This library was written by Patrik Karlsson <firstname.lastname@example.org> to facilitate
communication with the Apple AFP Service. It is not feature complete and
still missing several functions.
A basic AJP 1.3 implementation based on documentation available from Apache
The AMQP library provides some basic functionality for retrieving information
about an AMQP server's properties.
Base32 encoding and decoding. Follows RFC 4648.
Base64 encoding and decoding. Follows RFC 4648.
Pack and unpack binary data.
Bitwise operations on integers.
This library implements a minimal subset of the BitCoin protocol
It currently supports the version handshake and processing Addr responses.
Bittorrent and DHT protocol library which enables users to read
information from a torrent file, decode bencoded (bittorrent
encoded) buffers, find peers associated with a certain torrent and
retrieve nodes discovered during the search for peers.
An implementation of the Canon BJNP protocol used to discover and query
Canon network printers and scanner devices.
The brute library is an attempt to create a common framework for performing
password guessing against remote services.
Library methods for handling Cassandra Thrift communication as client
This module was written by Patrik Karlsson and facilitates communication
with the Citrix XML Service. It is not feature complete and is missing several
functions and parameters.
Common communication functions for network discovery tasks like
banner grabbing and data exchange.
The credential class stores found credentials in the Nmap registry
A minimal CVS (Concurrent Versions System) pserver protocol implementation which currently only supports authentication.
Read and parse some of Nmap's data files:
Implement a Dynamic Host Configuration Protocol (DHCP) client.
Minimalistic DHCP6 (Dynamic Host Configuration Protocol for IPv6)
implementation supporting basic DHCP6 Solicit requests The library
is structured around the following classes:
- DHCP6.Option - DHCP6 options encoders (for requests) and decoders
- DHCP6.Request - DHCP6 request encoder and decoder
- DHCP6.Response - DHCP6 response encoder and decoder
- Helper - The helper class, primary script interface
Simple DNS library supporting packet creation, encoding, decoding,
A minimalistic DNS BlackList library implemented to facilitate querying
various DNSBL services. The current list of services has been implemented
based on the following compilations of services:
Library for supporting DNS Service Discovery
DRDA Library supporting a very limited subset of operations.
EAP (Extensible Authentication Protocol) library supporting a
limited subset of features.
A library supporting parsing and generating a limited subset of the Cisco' EIGRP packets.
GIOP Library supporting a very limited subset of operations
A smallish gps parsing module.
Currently does GPRMC NMEA decoding
Implements the HTTP client protocol in a standard form that Nmap scripts can
take advantage of.
A smallish httpspider library providing basic spidering capabilities
It consists of the following classes:
A minimalistic Asterisk IAX2 (Inter-Asterisk eXchange v2) VoIP protocol implementation.
The library implements the minimum needed to perform brute force password guessing.
A library implementing a minor subset of the IMAP protocol, currently the
CAPABILITY, LOGIN and AUTHENTICATE functions. The library was initially
written by Brandon Enright and later extended and converted to OO-form by
Patrik Karlsson <email@example.com>
Informix Library supporting a very limited subset of Informix operations
Utility functions for manipulating and comparing IP addresses.
A small CUPS ipp (Internet Printing Protocol) library implementation
An iSCSI library implementing written by Patrik Karlsson <firstname.lastname@example.org>
The library currently supports target discovery and login.
A minimal Internet Storage Name Service (iSNS) implementation
JDWP (Java Debug Wire Protocol) library implementing a set of commands needed to
use remote debugging port and inject java bytecode.
Library methods for handling JSON data. It handles JSON encoding and
decoding according to RFC 4627.
Library methods for handling LDAP.
Returns a directory iterator listing the contents of the given path
Each time the iterator is called with dir_obj it returns a directory entry's
name as a string, or nil if there are no more entries.
Functional-style list operations.
Buffered network I/O helper functions.
A smallish implementation of the Couchbase Membase TAP protocol
Based on the scarce documentation from the Couchbase Wiki:
A MobileMe web service client that allows discovering Apple devices
using the "find my iPhone" functionality.
Library methods for handling MongoDB, creating and parsing packets.
By making heavy use of the
smb library, this library will call various MSRPC
functions. The functions used here can be accessed over TCP ports 445 and 139,
with an established session. A NULL session (the default) will work for some
functions and operating systems (or configurations), but not for others.
This module is designed to parse the
PERF_DATA_BLOCK structure, which is
stored in the registry under HKEY_PERFORMANCE_DATA. By querying this structure, you can
get a whole lot of information about what's going on.
This module was written to marshall parameters for Microsoft RPC (MSRPC) calls. The values passed in and out are based
on structs defined by the protocol, and documented by Samba developers. For detailed breakdowns of the types, take a
look at Samba 4.0's
MSSQL Library supporting a very limited subset of operations.
Simple MySQL Library supporting a very limited subset of operations.
This library implements the basics of NAT-PMP as described in the
NAT Port Mapping Protocol (NAT-PMP) draft:
A tiny implementation of the Netware Core Protocol (NCP).
While NCP was originally a Netware only protocol it's now present on
both Linux and Windows platforms running Novell eDirectory.
A minimalistic NDMP (Network Data Management Protocol) library
Creates and parses NetBIOS traffic. The primary use for this is to send
NetBIOS name requests.
Interface with Nmap internals.
A minimalistic library to support Domino RPC
Debugging functions for Nmap scripts.
This library was written to ease interaction with OpenVAS Manager servers
using OMP (OpenVAS Management Protocol) version 2.
A minimalistic OSPF (Open Shortest Path First routing protocol) library, currently supporting IPv4 and the following
OSPF message types: HELLO
Facilities for manipulating raw packets.
Perl Compatible Regular Expressions.
PostgreSQL library supporting both version 2 and version 3 of the protocol.
The library currently contains the bare minimum to perform authentication.
Authentication is supported with or without SSL enabled and using the
plain-text or MD5 authentication mechanisms.
A minimalistic PPPoE (Point-to-point protocol over Ethernet)
library, implementing basic support for PPPoE
Discovery and Configuration requests. The PPPoE protocol is ethernet based
and hence does not use any IPs or port numbers.
Functions for proxy testing.
A minimal RDP (Remote Desktop Protocol) library. Currently has functionality to determine encryption
and cipher support.
A minimalistic Redis (in-memory key-value data store) library.
Library method for communicating over RMI (JRMP + java serialization)
RPC Library supporting a very limited subset of operations.
This library implements the fundamentals needed to communicate with the
WinPcap Remote Capture Deamon. It currently supports authenticating to
the service using either NULL-, or Password-based authentication.
In addition it has the capabilities to list the interfaces that may be
used for sniffing.
A minimalist RSYNC (remote file sync) library
This Real Time Streaming Protocol (RTSP) library implements only a minimal
subset of the protocol needed by the current scripts.
Simple Authentication and Security Layer (SASL).
Functions for building short portrules.
A SIP library supporting a limited subset of SIP commands and methods
Implements functionality related to Server Message Block (SMB, an extension
of CIFS) traffic, which is a Windows protocol.
This module takes care of the authentication used in SMB (LM, NTLM, LMv2, NTLMv2).
Simple Mail Transfer Protocol (SMTP) operations.
A smallish SOCKS version 5 proxy protocol implementation
A relatively small implementation of the Service Location Protocol.
It was initially designed to support requests for discovering Novell NCP
servers, but should work for any other service as well.
Functions for the SSH-1 protocol. This module also contains functions for
formatting key fingerprints.
Functions for the SSH-2 protocol.
A library providing functions for collecting SSL certificates and storing
them in the host-based registry.
Standard Nmap Scripting Engine functions. This module contains various handy
functions that are too small to justify modules of their own.
String buffer facilities.
Strict declared global library. Checks for undeclared global variables
during runtime execution.
A library that implements the basics of the STUN protocol (Session
Traversal Utilities for NAT) per RFC3489 and RFC5389. A protocol
overview is available at http://en.wikipedia.org/wiki/STUN.
Arrange output into tables.
Utility functions to add new discovered targets to Nmap scan queue.
Library implementing a minimal TFTP server
TNS Library supporting a very limited subset of Oracle operations
Username/password database library.
A UPNP library based on code from upnp-info initially written by
Thomas Buchanan. The code was factored out from upnp-info and partly
re-written by Patrik Karlsson <email@example.com> in order to support
URI parsing, composition, and relative URL resolution.
A tiny library allowing some basic information enumeration from
Versant object database software (see
http://en.wikipedia.org/wiki/Versant_Corporation). The code is
entirely based on packet dumps captured when using the Versant
Management Center administration application.
The VNC library provides some basic functionality needed in order to
communicate with VNC servers, and derivates such as Tight- or Ultra-
Functions for vulnerability management.
A Vuze DHT protocol implementation based on the following documentation:
A library that enables scripts to send Web Service Dynamic Discovery probes
and perform some very basic decoding of responses. The library is in no way
a full WSDD implementation it's rather the result of some packet captures
and some creative coding.
Implementation of the XDMCP (X Display Manager Control Protocol) based on:
A XMPP (Jabber) library, implementing a minimal subset of the protocol
enough to do authentication brute-force.