NSEDoc

• Index
• NSE Documentation

Categories

• auth
• broadcast
• brute
• default
• discovery
• dos
• exploit
• external
• fuzzer
• intrusive
• malware
• safe
• version
• vuln

Scripts (show 324)(324)Scripts (324)

• address-info
• afp-brute
• afp-ls
• afp-path-vuln
• afp-serverinfo
• afp-showmount
• amqp-info
• asn-query
• auth-owners
• auth-spoof
• backorifice-brute
• backorifice-info
• banner
• bitcoin-getaddr
• bitcoin-info
• bitcoinrpc-info
• bittorrent-discovery
• broadcast-avahi-dos
• broadcast-db2-discover
• broadcast-dhcp-discover
• broadcast-dhcp6-discover
• broadcast-dns-service-discovery
• broadcast-dropbox-listener
• broadcast-listener
• broadcast-ms-sql-discover
• broadcast-netbios-master-browser
• broadcast-novell-locate
• broadcast-pc-anywhere
• broadcast-pc-duo
• broadcast-ping
• broadcast-pppoe-discover
• broadcast-rip-discover
• broadcast-ripng-discover
• broadcast-sybase-asa-discover
• broadcast-upnp-info
• broadcast-wake-on-lan
• broadcast-wpad-discover
• broadcast-wsdd-discover
• broadcast-xdmcp-discover
• cccam-version
• citrix-brute-xml
• citrix-enum-apps
• citrix-enum-apps-xml
• citrix-enum-servers
• citrix-enum-servers-xml
• couchdb-databases
• couchdb-stats
• creds-summary
• cvs-brute
• cvs-brute-repository
• daap-get-library
• daytime
• db2-das-info
• db2-discover
• dhcp-discover
• dns-blacklist
• dns-brute
• dns-cache-snoop
• dns-fuzz
• dns-nsec-enum
• dns-nsid
• dns-random-srcport
• dns-random-txid
• dns-recursion
• dns-service-discovery
• dns-srv-enum
• dns-update
• dns-zeustracker
• dns-zone-transfer
• domcon-brute
• domcon-cmd
• domino-enum-users
• dpap-brute
• drda-brute
• drda-info
• epmd-info
• finger
• firewalk
• ftp-anon
• ftp-bounce
• ftp-brute
• ftp-libopie
• ftp-proftpd-backdoor
• ftp-vsftpd-backdoor
• ftp-vuln-cve2010-4221
• ganglia-info
• giop-info
• gopher-ls
• hadoop-datanode-info
• hadoop-jobtracker-info
• hadoop-namenode-info
• hadoop-secondary-namenode-info
• hadoop-tasktracker-info
• hbase-master-info
• hbase-region-info
• hddtemp-info
• hostmap
• http-affiliate-id
• http-apache-negotiation
• http-auth
• http-auth-finder
• http-awstatstotals-exec
• http-axis2-dir-traversal
• http-backup-finder
• http-barracuda-dir-traversal
• http-brute
• http-cakephp-version
• http-cors
• http-date
• http-default-accounts
• http-domino-enum-passwords
• http-email-harvest
• http-enum
• http-favicon
• http-form-brute
• http-generator
• http-google-malware
• http-grep
• http-headers
• http-iis-webdav-vuln
• http-joomla-brute
• http-litespeed-sourcecode-download
• http-majordomo2-dir-traversal
• http-malware-host
• http-method-tamper
• http-methods
• http-open-proxy
• http-open-redirect
• http-passwd
• http-php-version
• http-proxy-brute
• http-put
• http-qnap-nas-info
• http-robots.txt
• http-robtex-reverse-ip
• http-title
• http-trace
• http-unsafe-output-escaping
• http-userdir-enum
• http-vhosts
• http-vmware-path-vuln
• http-vuln-cve2009-3960
• http-vuln-cve2011-3192
• http-vuln-cve2011-3368
• http-waf-detect
• http-wordpress-brute
• http-wordpress-enum
• http-wordpress-plugins
• iax2-brute
• iax2-version
• imap-brute
• imap-capabilities
• informix-brute
• informix-query
• informix-tables
• ip-geolocation-geobytes
• ip-geolocation-geoplugin
• ip-geolocation-ipinfodb
• ip-geolocation-maxmind
• ipidseq
• ipv6-node-info
• irc-botnet-channels
• irc-brute
• irc-info
• irc-unrealircd-backdoor
• iscsi-brute
• iscsi-info
• jdwp-version
• krb5-enum-users
• ldap-brute
• ldap-novell-getpass
• ldap-rootdse
• ldap-search
• lexmark-config
• lltd-discovery
• maxdb-info
• membase-brute
• membase-http-info
• memcached-info
• metasploit-xmlrpc-brute
• modbus-discover
• mongodb-databases
• mongodb-info
• ms-sql-brute
• ms-sql-config
• ms-sql-dump-hashes
• ms-sql-empty-password
• ms-sql-hasdbaccess
• ms-sql-info
• ms-sql-query
• ms-sql-tables
• ms-sql-xp-cmdshell
• mysql-audit
• mysql-brute
• mysql-databases
• mysql-empty-password
• mysql-info
• mysql-users
• mysql-variables
• nat-pmp-info
• nat-pmp-mapport
• nbstat
• ncp-enum-users
• ncp-serverinfo
• nessus-brute
• nessus-xmlrpc-brute
• netbus-auth-bypass
• netbus-brute
• netbus-info
• netbus-version
• nexpose-brute
• nfs-ls
• nfs-showmount
• nfs-statfs
• nping-brute
• nrpe-enum
• ntp-info
• ntp-monlist
• omp2-brute
• omp2-enum-targets
• openlookup-info
• openvas-otp-brute
• oracle-brute
• oracle-enum-users
• oracle-sid-brute
• ovs-agent-version
• p2p-conficker
• path-mtu
• pgsql-brute
• pjl-ready-message
• pop3-brute
• pop3-capabilities
• pptp-version
• qscan
• quake3-info
• quake3-master-getservers
• realvnc-auth-bypass
• redis-brute
• redis-info
• resolveall
• reverse-index
• rexec-brute
• riak-http-info
• rlogin-brute
• rmi-dumpregistry
• rpcinfo
• rtsp-methods
• rtsp-url-brute
• servicetags
• sip-brute
• sip-enum-users
• skypev2-version
• smb-brute
• smb-check-vulns
• smb-enum-domains
• smb-enum-groups
• smb-enum-processes
• smb-enum-sessions
• smb-enum-shares
• smb-enum-users
• smb-flood
• smb-mbenum
• smb-os-discovery
• smb-psexec
• smb-security-mode
• smb-server-stats
• smb-system-info
• smbv2-enabled
• smtp-brute
• smtp-commands
• smtp-enum-users
• smtp-open-relay
• smtp-strangeport
• smtp-vuln-cve2010-4344
• smtp-vuln-cve2011-1720
• smtp-vuln-cve2011-1764
• sniffer-detect
• snmp-brute
• snmp-interfaces
• snmp-ios-config
• snmp-netstat
• snmp-processes
• snmp-sysdescr
• snmp-win32-services
• snmp-win32-shares
• snmp-win32-software
• snmp-win32-users
• socks-auth-info
• socks-brute
• socks-open-proxy
• sql-injection
• ssh-hostkey
• ssh2-enum-algos
• sshv1
• ssl-cert
• ssl-enum-ciphers
• ssl-google-cert-catalog
• ssl-known-key
• sslv2
• stuxnet-detect
• svn-brute
• targets-ipv6-multicast-echo
• targets-ipv6-multicast-invalid-dst
• targets-ipv6-multicast-slaac
• targets-sniffer
• targets-traceroute
• telnet-brute
• telnet-encryption
• tftp-enum
• unusual-port
• upnp-info
• url-snarf
• vmauthd-brute
• vnc-brute
• vnc-info
• voldemort-info
• vuze-dht-info
• wdb-version
• whois
• wsdd-discover
• x11-access
• xdmcp-discover
• xmpp-brute
• xmpp-info

Libraries (show 85)(85)Libraries (85)

• afp
• amqp
• asn1
• base64
• bin
• bit
• bitcoin
• bittorrent
• brute
• citrixxml
• comm
• creds
• cvs
• datafiles
• dhcp
• dhcp6
• dns
• dnsbl
• dnssd
• drda
• ftp
• giop
• http
• httpspider
• iax2
• imap
• informix
• ipOps
• iscsi
• json
• ldap
• listop
• match
• membase
• mongodb
• msrpc
• msrpcperformance
• msrpctypes
• mssql
• mysql
• natpmp
• ncp
• netbios
• nmap
• nrpc
• nsedebug
• omp2
• openssl
• packet
• pcre
• pgsql
• pop3
• pppoe
• proxy
• redis
• rmi
• rpc
• rtsp
• sasl
• shortport
• sip
• smb
• smbauth
• smtp
• snmp
• socks
• srvloc
• ssh1
• ssh2
• stdnse
• strbuf
• strict
• tab
• target
• tftp
• tns
• unpwdb
• upnp
• url
• vnc
• vulns
• vuzedht
• wsdd
• xdmcp
• xmpp

Scripts

amqp-info	Gathers information (a list of all server properties) from an AMQP (advanced message queuing protocol) server.
cccam-version	Detects the CCcam service.
db2-das-info	Connects to the IBM DB2 Administration Server (DAS) on TCP or UDP port 523 and exports the server profile. No authentication is required for this request.
drda-info	Attempts to extract information from database servers supporting the DRDA protocol. The script sends a DRDA EXCSAT (exchange server attributes) command packet and parses the response.
iax2-version	Detects the UDP IAX2 service.
jdwp-version	Detects the Java Debug Wire Protocol. This protocol is used by Java programs to be debugged via the network. It should not be open to the public Internet, as it does not provide any security against malicious attackers who can inject their own bytecode into the debugged process.
maxdb-info	Retrieves version and database information from a SAP Max DB database.
netbus-version	Extends version detection to detect NetBuster, a honeypot service that mimes NetBus.
openlookup-info	Parses and displays the banner information of an OpenLookup (network key-value store) server.
ovs-agent-version	Detects the version of an Oracle OVSAgentServer by fingerprinting responses to an HTTP GET request and an XML-RPC method call.
pptp-version	Attempts to extract system information from the point-to-point tunneling protocol (PPTP) service.
quake3-info	Extracts information from a Quake3 game server and other games which use the same protocol.
skypev2-version	Detects the Skype version 2 service.
wdb-version	Detects vulnerabilities and gathers information (such as version numbers and hardware support) from VxWorks Wind DeBug agents.
xmpp-info	Connects to XMPP server (port 5222) and collects server information such as: supported auth mechanisms, compression methods, whether TLS is supported and mandatory, stream management, language, support of In-Band registration, server capabilities. If possible, studies server vendor.