PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 04:09:01 +00:00
Code Issues Projects Releases Wiki Activity
Files
77c5cd9d9a9c61f1f471d8cc0702d1e348c2a675
nmap/scripts
History
david 77c5cd9d9a Use ftp.read_reply in ftp-proftpd-backdoor. Also, do a read_reply after 
sending the magic shell string but before sending a shell command.
Michael Meyer reported that the script would sometimes fail to report a
backdoor; I tracked this down to the sends happening in too-close
succession. The ProFTPD process could receive both sends
("HELP ACIDBITCHEZ\r\nid;\r\n"), read the first line, and execute the
shell, but then the shell would get no input because the "id;\r\n" had
already been read.

This causes a delay up to the timeout when there is a backdoor, but it
still returns right away when there is no backdoor.
2010-12-29 21:24:53 +00:00
..
afp-brute.nse
Break off a comment in afp-brute.nse so it doesn't appear as part of the
2010-07-09 17:48:10 +00:00
afp-path-vuln.nse
Add missing <code> tags.
2010-09-21 17:31:17 +00:00
afp-serverinfo.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
afp-showmount.nse
Do copyediting of NSEDoc. This is a first pass up to ms-sql-xp-cmdshell.
2010-07-09 23:32:18 +00:00
asn-query.nse
Change " \n" to just "\n" where appropriate in NSE. Leading newlines are
2010-09-30 05:03:39 +00:00
auth-owners.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
auth-spoof.nse
Do copyediting of NSEDoc. This is a first pass up to ms-sql-xp-cmdshell.
2010-07-09 23:32:18 +00:00
banner.nse
Merge r18689:r19511 from /nmap-exp/djalal/nse-rules.
2010-08-06 16:40:03 +00:00
broadcast-dns-service-discovery.nse
Removed broadcast-upnp-info and broadcast-dns-service-discovery from the default category. With these running by default, I was getting a bunch of information about printers and stuff on my LAN. Which is great info, and I love the scripts, but that's not what I'm really looking for when just trying to scan scanme.nmap.org
2010-11-20 02:04:00 +00:00
broadcast-ms-sql-discover.nse
o [NSE] Add new script broadcast-ms-sql-discover and removed broadcast
2010-12-10 23:12:27 +00:00
broadcast-upnp-info.nse
Removed broadcast-upnp-info and broadcast-dns-service-discovery from the default category. With these running by default, I was getting a bunch of information about printers and stuff on my LAN. Which is great info, and I love the scripts, but that's not what I'm really looking for when just trying to scan scanme.nmap.org
2010-11-20 02:04:00 +00:00
broadcast-wsdd-discover.nse
o [NSE] Added a new Web Service Dynamic Discovery library (wsdd) and the two
2010-11-10 22:35:13 +00:00
citrix-brute-xml.nse
Change " \n" to just "\n" where appropriate in NSE. Leading newlines are
2010-09-30 05:03:39 +00:00
citrix-enum-apps-xml.nse
Spell-check NSEDoc.
2010-07-19 16:29:48 +00:00
citrix-enum-apps.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
citrix-enum-servers-xml.nse
Do copyediting of NSEDoc. This is a first pass up to ms-sql-xp-cmdshell.
2010-07-09 23:32:18 +00:00
citrix-enum-servers.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
couchdb-databases.nse
Edit some script descriptions for better line breaks when rendered as
2010-07-17 16:47:31 +00:00
couchdb-stats.nse
Edit some script descriptions for better line breaks when rendered as
2010-07-17 16:47:31 +00:00
daap-get-library.nse
Change " \n" to just "\n" where appropriate in NSE. Leading newlines are
2010-09-30 05:03:39 +00:00
daytime.nse
Add @output sections to these scripts:
2010-03-31 21:45:21 +00:00
db2-das-info.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
db2-discover.nse
Fix typo.
2010-10-16 17:27:28 +00:00
dhcp-discover.nse
remove a stale comment
2010-09-29 02:07:41 +00:00
dns-cache-snoop.nse
Do copyediting of NSEDoc. This is a first pass up to ms-sql-xp-cmdshell.
2010-07-09 23:32:18 +00:00
dns-fuzz.nse
canonicalize author field for asn-query and dns-fuzz. One had just 'Michael' and another had Michael Pattrick's full name and his email address too. I standardized on just the full name on both
2010-07-24 05:51:10 +00:00
dns-random-srcport.nse
Moved some information from the license field of these two scripts to the description field. I felt this was a better place since the URL leads to a description of the service rather than license information
2010-06-11 06:49:15 +00:00
dns-random-txid.nse
Moved some information from the license field of these two scripts to the description field. I felt this was a better place since the URL leads to a description of the service rather than license information
2010-06-11 06:49:15 +00:00
dns-recursion.nse
Do copyediting of NSEDoc. This is a first pass up to ms-sql-xp-cmdshell.
2010-07-09 23:32:18 +00:00
dns-service-discovery.nse
o [NSE] Added a new library dnssd with supporting functions for DNS Service
2010-11-02 17:22:38 +00:00
dns-zone-transfer.nse
Move the script argument checks to the rule functions.
2010-10-31 22:52:46 +00:00
domcon-brute.nse
o [NSE] Added a smallish Lotus Domino rpc library (nrpc.lua) and some Lotus
2010-08-19 23:02:58 +00:00
domcon-cmd.nse
o [NSE] Added a smallish Lotus Domino rpc library (nrpc.lua) and some Lotus
2010-08-19 23:02:58 +00:00
domino-enum-users.nse
fixed usage typo. change port number from 5900 to 1352.
2010-11-24 20:56:43 +00:00
drda-brute.nse
changed portrule to include both ibm-db2 and drda
2010-08-14 11:52:18 +00:00
drda-info.nse
changed portrule to include both ibm-db2 and drda
2010-08-14 11:52:18 +00:00
finger.nse
Add @output to finger.nse and telnet-brute.nse thanks to Gutek.
2010-03-31 23:25:39 +00:00
firewalk.nse
Fixes to firewalk.nse from Henri Doreau: "The first one was due to my
2010-11-29 19:16:49 +00:00
ftp-anon.nse
Move the read_reply function out of ftp-anon.nse and into a new library
2010-12-29 21:24:52 +00:00
ftp-bounce.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
ftp-brute.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
ftp-libopie.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
ftp-proftpd-backdoor.nse
Use ftp.read_reply in ftp-proftpd-backdoor. Also, do a read_reply after
2010-12-29 21:24:53 +00:00
giop-info.nse
o [NSE] Added GIOP library and a small script that makes use of it:
2010-08-19 23:14:39 +00:00
gopher-ls.nse
Update @output of gopher-ls.
2010-12-29 18:47:17 +00:00
hddtemp-info.nse
note some of the information obtained from hddtemp service
2010-11-30 01:56:39 +00:00
hostmap.nse
Fix a typo found by Gutek.
2010-10-16 17:47:36 +00:00
http-auth.nse
Use shortport.http where appropriate.
2010-08-09 22:30:50 +00:00
http-brute.nse
Typo fix.
2010-12-13 18:16:06 +00:00
http-date.nse
Use shortport.http where appropriate.
2010-08-09 22:30:50 +00:00
http-domino-enum-passwords.nse
Renamed domino-enum-passwords script to http-domino-enum-passwords
2010-12-15 08:52:31 +00:00
http-enum.nse
Made some big style changes to clean up HTTP library. Primarily focused on improving the interface, NSEDoc, and pipline support
2010-11-02 02:07:01 +00:00
http-favicon.nse
Use shortport.http where appropriate.
2010-08-09 22:30:50 +00:00
http-form-brute.nse
o [NSE] Added two new scripts http-brute.nse and http-form-brute that attempt
2010-08-19 20:53:40 +00:00
http-headers.nse
Fixed a bug where http-headers.nse wasn't honouring the 'path' script-arg.
2010-08-29 01:18:08 +00:00
http-iis-webdav-vuln.nse
Bring in changes from my experimental brange, nmap-http
2010-10-27 03:08:08 +00:00
http-malware-host.nse
Use shortport.http where appropriate.
2010-08-09 22:30:50 +00:00
http-methods.nse
Use shortport.http where appropriate.
2010-08-09 22:30:50 +00:00
http-open-proxy.nse
Do copyediting of NSEDoc. This is a first pass up to ms-sql-xp-cmdshell.
2010-07-09 23:32:18 +00:00
http-passwd.nse
Add more http-passwd payloads from Ange Gutek.
2010-11-11 19:02:17 +00:00
http-php-version.nse
Added hashes for PHP 5.2.15 and 5.2.16.
2010-12-26 13:48:06 +00:00
http-robots.txt.nse
Rename a couple http scripts to make it more clear that they use the http protocol and for consistency with other script names
2010-11-20 04:22:51 +00:00
http-title.nse
Rename a couple http scripts to make it more clear that they use the http protocol and for consistency with other script names
2010-11-20 04:22:51 +00:00
http-trace.nse
Use shortport.http where appropriate.
2010-08-09 22:30:50 +00:00
http-userdir-enum.nse
Fixed a bug in http-userdir-enum (was missing an argument to http.pipeline_add())
2010-11-17 20:24:48 +00:00
http-vhosts.nse
Take out "other" in "X other hosts had status Y" in http-vhosts.nse. It
2010-12-08 00:54:46 +00:00
http-vmware-path-vuln.nse
Edit some script descriptions for better line breaks when rendered as
2010-07-17 16:47:31 +00:00
iax2-version.nse
Merge r18160:18278 from nmap-exp/djalal/nmap-nse/ to fix NSE not honoring the exclude directive bug.
2010-06-29 21:56:59 +00:00
imap-capabilities.nse
Merge r18689:r19511 from /nmap-exp/djalal/nse-rules.
2010-08-06 16:40:03 +00:00
informix-brute.nse
typo fix, replace Oracle with Informix
2010-08-23 17:25:48 +00:00
informix-query.nse
o [NSE] Added an Informix library and three scripts that make use of it:
2010-08-19 22:47:52 +00:00
informix-tables.nse
o [NSE] Added an Informix library and three scripts that make use of it:
2010-08-19 22:47:52 +00:00
ipidseq.nse
Put <code> tags around an option name.
2010-09-21 17:12:27 +00:00
irc-info.nse
irc-unrealircd-backdoor.nse
Do copyediting of NSEDoc. This is a first pass up to ms-sql-xp-cmdshell.
2010-07-09 23:32:18 +00:00
iscsi-brute.nse
o [NSE] Added a new iSCSI library and the two scripts iscsi-info and
2010-12-10 23:20:59 +00:00
iscsi-info.nse
o [NSE] Added a new iSCSI library and the two scripts iscsi-info and
2010-12-10 23:20:59 +00:00
jdwp-version.nse
Spell-check NSEDoc.
2010-07-19 16:29:48 +00:00
ldap-brute.nse
fixed the following bug reported by Ron
2010-11-04 18:53:56 +00:00
ldap-rootdse.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
ldap-search.nse
Change " \n" to just "\n" where appropriate in NSE. Leading newlines are
2010-09-30 05:03:39 +00:00
lexmark-config.nse
Whitespace in lexmark-config.nse.
2010-12-15 18:57:22 +00:00
modbus-discover.nse
Use stdnse.get_script_args for modbus-discover.aggressive.
2010-12-16 08:59:19 +00:00
mongodb-databases.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
mongodb-info.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
ms-sql-brute.nse
fixed bug in authentication encryption function as reported by Sergey
2010-10-15 19:47:54 +00:00
ms-sql-config.nse
Do copyediting of NSEDoc. This is a first pass up to ms-sql-xp-cmdshell.
2010-07-09 23:32:18 +00:00
ms-sql-empty-password.nse
Do copyediting of NSEDoc. This is a first pass up to ms-sql-xp-cmdshell.
2010-07-09 23:32:18 +00:00
ms-sql-hasdbaccess.nse
fixed bug in authentication encryption function as reported by Sergey
2010-10-15 19:47:54 +00:00
ms-sql-info.nse
o [NSE] Add new script broadcast-ms-sql-discover and removed broadcast
2010-12-10 23:12:27 +00:00
ms-sql-query.nse
Do copyediting of NSEDoc. This is a first pass up to ms-sql-xp-cmdshell.
2010-07-09 23:32:18 +00:00
ms-sql-tables.nse
Do copyediting of NSEDoc. This is a first pass up to ms-sql-xp-cmdshell.
2010-07-09 23:32:18 +00:00
ms-sql-xp-cmdshell.nse
Do copyediting of NSEDoc. This is a first pass up to ms-sql-xp-cmdshell.
2010-07-09 23:32:18 +00:00
mysql-brute.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
mysql-databases.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
mysql-empty-password.nse
Fixed a number of incorrect receives and replaced them with receive_bytes.
2010-08-24 20:25:46 +00:00
mysql-info.nse
Do copyediting of NSEDoc up through pgsql-brute.
2010-07-12 06:21:03 +00:00
mysql-users.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
mysql-variables.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
nat-pmp-info.nse
Fix some whitespace.
2010-09-28 22:30:48 +00:00
nbstat.nse
Removed some more errant newlines from the output
2010-11-03 19:53:58 +00:00
netbus-auth-bypass.nse
Change categories of netbus-auth-bypass from {"default", "vuln", "safe"}
2010-12-13 18:00:06 +00:00
netbus-brute.nse
o [NSE] Added scripts by Toni Ruotto communicating with the NetBus
2010-12-13 18:00:02 +00:00
netbus-info.nse
o [NSE] Added scripts by Toni Ruotto communicating with the NetBus
2010-12-13 18:00:02 +00:00
netbus-version.nse
User shortport.version_port_or_service instead of just
2010-12-13 18:00:07 +00:00
nfs-ls.nse
Small code cleaning.
2010-10-31 21:37:06 +00:00
nfs-showmount.nse
Use the new get_script_args() function to parse script arguments and clean some whitespaces.
2010-08-17 01:58:47 +00:00
nfs-statfs.nse
Small code cleaning.
2010-10-31 21:37:06 +00:00
ntp-info.nse
ntp-monlist.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
oracle-brute.nse
o [NSE] Added a Oracle TNS library and two new scripts that make use of it.
2010-08-19 23:09:32 +00:00
oracle-enum-users.nse
o [NSE] Added a Oracle TNS library and two new scripts that make use of it.
2010-08-19 23:09:32 +00:00
oracle-sid-brute.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
p2p-conficker.nse
Do copyediting of NSEDoc up through pgsql-brute.
2010-07-12 06:21:03 +00:00
path-mtu.nse
Remove unused and newly unrequired arguments to the pcap check functions (which
2010-09-19 02:15:19 +00:00
pgsql-brute.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
pjl-ready-message.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
pop3-brute.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
pop3-capabilities.nse
Merge r18689:r19511 from /nmap-exp/djalal/nse-rules.
2010-08-06 16:40:03 +00:00
pptp-version.nse
Merge r18160:18278 from nmap-exp/djalal/nmap-nse/ to fix NSE not honoring the exclude directive bug.
2010-06-29 21:56:59 +00:00
qscan.nse
removed some unnecessary locals
2010-11-05 14:25:44 +00:00
realvnc-auth-bypass.nse
Put realvnc-auth-bypass.nse in "auth" category.
2010-12-13 17:30:06 +00:00
resolveall.nse
Add the resolveall prerule script which takes a table of hosts and adds the
2010-09-28 02:04:20 +00:00
rmi-dumpregistry.nse
Updates to rmi-dumpregistry.nse and rmi.lua from Martin Holst Swende.
2010-11-23 17:45:58 +00:00
rpcinfo.nse
Use the new get_script_args() function to parse script arguments and clean some whitespaces.
2010-08-17 01:58:47 +00:00
script.db
Add gopher-ls.nse by Toni Ruotto.
2010-12-29 18:46:16 +00:00
skypev2-version.nse
Merge r18160:18278 from nmap-exp/djalal/nmap-nse/ to fix NSE not honoring the exclude directive bug.
2010-06-29 21:56:59 +00:00
smb-brute.nse
remove unused port arg from host scripts' action/hostrule
2010-08-03 18:54:29 +00:00
smb-check-vulns.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
smb-enum-domains.nse
Fixed a bug where a ternary operator meant to prevent a nil pointer exception was outside of a math.floor() call, making it totally worthless. I moved the math.floor() outside the operation, fixing it.
2010-09-24 01:33:01 +00:00
smb-enum-groups.nse
First-pass copyediting on the remaining scripts.
2010-07-12 17:19:26 +00:00
smb-enum-processes.nse
Change " \n" to just "\n" where appropriate in NSE. Leading newlines are
2010-09-30 05:03:39 +00:00
smb-enum-sessions.nse
Lots of little bugfixes throughout several smb scripts, mostly related to bad use of global variables
2010-09-24 00:31:12 +00:00
smb-enum-shares.nse
Merge from Dependencies branch (nmap-exp/patrick/dependencies)
2009-12-30 02:34:05 +00:00
smb-enum-users.nse
First-pass copyediting on the remaining scripts.
2010-07-12 17:19:26 +00:00
smb-flood.nse
Added a new smb script: smb-flood.nse. This denial-of-service script attempts to open too many SMB connections to the server, which can deny legitimate connections from being established.
2010-10-03 23:02:39 +00:00
smb-os-discovery.nse
First-pass copyediting on the remaining scripts.
2010-07-12 17:19:26 +00:00
smb-psexec.nse
Significant changes, both bugfixes and best practice changes, to smb-psexec.nse. Primarily:
2010-08-07 19:36:47 +00:00
smb-security-mode.nse
Removed some more errant newlines from the output
2010-11-03 19:53:58 +00:00
smb-server-stats.nse
Merge from Dependencies branch (nmap-exp/patrick/dependencies)
2009-12-30 02:34:05 +00:00
smb-system-info.nse
Lots of little bugfixes throughout several smb scripts, mostly related to bad use of global variables
2010-09-24 00:31:12 +00:00
smbv2-enabled.nse
Fixed the same small bug in smbv2-enabled.nse (was still using the wrong variable for an error message)
2010-08-13 20:39:20 +00:00
smtp-commands.nse
First-pass copyediting on the remaining scripts.
2010-07-12 17:19:26 +00:00
smtp-enum-users.nse
Add status code 553 (Relaying Denied) to the list of NOTPERMITTED codes in
2010-09-07 20:15:41 +00:00
smtp-open-relay.nse
Remove Artoro's email address from smtp-open-relay to match what he uses in http-open-proxy (If he wants the email addresses, I'd be happy to put it in both scripts--I'm just doing a little cleanup for consistency
2010-07-24 05:34:08 +00:00
smtp-strangeport.nse
sniffer-detect.nse
Remove unused and newly unrequired arguments to the pcap check functions (which
2010-09-19 02:15:19 +00:00
snmp-brute.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
snmp-interfaces.nse
Adding prerule support to snmp-interfaces.nse and the ability to add the
2010-09-28 02:33:52 +00:00
snmp-netstat.nse
Added missing error handling for connection timeouts
2010-08-31 13:38:50 +00:00
snmp-processes.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
snmp-sysdescr.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
snmp-win32-services.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
snmp-win32-shares.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
snmp-win32-software.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
snmp-win32-users.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
socks-open-proxy.nse
First-pass copyediting on the remaining scripts.
2010-07-12 17:19:26 +00:00
sql-injection.nse
Made some big style changes to clean up HTTP library. Primarily focused on improving the interface, NSEDoc, and pipline support
2010-11-02 02:07:01 +00:00
ssh2-enum-algos.nse
o [NSE] Added the ssh2-enum-algos script which reports the number of
2010-10-29 14:30:00 +00:00
ssh-hostkey.nse
Merge r18689:r19511 from /nmap-exp/djalal/nse-rules.
2010-08-06 16:40:03 +00:00
sshv1.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
ssl-cert.nse
o [NSE] Added reporting of the type and bit size of certificate public
2010-10-20 05:49:17 +00:00
ssl-enum-ciphers.nse
update script name in @output
2010-10-13 03:52:34 +00:00
sslv2.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
stuxnet-detect.nse
o [NSE] Added stuxnet-detect.nse by Mak Kolybabi, which detects
2010-12-12 22:40:42 +00:00
svn-brute.nse
o [NSE] Added svn-brute, which attempts to perform password guessing against
2010-08-18 20:50:51 +00:00
targets-traceroute.nse
Added the targets-traceroute script, which inserts traceroute hops onto Nmap scanning queue.
2010-09-10 01:53:22 +00:00
telnet-brute.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00
upnp-info.nse
applied patch from Thomas Buchanan containing bugfixes and some re-factoring
2010-11-19 19:31:50 +00:00
vnc-brute.nse
o [NSE] Added one script (vnc-brute) that performs password guessing against
2010-08-14 15:13:15 +00:00
vnc-info.nse
o [NSE] Added one script (vnc-brute) that performs password guessing against
2010-08-14 15:13:15 +00:00
wdb-version.nse
Add a "VULNERABLE" banner to the output of wdb-version.nse.
2010-08-17 22:30:43 +00:00
whois.nse
Change " \n" to just "\n" where appropriate in NSE. Leading newlines are
2010-09-30 05:03:39 +00:00
wsdd-discover.nse
o [NSE] Added a new Web Service Dynamic Discovery library (wsdd) and the two
2010-11-10 22:35:13 +00:00
x11-access.nse
Change calls in these forms:
2010-08-16 18:59:30 +00:00