Nmap scripts

This page is very outdated, please consult http://nmap.org/nsedoc/ which lists the most recent scripts and libraries for Nmap.

This page contains the scripts that I’ve developed for the Nmap scanner available at insecure.org. Nmap scripts extends the capabilities of the scanner to do discovery, password guessing or anything else the developer decides to implement.

Several powerful scripts are already included with the scanner today. More information regarding which scripts are included and what they do can be found here.

The following table contains the scripts I have written and a short description of what they do.

Script name Ver Description
rpc.lua 0.1 RPC library needed by the NFS scripts
nfs-showmount 0.5 Lists NFS exports on the target system.
nfs-get-stats 0.1 Retrieves disk usage statistics for each export
nfs-get-dirlist 0.1 Lists contents of a NFS share
citrix-brute-xml
0.2 Performs password guessing against the Citrix XML service.
citrix-enum-apps
0.2 Queries the Citrix ICA Browser (1604/udp) for a list of applications
citrix-enum-apps-xml
0.2 Queries the Citrix XML service for a list of published applications. The output is more detailed than from the ICA browser and contains ACLs.
citrix-enum-servers
0.2 Queries the Citrix ICA browser (1604/udp) for a list of servers
citrix-enum-servers-xml
0.2 Queries the Citrix XML service for a list of servers
oracle-sid-brute
0.2 Tries to determine valid instance names (SIDs) by using a dictionary
lexmark-config 0.3 Extracts the configuration from Lexmark S300-400 series printers
afp-showmount 0.3 Queries the Apple File Sharing (AFP) for shared folders and their ACLs
dns-service-discovery 0.2 Uses the DNS Service Discovery protocol to enumerate information
asn.lua - Library needed for the ldap scripts
ldap.lua 0.2 Library needed for the ldap scripts
ldap-rootdse.nse 0.2 Queries an LDAP server for the root object
ldap-search.nse 0.2 Provides basic LDAP search functionality
ldap-brute.nse 0.1 Password guessing against LDAP service
snmp.lua - An updated SNMP lib needed for the SNMP scripts to work
snmp-netstat 0.1 Creates a netstat based on info from SNMP
snmp-processes 0.3 Lists running processes on the remote system
snmp-win32-services 0.2 Lists the services running on the Windows host
snmp-win32-shares 0.2 Gets a list of remote shares and their paths
snmp-win32-software 0.2 Lists installed software with date of installation
snmp-win32-users 0.2 Lists the users on the remote Windows host
mysql.lua 0.2 MySQL library needed by the MySQL scripts
mysql-brute 0.3 Password guessing for MySQL
mysql-empty-password 0.3 Checks if root or anonymous has empty password
mysql-list-users 0.1 Attempts to list MySQL users
mysql-list-databases 0.1 Attempts to list MySQL databases
mysql-show-variables 0.1 Attempts to show all MySQL variables
daap-get-library 0.2 Lists the contents of a DAAP library

All scripts that have been marked with strikethrough are either already in Nmap or have been commited to the nmap development release. Once commited, the script will no longer be maintained and updated on this web page. To install the development release follow the steps outlined over here.

The Citrix scripts that rely on the XML service to enumerate their information are dependant of the citrixxml.lua library, which is included in the zip file. While the scripts should be copied to the Nmap scripts directory, the citrixxml.lua file should be placed in nselib.

The oracle-sid-brute script can be supplied a custom dictionary using the oraclesids argument. If no dictionary is supplied, the default nselib/data/oracle-sids (included in the zip file) is used. The default list was created by red database security and is available from here.

The afp-showmount zip file contains two files: afp.lua and afp-showmount. The afp.lua contains the protocol specific code and goes into the nselib directory. The afp-showmount script goes into the scripts folder as usual.

For more information regarding the SNMP scripts have a look over here.