Nmap/External Script Library
The purpose of this page is to collect all the interesting NSE scripts that for different reasons were not included in the official Nmap repository. Common reasons for not including scripts with Nmap are:
- The script has dependencies that we can't include with Nmap for portability, license, or size reasons
- License incompatability between Nmap and the script itself (acceptable licenses for included scripts)
- Script not yet fully debugged or has some other technical problem preventing inclusion
- Script function is too obscure or too far from Nmap's core functionality to warrant inclusion with Nmap
- Script is still under consideration for inclusion. It may need more techincal review, or we may want to see how many people find it useful.
Contents
- 1 Scripts
- 1.1 ip-proxy-ip2proxy.nse
- 1.2 ip-geolocation-ip2location.nse
- 1.3 sql-slammer-infect.nse
- 1.4 http-screenshot
- 1.5 vulscan.nse
- 1.6 httprecon.nse
- 1.7 bitcoin-enum-targets.nse
- 1.8 http-google-email.nse
- 1.9 http-reverse-ip.nse
- 1.10 nntp-options.nse
- 1.11 http-polycom-soundpoint-info.nse
- 1.12 http-vivotek-camera-info.nse
- 1.13 minecraft-auth.nse
- 1.14 vuze-find-nodes.nse
- 1.15 http-asus-wl500-info.nse
- 1.16 gpsd-ng-info.nse
- 1.17 http-igd-info.nse
- 1.18 http-carel-data-server-users.nse
- 1.19 md5-reverse-lookup.nse
- 1.20 http-trendnet-tvip110w.nse
Scripts
(Please add new scripts to the top of this section)
ip-proxy-ip2proxy.nse
This IP2Proxy script allows user to query an IP address if it was being used as VPN anonymizer, open proxies, web proxies, Tor exits, data center, web hosting (DCH) range, search engine robots (SES) and residential (RES) by using the IP2Proxy Lua Package.
- Author: IP2Location
- Link: https://github.com/ip2location/ip2proxy-nmap
ip-geolocation-ip2location.nse
This IP2Location Nmap script provides a fast lookup of country, region, city, latitude, longitude, ZIP code, time zone, ISP, domain name, connection type, IDD code, area code, weather station code, station name, mcc, mnc, mobile brand, elevation, and usage type from IP address by using IP2Location database with IP2Location Lua Package.
- Author: IP2Location
- Link: https://github.com/ip2location/ip2location-nmap
sql-slammer-infect.nse
This script attempts to infect a discovered MS SQL instances with the SQL Slammer worm. If vulnerable, the target machine will then attempt to propagate to other IP addresses. Obviously this one shouldonly be used in closed test environments, and very carefully at that.
- Author: Daniel Miller
- Link: https://gist.github.com/3124893
http-screenshot
The script captures a screen shot for every service that looks like http. It is useful for identifying rogue http services that the system administrator does not recognise by simply flicking through all the screen shots. It uses wkhtmltoimage from the wkhtmltopdf project to do the job. See the related blog post for details. The script was further improved by Paul Asadoorian in PaulDotCom Podcast Episode 295
- Links: http://pauldotcom.com/2012/07/using-nmap-to-screenshot-web-s.html http://blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web-services.html
- Authors: Ryan Linn, Paul Asadoorian
vulscan.nse
Identification of vulnerabilities (matches version info with osvdb database)
Link: http://seclists.org/nmap-dev/2010/q2/726
Update: http://seclists.org/nmap-dev/2015/q3/319
httprecon.nse
HTTP fingerprinting to determine web server implementation
Link: http://seclists.org/nmap-dev/2010/q2/436
bitcoin-enum-targets.nse
Enumerates Bitcoin peers
Link: http://seclists.org/nmap-dev/2011/q2/837
http-google-email.nse
http-google-email.nse - attempts to search for e-mails pertaining to a specific domain in Google's Web search engine(google.com) and Google Groups search engine(groups.google.com).
Link: http://seclists.org/nmap-dev/2011/q3/401
http-reverse-ip.nse
http-reverse-ip.nse - attempts to find domains that are hosted on a specific ip address using Bing's ip: operator.
Link: http://seclists.org/nmap-dev/2011/q3/401
nntp-options.nse
Retrieves the available commands and banners from a listening NNTP daemon.
Link: https://gist.github.com/1231055
http-polycom-soundpoint-info.nse
Attempts to retrieve the configuration settings from a Polycom SoundPoint VoIP phone.
Link: https://gist.github.com/1234193
http-vivotek-camera-info.nse
Attempts to retrieve the configuration settings from a Vivotek network camera.
Link: https://gist.github.com/1357401
minecraft-auth.nse
Checks a Minecraft server for "insecure mode".
Link: http://seclists.org/nmap-dev/2010/q4/729
vuze-find-nodes.nse
Request a list of nodes from a remote Vuze node.
Link: http://seclists.org/nmap-dev/2011/q4/375
http-asus-wl500-info.nse
Attempts to retrieve the configuration settings from an Asus WL500 series wireless router.
Link: https://gist.github.com/1669787
gpsd-ng-info.nse
Retrieves device and version information from a listening GPSD-NG daemon.
Link: https://gist.github.com/1670029
http-igd-info.nse
Attempts to retrieve device information from an Internet Gateway Device (IGD) UPnP configuration file.
Link: https://gist.github.com/1697234
http-carel-data-server-users.nse
Attempts to retrieve all valid usernames from the HTTP component of Carel Pl@ntVisor (CarelDataServer.exe).
- Author: Brendan Coles
- Link: https://gist.github.com/1723237
md5-reverse-lookup.nse
Queries the external reverse md5 database for a single, or a list of md5 hashes and prints the found ones.
- Author: Aleksandar Nikolic
- Link: http://seclists.org/nmap-dev/2012/q3/att-81/md5-reverse-lookup.nse
http-trendnet-tvip110w.nse
Finds Trendnet TV-IP110w webcams that allow unauthenticated access to their video feed.
- Author: Paulino Calderon
- Link: https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/6.x/http-trendnet-tvip110w.nse