NSEDoc

Index
NSE Documentation

Scripts (show 374)(374)Scripts (374)

acarsd-info
address-info
afp-brute
afp-ls
afp-path-vuln
afp-serverinfo
afp-showmount
ajp-auth
ajp-brute
ajp-headers
ajp-methods
ajp-request
amqp-info
asn-query
auth-owners
auth-spoof
backorifice-brute
backorifice-info
banner
bitcoin-getaddr
bitcoin-info
bitcoinrpc-info
bittorrent-discovery
broadcast-ataoe-discover
broadcast-avahi-dos
broadcast-db2-discover
broadcast-dhcp-discover
broadcast-dhcp6-discover
broadcast-dns-service-discovery
broadcast-dropbox-listener
broadcast-listener
broadcast-ms-sql-discover
broadcast-netbios-master-browser
broadcast-networker-discover
broadcast-novell-locate
broadcast-pc-anywhere
broadcast-pc-duo
broadcast-ping
broadcast-pppoe-discover
broadcast-rip-discover
broadcast-ripng-discover
broadcast-sybase-asa-discover
broadcast-tellstick-discover
broadcast-upnp-info
broadcast-versant-locate
broadcast-wake-on-lan
broadcast-wpad-discover
broadcast-wsdd-discover
broadcast-xdmcp-discover
cccam-version
citrix-brute-xml
citrix-enum-apps
citrix-enum-apps-xml
citrix-enum-servers
citrix-enum-servers-xml
couchdb-databases
couchdb-stats
creds-summary
cups-info
cups-queue-info
cvs-brute
cvs-brute-repository
daap-get-library
daytime
db2-das-info
db2-discover
dhcp-discover
dict-info
dns-blacklist
dns-brute
dns-cache-snoop
dns-check-zone
dns-client-subnet-scan
dns-fuzz
dns-ip6-arpa-scan
dns-nsec-enum
dns-nsid
dns-random-srcport
dns-random-txid
dns-recursion
dns-service-discovery
dns-srv-enum
dns-update
dns-zeustracker
dns-zone-transfer
domcon-brute
domcon-cmd
domino-enum-users
dpap-brute
drda-brute
drda-info
duplicates
eap-info
epmd-info
finger
firewalk
ftp-anon
ftp-bounce
ftp-brute
ftp-libopie
ftp-proftpd-backdoor
ftp-vsftpd-backdoor
ftp-vuln-cve2010-4221
ganglia-info
giop-info
gkrellm-info
gopher-ls
gpsd-info
hadoop-datanode-info
hadoop-jobtracker-info
hadoop-namenode-info
hadoop-secondary-namenode-info
hadoop-tasktracker-info
hbase-master-info
hbase-region-info
hddtemp-info
hostmap-bfk
hostmap-robtex
http-affiliate-id
http-apache-negotiation
http-auth
http-auth-finder
http-awstatstotals-exec
http-axis2-dir-traversal
http-backup-finder
http-barracuda-dir-traversal
http-brute
http-cakephp-version
http-chrono
http-config-backup
http-cors
http-date
http-default-accounts
http-domino-enum-passwords
http-drupal-enum-users
http-email-harvest
http-enum
http-favicon
http-form-brute
http-generator
http-gitweb-projects-enum
http-google-malware
http-grep
http-headers
http-icloud-findmyiphone
http-icloud-sendmsg
http-iis-webdav-vuln
http-joomla-brute
http-litespeed-sourcecode-download
http-majordomo2-dir-traversal
http-malware-host
http-method-tamper
http-methods
http-open-proxy
http-open-redirect
http-passwd
http-php-version
http-proxy-brute
http-put
http-qnap-nas-info
http-robots.txt
http-robtex-reverse-ip
http-robtex-shared-ns
http-title
http-trace
http-unsafe-output-escaping
http-userdir-enum
http-vhosts
http-virustotal
http-vlcstreamer-ls
http-vmware-path-vuln
http-vuln-cve2009-3960
http-vuln-cve2010-2861
http-vuln-cve2011-3192
http-vuln-cve2011-3368
http-vuln-cve2012-1823
http-waf-detect
http-wordpress-brute
http-wordpress-enum
http-wordpress-plugins
iax2-brute
iax2-version
imap-brute
imap-capabilities
informix-brute
informix-query
informix-tables
ip-forwarding
ip-geolocation-geobytes
ip-geolocation-geoplugin
ip-geolocation-ipinfodb
ip-geolocation-maxmind
ipidseq
ipv6-node-info
irc-botnet-channels
irc-brute
irc-info
irc-unrealircd-backdoor
iscsi-brute
iscsi-info
jdwp-version
krb5-enum-users
ldap-brute
ldap-novell-getpass
ldap-rootdse
ldap-search
lexmark-config
lltd-discovery
maxdb-info
membase-brute
membase-http-info
memcached-info
metasploit-xmlrpc-brute
mmouse-brute
mmouse-exec
modbus-discover
mongodb-brute
mongodb-databases
mongodb-info
ms-sql-brute
ms-sql-config
ms-sql-dump-hashes
ms-sql-empty-password
ms-sql-hasdbaccess
ms-sql-info
ms-sql-query
ms-sql-tables
ms-sql-xp-cmdshell
mysql-audit
mysql-brute
mysql-databases
mysql-empty-password
mysql-info
mysql-users
mysql-variables
nat-pmp-info
nat-pmp-mapport
nbstat
ncp-enum-users
ncp-serverinfo
ndmp-fs-info
ndmp-version
nessus-brute
nessus-xmlrpc-brute
netbus-auth-bypass
netbus-brute
netbus-info
netbus-version
nexpose-brute
nfs-ls
nfs-showmount
nfs-statfs
nping-brute
nrpe-enum
ntp-info
ntp-monlist
omp2-brute
omp2-enum-targets
openlookup-info
openvas-otp-brute
oracle-brute
oracle-enum-users
oracle-sid-brute
ovs-agent-version
p2p-conficker
path-mtu
pgsql-brute
pjl-ready-message
pop3-brute
pop3-capabilities
pptp-version
qscan
quake3-info
quake3-master-getservers
rdp-vuln-ms12-020
realvnc-auth-bypass
redis-brute
redis-info
resolveall
reverse-index
rexec-brute
riak-http-info
rlogin-brute
rmi-dumpregistry
rpcap-brute
rpcap-info
rpcinfo
rsync-brute
rsync-list-modules
rtsp-methods
rtsp-url-brute
samba-vuln-cve-2012-1182
servicetags
sip-brute
sip-enum-users
skypev2-version
smb-brute
smb-check-vulns
smb-enum-domains
smb-enum-groups
smb-enum-processes
smb-enum-sessions
smb-enum-shares
smb-enum-users
smb-flood
smb-mbenum
smb-os-discovery
smb-psexec
smb-security-mode
smb-server-stats
smb-system-info
smbv2-enabled
smtp-brute
smtp-commands
smtp-enum-users
smtp-open-relay
smtp-strangeport
smtp-vuln-cve2010-4344
smtp-vuln-cve2011-1720
smtp-vuln-cve2011-1764
sniffer-detect
snmp-brute
snmp-interfaces
snmp-ios-config
snmp-netstat
snmp-processes
snmp-sysdescr
snmp-win32-services
snmp-win32-shares
snmp-win32-software
snmp-win32-users
socks-auth-info
socks-brute
socks-open-proxy
sql-injection
ssh-hostkey
ssh2-enum-algos
sshv1
ssl-cert
ssl-enum-ciphers
ssl-google-cert-catalog
ssl-known-key
sslv2
stun-info
stun-version
stuxnet-detect
svn-brute
targets-asn
targets-ipv6-multicast-echo
targets-ipv6-multicast-invalid-dst
targets-ipv6-multicast-mld
targets-ipv6-multicast-slaac
targets-sniffer
targets-traceroute
telnet-brute
telnet-encryption
tftp-enum
traceroute-geolocation
unusual-port
upnp-info
url-snarf
versant-info
vmauthd-brute
vnc-brute
vnc-info
voldemort-info
vuze-dht-info
wdb-version
whois
wsdd-discover
x11-access
xdmcp-discover
xmpp-brute
xmpp-info

Libraries (show 96)(96)Libraries (96)

afp
ajp
amqp
asn1
base64
bin
bit
bitcoin
bittorrent
brute
citrixxml
comm
creds
cvs
datafiles
dhcp
dhcp6
dns
dnsbl
dnssd
drda
eap
ftp
giop
gps
http
httpspider
iax2
imap
informix
ipOps
ipp
iscsi
json
ldap
listop
match
membase
mobileme
mongodb
msrpc
msrpcperformance
msrpctypes
mssql
mysql
natpmp
ncp
ndmp
netbios
nmap
nrpc
nsedebug
omp2
openssl
packet
pcre
pgsql
pop3
pppoe
proxy
redis
rmi
rpc
rpcap
rsync
rtsp
sasl
shortport
sip
smb
smbauth
smtp
snmp
socks
srvloc
ssh1
ssh2
sslcert
stdnse
strbuf
strict
stun
tab
target
tftp
tns
unpwdb
upnp
url
versant
vnc
vulns
vuzedht
wsdd
xdmcp
xmpp

File `dns-nsid`

Script types: portrule
Categories: discovery, default
Download: http://nmap.org/svn/scripts/dns-nsid.nse

User Summary

Retrieves information from a DNS nameserver by requesting its nameserver ID (nsid) and asking for its id.server and version.bind values. This script performs the same queries as the following two dig commands: - dig CH TXT bind.version @target - dig +nsid CH TXT id.server @target

References: [1]http://www.ietf.org/rfc/rfc5001.txt [2]http://www.ietf.org/rfc/rfc4892.txt

Example Usage

nmap -sSU -p 53 --script dns-nsid <target>

Script Output

53/udp open  domain  udp-response
| dns-nsid: 
|   NSID dns.example.com (646E732E6578616D706C652E636F6D)
|   id.server: dns.example.com
|_  bind.version: 9.7.3-P3

Requires

stdnse
shortport
dns

Author: John Bond

License: Simplified (2-clause) BSD license--See http://nmap.org/svn/docs/licenses/BSD-simplified

Sponsors

NSEDoc

Categories

Scripts (show 374)(374)Scripts (374)

Libraries (show 96)(96)Libraries (96)

File `dns-nsid`

User Summary

Example Usage

Script Output

Requires

Nmap Site Navigation

Sponsors

NSEDoc

Categories

Scripts (show 374)(374)Scripts (374)

Libraries (show 96)(96)Libraries (96)

File dns-nsid

User Summary

Example Usage

Script Output

Requires

Nmap Site Navigation

File `dns-nsid`