Scripts
| asn-query |
Maps IP addresses to autonomous system (AS) numbers. |
| dns-blacklist |
Checks target IP addresses against multiple DNS anti-spam and open proxy blacklists and returns a list of services where the IP has been blacklisted. Checks may be limited by service category (eg: SPAM, PROXY) or to a specific service name. |
| dns-random-srcport |
Checks a DNS server for the predictable-port recursion vulnerability. Predictable source ports can make a DNS server vulnerable to cache poisoning attacks (see CVE-2008-1447). |
| dns-random-txid |
Checks a DNS server for the predictable-TXID DNS recursion vulnerability. Predictable TXID values can make a DNS server vulnerable to cache poisoning attacks (see CVE-2008-1447). |
| dns-zeustracker |
Checks if the target IP range is part of a Zeus botnet by querying ZTDNS @ abuse.ch. Please review the following information before you start to scan: |
| hostmap |
Tries to find hostnames that resolve to the target's IP address by querying the online database at http://www.bfk.de/bfk_dnslogger.html. |
| http-google-malware |
Checks if hosts are on Google's blacklist of suspected malware and phishing servers. These lists are constantly updated and are part of Google's Safe Browsing service. |
| http-open-proxy |
Checks if an HTTP proxy is open. |
| http-proxy-brute |
Performs brute force password guessing against a HTTP proxy server |
| http-robtex-reverse-ip |
Obtains up to 100 forward DNS names for a target IP address by querying the Robtex service (http://www.robtex.com/ip/). |
| ip-geolocation-geobytes |
Tries to identify the physical location of an IP address using the Geobytes geolocation web service (http://www.geobytes.com/iplocator.htm). The limit of lookups using this service is 20 requests per hour. Once the limit is reached, an nmap.registry["ip-geolocation-geobytes"].blocked boolean is set so no further requests are made during a scan. |
| ip-geolocation-geoplugin |
Tries to identify the physical location of an IP address using the Geoplugin geolocation web service (http://www.geoplugin.com/). There is no limit on lookups using this service. |
| ip-geolocation-ipinfodb |
Tries to identify the physical location of an IP address using the IPInfoDB geolocation web service (http://ipinfodb.com/ip_location_api.php). |
| ip-geolocation-maxmind |
Tries to identify the physical location of an IP address using a Geolocation Maxmind database file (available from http://www.maxmind.com/app/ip-location). This script supports queries using all Maxmind databases that are supported by their API including the commercial ones. |
| smtp-enum-users |
Attempts to enumerate the users on a SMTP server by issuing the VRFY, EXPN or RCPT TO commands. The goal of this script is to discover all the user accounts in the remote system. |
| smtp-open-relay |
Attempts to relay mail by issuing a predefined combination of SMTP commands. The goal of this script is to tell if a SMTP server is vulnerable to mail relaying. |
| socks-open-proxy |
Checks if an open socks proxy is running on the target. |
| ssl-google-cert-catalog |
Queries Google's Certificate Catalog for the SSL certificates retrieved from target hosts. |
| whois |
Queries the WHOIS services of Regional Internet Registries (RIR) and attempts to retrieve information about the IP Address Assignment which contains the Target IP Address. |