ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ

PATH: usr / share / nmap / scripts

local bin = require "bin"
local bit = require "bit"
local dns = require "dns"
local nmap = require "nmap"
local packet = require "packet"
local stdnse = require "stdnse"
local string = require "string"

local openssl = stdnse.silent_require "openssl"

description = [[
Obtains hostnames, IPv4 and IPv6 addresses through IPv6 Node Information Queries.

IPv6 Node Information Queries are defined in RFC 4620. There are three
useful types of queries:
* qtype=2: Node Name
* qtype=3: Node Addresses
* qtype=4: IPv4 Addresses

Some operating systems (Mac OS X and OpenBSD) return hostnames in
response to qtype=4, IPv4 Addresses. In this case, the hostnames are still
shown in the "IPv4 addresses" output row, but are prefixed by "(actually
hostnames)".
]]

---
-- @usage nmap -6 <target>
--
-- @output
-- | ipv6-node-info:
-- |   Hostnames: mac-mini.local
-- |   IPv6 addresses: fe80::a8bb:ccff:fedd:eeff, 2001:db8:1234:1234::3
-- |_  IPv4 addresses: (actually hostnames) mac-mini.local

categories = {"default", "discovery", "safe"}

author = "David Fifield"

local ICMPv6_NODEINFOQUERY = 139
local   ICMPv6_NODEINFOQUERY_IPv6ADDR = 0
local   ICMPv6_NODEINFOQUERY_NAME = 1
local   ICMPv6_NODEINFOQUERY_IPv4ADDR = 1
local ICMPv6_NODEINFORESP = 140
local   ICMPv6_NODEINFORESP_SUCCESS = 0
local   ICMPv6_NODEINFORESP_REFUSED = 1
local   ICMPv6_NODEINFORESP_UNKNOWN = 2

local QTYPE_NOOP = 0
local QTYPE_NODENAME = 2
local QTYPE_NODEADDRESSES = 3
local QTYPE_NODEIPV4ADDRESSES = 4

local QTYPE_STRINGS = {
	[QTYPE_NOOP] = "NOOP",
	[QTYPE_NODENAME] = "Hostnames",
	[QTYPE_NODEADDRESSES] = "IPv6 addresses",
	[QTYPE_NODEIPV4ADDRESSES] = "IPv4 addresses",
}

local function build_ni_query(src, dst, qtype)
	local payload, p, flags
	local nonce

nonce = openssl.rand_pseudo_bytes(8)
	if qtype == QTYPE_NODENAME then
		flags = 0x0000
	elseif qtype == QTYPE_NODEADDRESSES then
		-- Set all the flags GSLCA (see RFC 4620, Figure 3).
		flags = 0x003E
	elseif qtype == QTYPE_NODEIPV4ADDRESSES then
		-- Set the A flag (see RFC 4620, Figure 4).
		flags = 0x0002
	else
		error("Unknown qtype " .. qtype)
	end
	payload = bin.pack(">SSAA", qtype, flags, nonce, dst)
	p = packet.Packet:new()
	p:build_icmpv6_header(ICMPv6_NODEINFOQUERY, ICMPv6_NODEINFOQUERY_IPv6ADDR, payload, src, dst)
	p:build_ipv6_packet(src, dst, packet.IPPROTO_ICMPV6)

return p.buf
end

function hostrule(host)
	return nmap.is_privileged() and #host.bin_ip == 16 and host.interface
end

local function open_sniffer(host)
	local bpf
	local s

s = nmap.new_socket()
	bpf = string.format("ip6 and src host %s", host.ip)
	s:pcap_open(host.interface, 1500, false, bpf)

return s
end

local function send_queries(host)
	local dnet

dnet = nmap.new_dnet()
	dnet:ip_open()
	local p = build_ni_query(host.bin_ip_src, host.bin_ip, QTYPE_NODEADDRESSES)
	dnet:ip_send(p, host)
	p = build_ni_query(host.bin_ip_src, host.bin_ip, QTYPE_NODENAME)
	dnet:ip_send(p, host)
	p = build_ni_query(host.bin_ip_src, host.bin_ip, QTYPE_NODEIPV4ADDRESSES)
	dnet:ip_send(p, host)
	dnet:ip_close()
end

local function empty(t)
	return not next(t)
end

-- Try to decode a Node Name reply data field. If successful, returns true and
-- a list of DNS names. In case of a parsing error, returns false and the
-- partial list of names that were parsed prior to the error.
local function try_decode_nodenames(data)
	local ttl
	local names = {}
	local pos = nil

pos, ttl = bin.unpack(">I", data, pos)
	if not ttl then
		return false, names
	end
	while pos <= #data do
		local name

pos, name = dns.decStr(data, pos)
		if not name then
			return false, names
		end
		-- Ignore empty names, such as those at the end.
		if name ~= "" then
			names[#names + 1] = name
		end
	end

return true, names
end

local function stringify_noop(flags, data)
	return "replied"
end

-- RFC 4620, section 6.3.
local function stringify_nodename(flags, data)
	local status, names
	local text

status, names = try_decode_nodenames(data)
	if empty(names) then
		return
	end
	text = stdnse.strjoin(", ", names)
	if not status then
		text = text .. " (parsing error)"
	end

return text
end

-- RFC 4620, section 6.3.
local function stringify_nodeaddresses(flags, data)
	local ttl, binaddr
	local text
	local addrs = {}
	local pos = nil

while true do
		pos, ttl, binaddr = bin.unpack(">IA16", data, pos)
		if not ttl then
			break
		end
		addrs[#addrs + 1] = packet.toipv6(binaddr)
	end
	if empty(addrs) then
		return
	end

text = stdnse.strjoin(", ", addrs)
	if bit.band(flags, 0x01) ~= 0 then
		text = text .. " (more omitted for space reasons)"
	end

return text
end

-- RFC 4620, section 6.4.
-- But Mac OS X puts DNS names in here instead of IPv4 addresses, but it
-- doesn't include the two empty labels at the end as it does with a Node Name
-- response. For example, here is a Node Name reply:
-- 00 00 00 00 0e 6d 61 63  2d 6d 69 6e 69 2e 6c 6f    .....mac -mini.lo
-- 63 61 6c 00 00                                      cal..
-- And here is a Node Addresses reply:
-- 00 00 00 00 0e 6d 61 63  2d 6d 69 6e 69 2e 6c 6f    .....mac -mini.lo
-- 63 61 6c                                            cal
local function stringify_nodeipv4addresses(flags, data)
	local status, names
	local ttl, binaddr
	local text
	local addrs = {}
	local pos = nil

-- Check for DNS names.
	status, names = try_decode_nodenames(data .. "\0\0")
	if status then
		return "(actually hostnames) " .. stdnse.strjoin(", ", names)
	end

-- Okay, looks like it's really IP addresses.
	while true do
		pos, ttl, binaddr = bin.unpack(">IA4", data, pos)
		if not ttl then
			break
		end
		addrs[#addrs + 1] = packet.toip(binaddr)
	end
	if empty(addrs) then
		return
	end

text = stdnse.strjoin(", ", addrs)
	if bit.band(flags, 0x01) ~= 0 then
		text = text .. " (more omitted for space reasons)"
	end

return text
end

local STRINGIFY = {
	[QTYPE_NOOP] = stringify_noop,
	[QTYPE_NODENAME] = stringify_nodename,
	[QTYPE_NODEADDRESSES] = stringify_nodeaddresses,
	[QTYPE_NODEIPV4ADDRESSES] = stringify_nodeipv4addresses,
}

local function handle_received_packet(buf)
	local p, qtype, flags, data
	local text

p = packet.Packet:new(buf)
	if p.icmpv6_type ~= ICMPv6_NODEINFORESP then
		return
	end
	qtype = packet.u16(p.buf, p.icmpv6_offset + 4)
	flags = packet.u16(p.buf, p.icmpv6_offset + 6)
	data = string.sub(p.buf, p.icmpv6_offset + 16 + 1)

if not STRINGIFY[qtype] then
		-- This is a not a qtype we sent or know about.
		stdnse.print_debug(1, "Got NI reply with unknown qtype %d from %s", qtype, p.ip6_src)
		return
	end

if p.icmpv6_code == ICMPv6_NODEINFORESP_SUCCESS then
		text = STRINGIFY[qtype](flags, data)
	elseif p.icmpv6_code == ICMPv6_NODEINFORESP_REFUSED then
		text = "refused"
	elseif p.icmpv6_code == ICMPv6_NODEINFORESP_UNKNOWN then
		text = string.format("target said: qtype %d is unknown", qtype)
	else
		text = string.format("unknown ICMPv6 code %d for qtype %d", p.icmpv6_code, qtype)
	end

return qtype, text
end

local function format_results(results)
	local QTYPE_ORDER = {
		QTYPE_NOOP,
		QTYPE_NODENAME,
		QTYPE_NODEADDRESSES,
		QTYPE_NODEIPV4ADDRESSES,
	}
	local output

output = {}
	for _, qtype in ipairs(QTYPE_ORDER) do
		if results[qtype] then
			output[#output + 1] = QTYPE_STRINGS[qtype] .. ": " .. results[qtype]
		end
	end

return stdnse.format_output(true, output)
end

function action(host)
	local s
	local timeout, end_time, now
	local pending, results

timeout = host.times.timeout * 10

s = open_sniffer(host)

send_queries(host)

pending = {
		[QTYPE_NODENAME] = true,
		[QTYPE_NODEADDRESSES] = true,
		[QTYPE_NODEIPV4ADDRESSES] = true,
	}
	results = {}

now = nmap.clock_ms()
	end_time = now + timeout
	repeat
		local _, status, buf

s:set_timeout((end_time - now) * 1000)

status, _, _, buf = s:pcap_receive()
		if status then
			local qtype, text = handle_received_packet(buf)
			if qtype then
				results[qtype] = text
				pending[qtype] = nil
			end
		end

now = nmap.clock_ms()
	until empty(pending) or now > end_time

s:pcap_close()

return format_results(results)
end

[+] ..
[-] qscan.nse [edit]
[-] oracle-brute.nse [edit]
[-] smtp-vuln-cve2011-1764.nse [edit]
[-] broadcast-pc-duo.nse [edit]
[-] targets-ipv6-multicast-mld.nse [edit]
[-] http-backup-finder.nse [edit]
[-] http-sitemap-generator.nse [edit]
[-] cassandra-brute.nse [edit]
[-] snmp-win32-services.nse [edit]
[-] ftp-brute.nse [edit]
[-] irc-botnet-channels.nse [edit]
[-] rsync-brute.nse [edit]
[-] icap-info.nse [edit]
[-] citrix-brute-xml.nse [edit]
[-] iax2-version.nse [edit]
[-] nfs-ls.nse [edit]
[-] ndmp-fs-info.nse [edit]
[-] cvs-brute-repository.nse [edit]
[-] http-drupal-modules.nse [edit]
[-] mysql-databases.nse [edit]
[-] xmpp-info.nse [edit]
[-] pgsql-brute.nse [edit]
[-] ssl-google-cert-catalog.nse [edit]
[-] smtp-commands.nse [edit]
[-] rpcinfo.nse [edit]
[-] snmp-hh3c-logins.nse [edit]
[-] dns-zone-transfer.nse [edit]
[-] murmur-version.nse [edit]
[-] metasploit-xmlrpc-brute.nse [edit]
[-] http-brute.nse [edit]
[-] nessus-xmlrpc-brute.nse [edit]
[-] krb5-enum-users.nse [edit]
[-] vuze-dht-info.nse [edit]
[-] smb-ls.nse [edit]
[-] openlookup-info.nse [edit]
[-] hadoop-namenode-info.nse [edit]
[-] informix-tables.nse [edit]
[-] http-vuln-cve2010-0738.nse [edit]
[-] omp2-brute.nse [edit]
[-] http-headers.nse [edit]
[-] bitcoin-info.nse [edit]
[-] smb-psexec.nse [edit]
[-] eppc-enum-processes.nse [edit]
[-] afp-brute.nse [edit]
[-] iscsi-brute.nse [edit]
[-] http-enum.nse [edit]
[-] smb-enum-sessions.nse [edit]
[-] daytime.nse [edit]
[-] mongodb-info.nse [edit]
[-] omp2-enum-targets.nse [edit]
[-] p2p-conficker.nse [edit]
[-] teamspeak2-version.nse [edit]
[-] http-wordpress-brute.nse [edit]
[-] riak-http-info.nse [edit]
[-] http-joomla-brute.nse [edit]
[-] path-mtu.nse [edit]
[-] targets-traceroute.nse [edit]
[-] snmp-win32-users.nse [edit]
[-] http-unsafe-output-escaping.nse [edit]
[-] http-traceroute.nse [edit]
[-] ftp-anon.nse [edit]
[-] mysql-info.nse [edit]
[-] mtrace.nse [edit]
[-] openvas-otp-brute.nse [edit]
[-] lltd-discovery.nse [edit]
[-] ssl-enum-ciphers.nse [edit]
[-] dict-info.nse [edit]
[-] netbus-version.nse [edit]
[-] nfs-statfs.nse [edit]
[-] hostmap-bfk.nse [edit]
[-] dns-random-txid.nse [edit]
[-] http-affiliate-id.nse [edit]
[-] socks-brute.nse [edit]
[-] bitcoin-getaddr.nse [edit]
[-] acarsd-info.nse [edit]
[-] http-cakephp-version.nse [edit]
[-] oracle-enum-users.nse [edit]
[-] dns-brute.nse [edit]
[-] http-google-malware.nse [edit]
[-] hostmap-robtex.nse [edit]
[-] http-barracuda-dir-traversal.nse [edit]
[-] http-auth-finder.nse [edit]
[-] resolveall.nse [edit]
[-] informix-query.nse [edit]
[-] mysql-users.nse [edit]
[-] nrpe-enum.nse [edit]
[-] mysql-empty-password.nse [edit]
[-] broadcast-xdmcp-discover.nse [edit]
[-] ip-geolocation-geobytes.nse [edit]
[-] cups-info.nse [edit]
[-] tftp-enum.nse [edit]
[-] http-icloud-sendmsg.nse [edit]
[-] nbstat.nse [edit]
[-] ajp-headers.nse [edit]
[-] nexpose-brute.nse [edit]
[-] giop-info.nse [edit]
[-] sip-call-spoof.nse [edit]
[-] broadcast-tellstick-discover.nse [edit]
[-] dns-nsec3-enum.nse [edit]
[-] http-grep.nse [edit]
[-] http-drupal-enum-users.nse [edit]
[-] smb-enum-processes.nse [edit]
[-] maxdb-info.nse [edit]
[-] rtsp-url-brute.nse [edit]
[-] ganglia-info.nse [edit]
[-] ip-geolocation-maxmind.nse [edit]
[-] traceroute-geolocation.nse [edit]
[-] rpcap-info.nse [edit]
[-] http-waf-detect.nse [edit]
[-] ms-sql-dac.nse [edit]
[-] citrix-enum-servers.nse [edit]
[-] http-vmware-path-vuln.nse [edit]
[-] mongodb-brute.nse [edit]
[-] http-passwd.nse [edit]
[-] x11-access.nse [edit]
[-] http-generator.nse [edit]
[-] ms-sql-info.nse [edit]
[-] http-method-tamper.nse [edit]
[-] http-robtex-shared-ns.nse [edit]
[-] http-majordomo2-dir-traversal.nse [edit]
[-] ms-sql-empty-password.nse [edit]
[-] broadcast-netbios-master-browser.nse [edit]
[-] citrix-enum-servers-xml.nse [edit]
[-] broadcast-networker-discover.nse [edit]
[-] mrinfo.nse [edit]
[-] lexmark-config.nse [edit]
[-] http-frontpage-login.nse [edit]
[-] smtp-open-relay.nse [edit]
[-] http-git.nse [edit]
[-] targets-asn.nse [edit]
[-] http-favicon.nse [edit]
[-] backorifice-info.nse [edit]
[-] http-vuln-cve2011-3192.nse [edit]
[-] realvnc-auth-bypass.nse [edit]
[-] broadcast-wpad-discover.nse [edit]
[-] http-methods.nse [edit]
[-] smb-check-vulns.nse [edit]
[-] sshv1.nse [edit]
[-] broadcast-bjnp-discover.nse [edit]
[-] http-title.nse [edit]
[-] broadcast-novell-locate.nse [edit]
[-] smb-vuln-ms10-054.nse [edit]
[-] afp-showmount.nse [edit]
[-] broadcast-rip-discover.nse [edit]
[-] http-slowloris.nse [edit]
[-] nat-pmp-mapport.nse [edit]
[-] ftp-libopie.nse [edit]
[-] targets-ipv6-multicast-echo.nse [edit]
[-] nessus-brute.nse [edit]
[-] membase-brute.nse [edit]
[-] ip-geolocation-ipinfodb.nse [edit]
[-] smb-print-text.nse [edit]
[-] smtp-enum-users.nse [edit]
[-] ajp-brute.nse [edit]
[-] bitcoinrpc-info.nse [edit]
[-] auth-owners.nse [edit]
[-] targets-ipv6-multicast-invalid-dst.nse [edit]
[-] afp-path-vuln.nse [edit]
[-] oracle-brute-stealth.nse [edit]
[-] http-vlcstreamer-ls.nse [edit]
[-] auth-spoof.nse [edit]
[-] nping-brute.nse [edit]
[-] broadcast-dropbox-listener.nse [edit]
[-] afp-ls.nse [edit]
[-] broadcast-db2-discover.nse [edit]
[-] quake3-info.nse [edit]
[-] snmp-sysdescr.nse [edit]
[-] dhcp-discover.nse [edit]
[-] ms-sql-config.nse [edit]
[-] http-comments-displayer.nse [edit]
[-] smb-vuln-ms10-061.nse [edit]
[-] ipv6-node-info.nse [edit]
[-] http-awstatstotals-exec.nse [edit]
[-] ldap-rootdse.nse [edit]
[-] rtsp-methods.nse [edit]
[-] smb-enum-domains.nse [edit]
[-] sniffer-detect.nse [edit]
[-] hbase-master-info.nse [edit]
[-] modbus-discover.nse [edit]
[-] http-rfi-spider.nse [edit]
[-] msrpc-enum.nse [edit]
[-] mysql-query.nse [edit]
[-] ftp-vsftpd-backdoor.nse [edit]
[-] domcon-brute.nse [edit]
[-] citrix-enum-apps-xml.nse [edit]
[-] pjl-ready-message.nse [edit]
[-] sip-brute.nse [edit]
[-] http-vuln-cve2011-3368.nse [edit]
[-] firewalk.nse [edit]
[-] http-gitweb-projects-enum.nse [edit]
[-] http-open-redirect.nse [edit]
[-] ajp-methods.nse [edit]
[-] ip-forwarding.nse [edit]
[-] ncp-serverinfo.nse [edit]
[-] smb-enum-shares.nse [edit]
[-] ssh2-enum-algos.nse [edit]
[-] cvs-brute.nse [edit]
[-] nat-pmp-info.nse [edit]
[-] epmd-info.nse [edit]
[-] bjnp-discover.nse [edit]
[-] stuxnet-detect.nse [edit]
[-] ftp-vuln-cve2010-4221.nse [edit]
[-] http-litespeed-sourcecode-download.nse [edit]
[-] gpsd-info.nse [edit]
[-] snmp-ios-config.nse [edit]
[-] broadcast-igmp-discovery.nse [edit]
[-] http-robtex-reverse-ip.nse [edit]
[-] snmp-processes.nse [edit]
[-] broadcast-sybase-asa-discover.nse [edit]
[-] wsdd-discover.nse [edit]
[-] netbus-info.nse [edit]
[-] broadcast-ripng-discover.nse [edit]
[-] pop3-brute.nse [edit]
[-] backorifice-brute.nse [edit]
[-] domcon-cmd.nse [edit]
[-] citrix-enum-apps.nse [edit]
[-] dns-nsec-enum.nse [edit]
[-] rpcap-brute.nse [edit]
[-] ftp-bounce.nse [edit]
[-] stun-info.nse [edit]
[-] dns-update.nse [edit]
[-] broadcast-wake-on-lan.nse [edit]
[-] dns-cache-snoop.nse [edit]
[-] rsync-list-modules.nse [edit]
[-] snmp-netstat.nse [edit]
[-] url-snarf.nse [edit]
[-] snmp-interfaces.nse [edit]
[-] cassandra-info.nse [edit]
[-] http-huawei-hg5xx-vuln.nse [edit]
[-] memcached-info.nse [edit]
[-] http-proxy-brute.nse [edit]
[-] pptp-version.nse [edit]
[-] broadcast-pppoe-discover.nse [edit]
[-] dns-random-srcport.nse [edit]
[-] ip-geolocation-geoplugin.nse [edit]
[-] smb-security-mode.nse [edit]
[-] ms-sql-dump-hashes.nse [edit]
[-] ntp-monlist.nse [edit]
[-] http-wordpress-enum.nse [edit]
[-] ike-version.nse [edit]
[-] broadcast-eigrp-discovery.nse [edit]
[-] amqp-info.nse [edit]
[-] iax2-brute.nse [edit]
[-] mysql-variables.nse [edit]
[-] ajp-request.nse [edit]
[-] cccam-version.nse [edit]
[-] mysql-brute.nse [edit]
[-] http-malware-host.nse [edit]
[-] http-domino-enum-passwords.nse [edit]
[-] vnc-brute.nse [edit]
[-] duplicates.nse [edit]
[-] db2-das-info.nse [edit]
[-] broadcast-dhcp6-discover.nse [edit]
[-] pop3-capabilities.nse [edit]
[-] http-form-fuzzer.nse [edit]
[-] flume-master-info.nse [edit]
[-] ms-sql-tables.nse [edit]
[-] broadcast-wsdd-discover.nse [edit]
[-] jdwp-info.nse [edit]
[-] mcafee-epo-agent.nse [edit]
[-] smb-brute.nse [edit]
[-] irc-sasl-brute.nse [edit]
[-] http-php-version.nse [edit]
[-] ms-sql-brute.nse [edit]
[-] http-form-brute.nse [edit]
[-] http-cors.nse [edit]
[-] jdwp-version.nse [edit]
[-] smbv2-enabled.nse [edit]
[-] ssl-cert.nse [edit]
[-] dns-fuzz.nse [edit]
[-] mysql-enum.nse [edit]
[-] script.db [edit]
[-] rlogin-brute.nse [edit]
[-] ovs-agent-version.nse [edit]
[-] ntp-info.nse [edit]
[-] ajp-auth.nse [edit]
[-] targets-sniffer.nse [edit]
[-] quake3-master-getservers.nse [edit]
[-] http-date.nse [edit]
[-] cups-queue-info.nse [edit]
[-] rdp-vuln-ms12-020.nse [edit]
[-] http-tplink-dir-traversal.nse [edit]
[-] http-robots.txt.nse [edit]
[-] hadoop-tasktracker-info.nse [edit]
[-] eap-info.nse [edit]
[-] ms-sql-xp-cmdshell.nse [edit]
[-] broadcast-dns-service-discovery.nse [edit]
[-] sip-methods.nse [edit]
[-] broadcast-avahi-dos.nse [edit]
[-] hadoop-secondary-namenode-info.nse [edit]
[-] db2-discover.nse [edit]
[-] jdwp-inject.nse [edit]
[-] servicetags.nse [edit]
[-] netbus-brute.nse [edit]
[-] ms-sql-hasdbaccess.nse [edit]
[-] gopher-ls.nse [edit]
[-] asn-query.nse [edit]
[-] firewall-bypass.nse [edit]
[-] redis-brute.nse [edit]
[-] dpap-brute.nse [edit]
[-] imap-capabilities.nse [edit]
[-] smtp-vuln-cve2010-4344.nse [edit]
[-] tls-nextprotoneg.nse [edit]
[-] upnp-info.nse [edit]
[-] http-icloud-findmyiphone.nse [edit]
[-] ventrilo-info.nse [edit]
[-] hostmap-ip2hosts.nse [edit]
[-] wdb-version.nse [edit]
[-] http-qnap-nas-info.nse [edit]
[-] smb-enum-groups.nse [edit]
[-] address-info.nse [edit]
[-] smb-mbenum.nse [edit]
[-] dns-srv-enum.nse [edit]
[-] http-iis-webdav-vuln.nse [edit]
[-] broadcast-listener.nse [edit]
[-] http-default-accounts.nse [edit]
[-] mysql-audit.nse [edit]
[-] bittorrent-discovery.nse [edit]
[-] reverse-index.nse [edit]
[-] smb-os-discovery.nse [edit]
[-] smtp-strangeport.nse [edit]
[-] socks-open-proxy.nse [edit]
[-] http-vhosts.nse [edit]
[-] broadcast-upnp-info.nse [edit]
[-] afp-serverinfo.nse [edit]
[-] targets-ipv6-multicast-slaac.nse [edit]
[-] ldap-novell-getpass.nse [edit]
[-] nfs-showmount.nse [edit]
[-] http-vuln-cve2012-1823.nse [edit]
[-] stun-version.nse [edit]
[-] http-fileupload-exploiter.nse [edit]
[-] vnc-info.nse [edit]
[-] http-axis2-dir-traversal.nse [edit]
[-] ssh-hostkey.nse [edit]
[-] http-phpmyadmin-dir-traversal.nse [edit]
[-] hadoop-jobtracker-info.nse [edit]
[-] http-stored-xss.nse [edit]
[-] hbase-region-info.nse [edit]
[-] broadcast-ataoe-discover.nse [edit]
[-] dns-check-zone.nse [edit]
[-] rdp-enum-encryption.nse [edit]
[-] ms-sql-query.nse [edit]
[-] http-wordpress-plugins.nse [edit]
[-] irc-info.nse [edit]
[-] rmi-vuln-classloader.nse [edit]
[-] ssl-known-key.nse [edit]
[-] mysql-dump-hashes.nse [edit]
[-] rexec-brute.nse [edit]
[-] mmouse-exec.nse [edit]
[-] vmauthd-brute.nse [edit]
[-] dns-ip6-arpa-scan.nse [edit]
[-] smb-system-info.nse [edit]
[-] irc-brute.nse [edit]
[-] broadcast-versant-locate.nse [edit]
[-] xmpp-brute.nse [edit]
[-] ldap-search.nse [edit]
[-] http-put.nse [edit]
[-] banner.nse [edit]
[-] http-adobe-coldfusion-apsa1301.nse [edit]
[-] llmnr-resolve.nse [edit]
[-] domino-enum-users.nse [edit]
[-] broadcast-ms-sql-discover.nse [edit]
[-] telnet-brute.nse [edit]
[-] isns-info.nse [edit]
[-] http-userdir-enum.nse [edit]
[-] smb-enum-users.nse [edit]
[-] dns-nsid.nse [edit]
[-] ndmp-version.nse [edit]
[-] voldemort-info.nse [edit]
[-] sslv2.nse [edit]
[-] redis-info.nse [edit]
[-] drda-brute.nse [edit]
[-] smtp-vuln-cve2011-1720.nse [edit]
[-] skypev2-version.nse [edit]
[-] http-open-proxy.nse [edit]
[-] irc-unrealircd-backdoor.nse [edit]
[-] ssl-date.nse [edit]
[-] couchdb-databases.nse [edit]
[-] snmp-win32-software.nse [edit]
[-] whois.nse [edit]
[-] http-email-harvest.nse [edit]
[-] http-virustotal.nse [edit]
[-] broadcast-pim-discovery.nse [edit]
[-] distcc-cve2004-2687.nse [edit]
[-] http-exif-spider.nse [edit]
[-] couchdb-stats.nse [edit]
[-] rpc-grind.nse [edit]
[-] finger.nse [edit]
[-] metasploit-msgrpc-brute.nse [edit]
[-] http-waf-fingerprint.nse [edit]
[-] http-config-backup.nse [edit]
[-] http-vuln-cve2010-2861.nse [edit]
[-] ipv6-ra-flood.nse [edit]
[-] http-phpself-xss.nse [edit]
[-] http-sql-injection.nse [edit]
[-] telnet-encryption.nse [edit]
[-] jdwp-exec.nse [edit]
[-] hddtemp-info.nse [edit]
[-] metasploit-info.nse [edit]
[-] ipidseq.nse [edit]
[-] http-auth.nse [edit]
[-] ncp-enum-users.nse [edit]
[-] sip-enum-users.nse [edit]
[-] daap-get-library.nse [edit]
[-] socks-auth-info.nse [edit]
[-] broadcast-dhcp-discover.nse [edit]
[-] http-vuln-cve2009-3960.nse [edit]
[-] http-coldfusion-subzero.nse [edit]
[-] mongodb-databases.nse [edit]
[-] xdmcp-discover.nse [edit]
[-] http-chrono.nse [edit]
[-] netbus-auth-bypass.nse [edit]
[-] drda-info.nse [edit]
[-] membase-http-info.nse [edit]
[-] smb-flood.nse [edit]
[-] dns-zeustracker.nse [edit]
[-] http-apache-negotiation.nse [edit]
[-] iscsi-info.nse [edit]
[-] smb-server-stats.nse [edit]
[-] mysql-vuln-cve2012-2122.nse [edit]
[-] dns-service-discovery.nse [edit]
[-] creds-summary.nse [edit]
[-] oracle-sid-brute.nse [edit]
[-] dns-recursion.nse [edit]
[-] broadcast-pc-anywhere.nse [edit]
[-] http-slowloris-check.nse [edit]
[-] snmp-brute.nse [edit]
[-] ftp-proftpd-backdoor.nse [edit]
[-] imap-brute.nse [edit]
[-] gkrellm-info.nse [edit]
[-] versant-info.nse [edit]
[-] svn-brute.nse [edit]
[-] hadoop-datanode-info.nse [edit]
[-] informix-brute.nse [edit]
[-] mmouse-brute.nse [edit]
[-] samba-vuln-cve-2012-1182.nse [edit]
[-] broadcast-ping.nse [edit]
[-] unusual-port.nse [edit]
[-] smtp-brute.nse [edit]
[-] http-vuln-cve2013-0156.nse [edit]
[-] http-trace.nse [edit]
[-] rmi-dumpregistry.nse [edit]
[-] dns-blacklist.nse [edit]
[-] ldap-brute.nse [edit]
[-] pcanywhere-brute.nse [edit]
[-] dns-client-subnet-scan.nse [edit]
[-] snmp-win32-shares.nse [edit]