking the session key to a password hash.  When
+initiating an authentication attempt as a valid user the server will
+respond with a session key and salt.  Once received the script will
+disconnect the connection thereby not recording the login attempt.
+The session key and salt can then be used to brute force the users
+password.
 ]]
 
 ---

scripts/rdp-enum-encryption.nse

@@ -1,5 +1,5 @@
 description = [[
-Determines what Security layer and Encryption level that is supported by the
+Determines which Security layer and Encryption level is supported by the
 RDP service. It does so by cycling through all existing protocols and ciphers.
 When run in debug mode, the script also returns the protocols and ciphers that
 fail and any errors that were reported.

scripts/rmi-vuln-classloader.nse

@@ -6,11 +6,11 @@ local string = require "string"
 local vulns = require "vulns"
 
 description = [[
-Checks if rmiregistry allows class loading.
+Tests whether Java rmiregistry allows class loading.  The default
+configuration of rmiregistry allows loading classes from remote URLs,
+which can lead to remote code execution. The vendor (Oracle/Sun)
+classifies this as a design feature.
 
-The default configuration of rmiregistry allows loading classes from remote
-URLs which can lead to remote code execution. This is considered as "by
-design".
 
 Based on original Metasploit module by mihi.
 

scripts/sip-call-spoof.nse

@@ -5,7 +5,7 @@ local stdnse = require "stdnse"
 local table = require "table"
 
 description = [[
-Spoofs a call to a SIP phone and detects the action taken by the target.
+Spoofs a call to a SIP phone and detects the action taken by the target (busy, declined, hung up, etc.)
 
 This works by sending a fake sip invite request to the target phone and checking
 the responses. A response with status code 180 means that the phone is ringing.

scripts/sip-methods.nse

@@ -5,7 +5,7 @@ local stdnse = require "stdnse"
 local table = require "table"
 
 description = [[
-Enumerates a SIP Server's allowed methods.
+Enumerates a SIP Server's allowed methods (INVITE, OPTIONS, SUBSCRIBE, etc.)
 
 The script works by sending an OPTION request to the server and checking for
 the value of the Allow header in the response.

scripts/smb-ls.nse

@@ -7,7 +7,7 @@ local openssl= stdnse.silent_require 'openssl'
 
 description = [[
 Attempts to retrieve useful information about files shared on SMB volumes.
-The output is intended to resemble the output of <code>ls</code>.
+The output is intended to resemble the output of the UNIX <code>ls</code> command.
 ]]
 
 ---

scripts/smb-print-text.nse

@@ -6,8 +6,7 @@ local string = require "string"
 local stdnse = require "stdnse"
 
 description = [[
-Script calls Print Spooler Service RPC functions to a shared printer 
-to make it print text.
+Attempts to print text on a shared printer by calling Print Spooler Service RPC functions. 
 
 In order to use the script, at least one printer needs to be shared 
 over SMB. If no printer is specified, script tries to enumerate existing 

scripts/smb-vuln-ms10-054.nse

@@ -6,7 +6,7 @@ local vulns = require "vulns"
 local stdnse = require "stdnse"
 
 description = [[
-Checks if target machines are vulnerable to the ms10-054 SMB remote memory 
+Tests whether target machines are vulnerable to the ms10-054 SMB remote memory 
 corruption vulnerability.
 
 The vulnerable machine will crash with BSOD. 

scripts/smb-vuln-ms10-061.nse

@@ -6,17 +6,19 @@ local vulns = require "vulns"
 local stdnse = require "stdnse"
 
 description = [[
-Checks if target machines are vulnerable to ms10-061 Printer Spooler impersonation vulnerability.
+Tests whether target machines are vulnerable to ms10-061 Printer Spooler impersonation vulnerability.
 
-This vulnerability was used in Stuxnet worm.
-The script checks for the vuln in a safe way without a possibility of crashing the remote system
-as this is not a memory corruption vulnerability.  
-In order for the check to work it needs access to at least one shared printer on the remote system.
-By default it tries to enumerate printers by using LANMAN API which on some systems is not 
-available by default. In that case user should specify printer share name as printer script argument.
-To find a printer share, smb-enum-shares can be used.
-Also, on some systems, accessing shares requires valid credentials which can be specified with
-smb library arguments smbuser and smbpassword.
+This vulnerability was used in Stuxnet worm.  The script checks for
+the vuln in a safe way without a possibility of crashing the remote
+system as this is not a memory corruption vulnerability.  In order for
+the check to work it needs access to at least one shared printer on
+the remote system.  By default it tries to enumerate printers by using
+LANMAN API which on some systems is not available by default. In that
+case user should specify printer share name as printer script
+argument.  To find a printer share, smb-enum-shares can be used.
+Also, on some systems, accessing shares requires valid credentials
+which can be specified with smb library arguments smbuser and
+smbpassword.
 
 References: 
 	- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2729

scripts/ssl-date.nse

@@ -8,7 +8,7 @@ local string = require "string"
 local sslcert = require "sslcert"
 
 description = [[
-Gets the remote host's time from its TLS ServerHello response.
+Retrieves a target host's time and date from its TLS ServerHello response.
 
 
 In many TLS implementations, the first four bytes of server randomness