Nmap/External Script Library

From SecWiki
Jump to: navigation, search

The purpose of this page is to collect all the interesting NSE scripts that for different reasons were not included in the official Nmap repository. Common reasons for not including scripts with Nmap are:

  • The script has dependencies that we can't include with Nmap for portability, license, or size reasons
  • License incompatability between Nmap and the script itself (acceptable licenses for included scripts)
  • Script not yet fully debugged or has some other technical problem preventing inclusion
  • Script function is too obscure or too far from Nmap's core functionality to warrant inclusion with Nmap
  • Script is still under consideration for inclusion. It may need more techincal review, or we may want to see how many people find it useful.

Scripts

(Please add new scripts to the top of this section)

ip-proxy-ip2proxy.nse

This IP2Proxy script allows user to query an IP address if it was being used as VPN anonymizer, open proxies, web proxies, Tor exits, data center, web hosting (DCH) range, search engine robots (SES) and residential (RES) by using the IP2Proxy Lua Package.

ip-geolocation-ip2location.nse

This IP2Location Nmap script provides a fast lookup of country, region, city, latitude, longitude, ZIP code, time zone, ISP, domain name, connection type, IDD code, area code, weather station code, station name, mcc, mnc, mobile brand, elevation, and usage type from IP address by using IP2Location database with IP2Location Lua Package.

sql-slammer-infect.nse

This script attempts to infect a discovered MS SQL instances with the SQL Slammer worm. If vulnerable, the target machine will then attempt to propagate to other IP addresses. Obviously this one shouldonly be used in closed test environments, and very carefully at that.

http-screenshot

The script captures a screen shot for every service that looks like http. It is useful for identifying rogue http services that the system administrator does not recognise by simply flicking through all the screen shots. It uses wkhtmltoimage from the wkhtmltopdf project to do the job. See the related blog post for details. The script was further improved by Paul Asadoorian in PaulDotCom Podcast Episode 295

vulscan.nse

Identification of vulnerabilities (matches version info with osvdb database)

Link: http://seclists.org/nmap-dev/2010/q2/726

Update: http://seclists.org/nmap-dev/2015/q3/319

httprecon.nse

HTTP fingerprinting to determine web server implementation

Link: http://seclists.org/nmap-dev/2010/q2/436

bitcoin-enum-targets.nse

Enumerates Bitcoin peers

Link: http://seclists.org/nmap-dev/2011/q2/837

http-google-email.nse

http-google-email.nse - attempts to search for e-mails pertaining to a specific domain in Google's Web search engine(google.com) and Google Groups search engine(groups.google.com).

Link: http://seclists.org/nmap-dev/2011/q3/401

http-reverse-ip.nse

http-reverse-ip.nse - attempts to find domains that are hosted on a specific ip address using Bing's ip: operator.

Link: http://seclists.org/nmap-dev/2011/q3/401

nntp-options.nse

Retrieves the available commands and banners from a listening NNTP daemon.

Link: https://gist.github.com/1231055

http-polycom-soundpoint-info.nse

Attempts to retrieve the configuration settings from a Polycom SoundPoint VoIP phone.

Link: https://gist.github.com/1234193

http-vivotek-camera-info.nse

Attempts to retrieve the configuration settings from a Vivotek network camera.

Link: https://gist.github.com/1357401

minecraft-auth.nse

Checks a Minecraft server for "insecure mode".

Link: http://seclists.org/nmap-dev/2010/q4/729

vuze-find-nodes.nse

Request a list of nodes from a remote Vuze node.

Link: http://seclists.org/nmap-dev/2011/q4/375

http-asus-wl500-info.nse

Attempts to retrieve the configuration settings from an Asus WL500 series wireless router.

Link: https://gist.github.com/1669787

gpsd-ng-info.nse

Retrieves device and version information from a listening GPSD-NG daemon.

Link: https://gist.github.com/1670029

http-igd-info.nse

Attempts to retrieve device information from an Internet Gateway Device (IGD) UPnP configuration file.

Link: https://gist.github.com/1697234

http-carel-data-server-users.nse

Attempts to retrieve all valid usernames from the HTTP component of Carel Pl@ntVisor (CarelDataServer.exe).

md5-reverse-lookup.nse

Queries the external reverse md5 database for a single, or a list of md5 hashes and prints the found ones.

http-trendnet-tvip110w.nse

Finds Trendnet TV-IP110w webcams that allow unauthenticated access to their video feed.