Nmap/External Script Library
The purpose of this page is to collect all the interesting NSE scripts that for different reasons were not included in the official Nmap repository. Common reasons for not including scripts with Nmap are:
- The script has dependencies that we can't include with Nmap for portability, license, or size reasons
- License incompatability between Nmap and the script itself (acceptable licenses for included scripts)
- Script not yet fully debugged or has some other technical problem preventing inclusion
- Script function is too obscure or too far from Nmap's core functionality to warrant inclusion with Nmap
- Script is still under consideration for inclusion. It may need more techincal review, or we may want to see how many people find it useful.
(Please add new scripts to the top of this section)
This script attempts to infect a discovered MS SQL instances with the SQL Slammer worm. If vulnerable, the target machine will then attempt to propagate to other IP addresses. Obviously this one shouldonly be used in closed test environments, and very carefully at that.
- Author: Daniel Miller
- Link: https://gist.github.com/3124893
The script captures a screen shot for every service that looks like http. It is useful for identifying rogue http services that the system administrator does not recognise by simply flicking through all the screen shots. It uses wkhtmltoimage from the wkhtmltopdf project to do the job. See the related blog post for details. The script was further improved by Paul Asadoorian in PaulDotCom Podcast Episode 295
- Links: http://pauldotcom.com/2012/07/using-nmap-to-screenshot-web-s.html http://blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web-services.html
- Authors: Ryan Linn, Paul Asadoorian
Identification of vulnerabilities (matches version info with osvdb database)
HTTP fingerprinting to determine web server implementation
Enumerates Bitcoin peers
http-google-email.nse - attempts to search for e-mails pertaining to a specific domain in Google's Web search engine(google.com) and Google Groups search engine(groups.google.com).
http-reverse-ip.nse - attempts to find domains that are hosted on a specific ip address using Bing's ip: operator.
Retrieves the available commands and banners from a listening NNTP daemon.
Attempts to retrieve the configuration settings from a Polycom SoundPoint VoIP phone.
Attempts to retrieve the configuration settings from a Vivotek network camera.
Checks a Minecraft server for "insecure mode".
Request a list of nodes from a remote Vuze node.
Attempts to retrieve the configuration settings from an Asus WL500 series wireless router.
Retrieves device and version information from a listening GPSD-NG daemon.
Attempts to retrieve device information from an Internet Gateway Device (IGD) UPnP configuration file.
Attempts to retrieve all valid usernames from the HTTP component of Carel Pl@ntVisor (CarelDataServer.exe).
- Author: Brendan Coles
- Link: https://gist.github.com/1723237
Queries the external reverse md5 database for a single, or a list of md5 hashes and prints the found ones.
- Author: Aleksandar Nikolic
- Link: http://seclists.org/nmap-dev/2012/q3/att-81/md5-reverse-lookup.nse
Finds Trendnet TV-IP110w webcams that allow unauthenticated access to their video feed.
- Author: Paulino Calderon
- Link: https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/6.x/http-trendnet-tvip110w.nse