I made every script follow a standard form: it starts with the id, followed by
the description. The description is contained in [[ ]] delimiters. The
description is in the global description variable, not in a LuaDoc comment.
Other LuaDoc information such as @args and @usage follows the description in a
comment.
The first paragraph of each description is a a short summary of what the script
does. More detailed information, if any, is given in following paragraphs.
I also improved some wording and formatting in a few cases.
* Merge the "backdoor" category into "malware"
* Add "auth" for authentication credential determination
* Rename "vulnerability" to "vuln"
* Place 12 scripts into their correct categories
of scripts chosen from when using -sC (but it's still just another category
and so can be chosen with --script like any other).
On top of updating the docs with information about this new category, I've
also updated sections to emphasize that the "default" category, -sC and -A
are considered intrusive and should not be run against target networks
without permission.
The new list is very similar to the previous "safe,intrusive" list:
Added: finger, ircServerInfo, RealVNC_auth_bypass
Removed: HTTPpasswd
Here are the 21 scripts in this new category:
anonFTP
dns-test-open-recursion
finger
ftpbounce
HTTPAuth
HTTP_open_proxy
ircServerInfo
MSSQLm
MySQLinfo
nbstat
RealVNC_auth_bypass
robots
rpcinfo
showHTMLTitle
showOwner
SMTPcommands
SNMPsysdesr
SSHv1-support
SSLv2-support
UPnP-info
zoneTrans
with http.get_url() or create more complex requests with
http.request(). There is also an http.get() function which takes
components (hostname, port, and path) rather than a URL. The
HTTPAuth, robots, and showHTMLTitle NSE scripts have been updated to
use this library. Sven Klemm wrote all of this code.
