My employer (Inspect it) is hiring in Stockholm (Sweden). Inspect it is looking for people that currently work with IT- and information-security or have a strong desire to do so. Applicants should have experience within one or more of the following areas:
– Penetration- and Application-security testing
– Application & System security reviews
– Incident response and IT-forensics
– Security training
If your interested or have any questions contact me directly or send an e-mail to jobs[at]inspectit[dot]se
I’ve cleaned up the Nmap scripts page a bit to better reflect reality. Most of the scripts published on that page have been commited to the Nmap development release. I’m actively working on getting the remainder commited to. Once the scripts have been commited, they’re no longer maintained here. So, in order to try them out I recommend you to install the latest development release of Nmap. In order to do so, follow the steps outlined here.
I received a bug report for my Nmap nfs-showmount script a few days ago. I ended up re-writing the whole thing as it was my first script, which is short for “ugly as hell”. I moved all NFS and RPC stuff into a new library called rpc.lua and added some more functionality as well.
I’ve also added two more scripts that make use of the library nfs-get-stats and nfs-get-dirlist. The first retrieves disk usage for each export and the second lists files on a share. They’re both available from the nmap-scripts page as usual.
I’ve just added some code to my Nmap MySQL library that enables query support. With this code in place it’s possible to run queries against MySQL directly from a Nmap script. In order to illustrate this I’ve added three scripts: mysql-list-users, mysql-list-databases and mysql-show-variables.
While messing around with the library I also cleaned up the code for mysql-brute and mysql-empty-password. All of the scripts that query the database obviously require credentials to do so. These can be provided on the command line using script arguments mysqluser and mysqlpassword or by running the mysql-brute or mysql-empty-password on the same time. There are dependencies set up so that the query scripts wait until these two scripts have collected the credentials. Here’s some sample output from the scripts …
Two more scripts of my scripts were added to the development release of nmap, afp-showmount and dns-service-discovery. You can try them out either by downloading them from the nmap-scripts page or by checking out the latest development release over here.
I found a bug in the Nmap SNMP scripts that would trigger an endless loop if the MIB that they attempt to walk does not exist. This would occur if they’re run against anything else than Windows. I’ve now addressed this and released a 0.2 version of them. They’re available from the nmap-scripts page.
I’ve added a script that queries a DAAP service for it’s library. Depending on the version of the service it then attempts to query it for for a list of artists, albums and songs. It’s available, together with more other scripts, over at the nmap-scripts page.
Here’s a sample output when running against the Firefly Media Server:
| Fever Ray
| Fever Ray (Deluxe Edition)
| Concrete Walls
| I’m Not Done
| Here Before
| Now’s The Only Time I Know
| Stranger Than Kindness
| Dry And Dusty
| Keep The Streets Empty For Me
| Triangle Walks
| If I Had A Heart
| When I Grow Up
I’ve update the nmap-script page with two scripts for MySQL. The first simply checks whether the root user has a blank password set. The second script allows to perform online password guessing against MySql.