For a description of this category, see dos NSE category in the Nmap documentation.

Scripts

broadcast-avahi-dos

Attempts to discover hosts in the local network using the DNS Service Discovery protocol and sends a NULL UDP packet to each host to test if it is vulnerable to the Avahi NULL UDP packet denial of service (CVE-2011-1002).

http-slowloris

Tests a web server for vulnerability to the Slowloris DoS attack by launching a Slowloris attack.

ipv6-ra-flood

Generates a flood of Router Advertisements (RA) with random source MAC addresses and IPv6 prefixes. Computers, which have stateless autoconfiguration enabled by default (every major OS), will start to compute IPv6 suffix and update their routing table to reflect the accepted announcement. This will cause 100% CPU usage on Windows and platforms, preventing to process other application requests.

smb-flood

Exhausts a remote SMB server's connection limit by by opening as many connections as we can. Most implementations of SMB have a hard global limit of 11 connections for user accounts and 10 connections for anonymous. Once that limit is reached, further connections are denied. This script exploits that limit by taking up all the connections and holding them.

smb-vuln-conficker

Detects Microsoft Windows systems infected by the Conficker worm. This check is dangerous and it may crash systems.

smb-vuln-cve2009-3103

Detects Microsoft Windows systems vulnerable to denial of service (CVE-2009-3103). This script will crash the service if it is vulnerable.

smb-vuln-ms06-025

Detects Microsoft Windows systems with Ras RPC service vulnerable to MS06-025.

smb-vuln-ms07-029

Detects Microsoft Windows systems with Dns Server RPC vulnerable to MS07-029.

smb-vuln-ms08-067

Detects Microsoft Windows systems vulnerable to the remote code execution vulnerability known as MS08-067. This check is dangerous and it may crash systems.

smb-vuln-ms10-054

Tests whether target machines are vulnerable to the ms10-054 SMB remote memory corruption vulnerability.

smb-vuln-regsvc-dos

Checks if a Microsoft Windows 2000 system is vulnerable to a crash in regsvc caused by a null pointer dereference. This check will crash the service if it is vulnerable and requires a guest account or higher to work.