ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ

PATH: usr / share / nmap / scripts

local bit = require "bit"
local datafiles = require "datafiles"
local nmap = require "nmap"
local stdnse = require "stdnse"
local string = require "string"

description = [[
Shows extra information about IPv6 addresses, such as embedded MAC or IPv4 addresses when available.

Some IP address formats encode extra information; for example some IPv6
addresses encode an IPv4 address or MAC address. This script can decode
these address formats:
* IPv4-compatible IPv6 addresses,
* IPv4-mapped IPv6 addresses,
* Teredo IPv6 addresses,
* 6to4 IPv6 addresses,
* IPv6 addresses using an EUI-64 interface ID,
* IPv4-embedded IPv6 addresses,
* IPv4-translated IPv6 addresses and
* ISATAP Modified EUI-64 IPv6 addresses.

See RFC 4291 for general IPv6 addressing architecture and the
definitions of some terms.
]]

---
-- @output
-- Nmap scan report for ::1.2.3.4
-- Host script results:
-- | address-info: 
-- |   IPv4-compatible: 
-- |_    IPv4 address: 1.2.3.4
-- 
-- Nmap scan report for ::ffff:1.2.3.4
-- Host script results:
-- | address-info: 
-- |   IPv4-mapped: 
-- |_    IPv4 address: 1.2.3.4
-- 
-- Nmap scan report for 2001:0:506:708:282a:3d75:fefd:fcfb
-- Host script results:
-- | address-info: 
-- |   Teredo: 
-- |     Server IPv4 address: 5.6.7.8
-- |     Client IPv4 address: 1.2.3.4
-- |_    UDP port: 49802
-- 
-- Nmap scan report for 2002:102:304::1
-- Host script results:
-- | address-info: 
-- |   6to4: 
-- |_    IPv4 address: 1.2.3.4
-- 
-- Nmap scan report for fe80::a8bb:ccff:fedd:eeff
-- Host script results:
-- | address-info: 
-- |   IPv6 EUI-64: 
-- |     MAC address: 
-- |       address: aa:bb:cc:dd:ee:ff
-- |_      manuf: Unknown
-- 
-- Nmap scan report for 64:ff9b::c000:221
-- Host script results:
-- | address-info: 
-- |   IPv4-embedded IPv6 address: 
-- |_    IPv4 address: 192.0.2.33
-- 
-- Nmap scan report for ::ffff:0:c0a8:101
-- Host script results:
-- | address-info: 
-- |   IPv4-translated IPv6 address: 
-- |_    IPv4 address: 192.168.1.1

-- * ISATAP. RFC 5214.
--   XXXX:XXXX:XXXX:XX00:0000:5EFE:a.b.c.d

---
--@xmloutput
-- <table key="IPv4-mapped">
--   <elem key="IPv4 address">1.2.3.4</elem>
-- </table>
--
-- <table key="IPv4-compatible">
--   <elem key="IPv4 address">1.2.3.4</elem>
-- </table>
--
-- <table key="Teredo">
--   <elem key="Server IPv4 address">5.6.7.8</elem>
--   <elem key="Client IPv4 address">1.2.3.4</elem>
--   <elem key="UDP port">49802</elem>
-- </table>
--
-- <table key="6to4">
--   <elem key="IPv4 address">1.2.3.4</elem>
-- </table>
--
-- <table key="IPv6 EUI-64">
--   <table key="MAC address">
--     <elem key="address">aa:bb:cc:dd:ee:ff</elem>
--     <elem key="manuf">Unknown</elem>
--   </table>
-- </table>
--
-- <table key="IPv4-embedded IPv6 address">
--   <elem key="IPv4 address">192.0.2.33</elem>
-- </table>
--
-- <table key="IPv4-translated IPv6 address">
--   <elem key="IPv4 address">192.168.1.1</elem>
-- </table>

author = "David Fifield"

license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

categories = {"default", "safe"}

hostrule = function(host)
	return true
end

-- Match an address (array of bytes) against a hex-encoded pattern. "XX" in the
-- pattern is a wildcard.
local function matches(addr, pattern)
	local octet_patterns

octet_patterns = {}
	for op in pattern:gmatch("([%xX][%xX])") do
		octet_patterns[#octet_patterns + 1] = op
	end

if #addr ~= #octet_patterns then
		return false
	end

for i = 1, #addr do
		local a, op

a = addr[i]
		op = octet_patterns[i]
		if not (op == "XX" or a == tonumber(op, 16)) then
			return false
		end
	end

return true
end

local function get_manuf(mac)
	local catch = function() return "Unknown" end
	local try = nmap.new_try(catch)
	local mac_prefixes = try(datafiles.parse_mac_prefixes())
	local prefix = string.upper(string.format("%02x%02x%02x", mac[1], mac[2], mac[3]))
	return mac_prefixes[prefix] or "Unknown"
end

local function format_mac(mac)
	local octets

octets = {}
	for _, v in ipairs(mac) do
		octets[#octets + 1] = string.format("%02x", v)
	end

local out = stdnse.output_table()
	out.address = stdnse.strjoin(":", octets)
	out.manuf = get_manuf(mac)
	return out
end

local function format_ipv4(ipv4)
	local octets

octets = {}
	for _, v in ipairs(ipv4) do
		octets[#octets + 1] = string.format("%d", v)
	end

return stdnse.strjoin(".", octets)
end

local function do_ipv4(addr)
end

-- EUI-64 from MAC, RFC 4291.
local function decode_eui_64(eui_64)
	if eui_64[4] == 0xff and eui_64[5] == 0xfe then
		return { bit.bxor(eui_64[1], 0x02),
			eui_64[2], eui_64[3], eui_64[6], eui_64[7], eui_64[8] }
	end
end

local function do_ipv6(addr)
	local label
	local output

output = stdnse.output_table()

if matches(addr, "0000:0000:0000:0000:0000:0000:0000:0001") then
		-- ::1 is localhost. Not much to report.
		return nil
	elseif matches(addr, "0000:0000:0000:0000:0000:0000:XXXX:XXXX") then
		-- RFC 4291 2.5.5.1.
		local ipv4 = { addr[13], addr[14], addr[15], addr[16] }
		return {["IPv4-compatible"]= { ["IPv4 address"] = format_ipv4(ipv4) } }
	elseif matches(addr, "0000:0000:0000:0000:0000:ffff:XXXX:XXXX") then
		-- RFC 4291 2.5.5.2.
		local ipv4 = { addr[13], addr[14], addr[15], addr[16] }
		return {["IPv4-mapped"]= { ["IPv4 address"] = format_ipv4(ipv4) } }
	elseif matches(addr, "2001:0000:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX") then
		-- Teredo, RFC 4380.
		local server_ipv4 = { addr[5], addr[6], addr[7], addr[8] }
		-- RFC 5991 makes the flags mostly meaningless.
		local flags = addr[9] * 256 + addr[10]
		local obs_port = addr[11] * 256 + addr[12]
		local obs_client_ipv4 = { addr[13], addr[14], addr[15], addr[16] }
		local port, client_ipv4

-- Invert obs_port.
		port = bit.bxor(obs_port, 0xffff)

-- Invert obs_client_ipv4.
		client_ipv4 = {}
		for _, octet in ipairs(obs_client_ipv4) do
			client_ipv4[#client_ipv4 + 1] = bit.bxor(octet, 0xff)
		end

output["Server IPv4 address"] = format_ipv4(server_ipv4)
		output["Client IPv4 address"] = format_ipv4(client_ipv4)
		output["UDP port"] = tostring(port)

return {["Teredo"] = output}
	elseif matches(addr, "0064:ff9b:XXXX:XXXX:00XX:XXXX:XXXX:XXXX") then
		--IPv4-embedded IPv6 addresses. RFC 6052, Section 2

--skip addr[9]
		if matches(addr,"0064:ff9b:0000:0000:0000:0000:XXXX:XXXX") then
			local ipv4 = {addr[13], addr[14], addr[15], addr[16]}
			return {["IPv4-embedded IPv6 address"]= {["IPv4 address"] = format_ipv4(ipv4)}}
		elseif addr[5] ~= 0x01 then
			local ipv4 = {addr[5], addr[6], addr[7], addr[8]}
			return {["IPv4-embedded IPv6 address"]= {["IPv4 address"] = format_ipv4(ipv4)}}
		elseif addr[6] ~= 0x22 then
			local ipv4 = {addr[6], addr[7], addr[8], addr[10]}
			return {["IPv4-embedded IPv6 address"]= {["IPv4 address"] = format_ipv4(ipv4)}}
		elseif addr[7] ~= 0x03 then
			local ipv4 = {addr[7], addr[8], addr[10], addr[11]}
			return {["IPv4-embedded IPv6 address"]= {["IPv4 address"] = format_ipv4(ipv4)}}
		elseif addr[8] ~= 0x44 then
			local ipv4 = {addr[8], addr[10], addr[11], addr[12]}
			return {["IPv4-embedded IPv6 address"]= {["IPv4 address"] = format_ipv4(ipv4)}}
		elseif addr[10] == 0x00 and addr[11] == 0x00 and addr[12] == 0x00 then
			local ipv4 = {addr[13], addr[14], addr[15], addr[16]}
			return {["IPv4-embedded IPv6 address"]= {["IPv4 address"] = format_ipv4(ipv4)}}
		end
	elseif matches(addr, "0000:0000:0000:0000:ffff:0000:XXXX:XXXX") then
		-- IPv4-translated IPv6 addresses. RFC 2765, Section 2.1 
		return {["IPv4-translated IPv6 address"]= 
			{["IPv4 address"] = format_ipv4( {addr[13], addr[14], addr[15], addr[16]})}}
	elseif matches(addr, "XXXX:XXXX:XXXX:XX00:0000:5efe:XXXX:XXXX") then
		-- ISATAP. RFC 5214, Appendix A
		-- XXXX:XXXX:XXXX:XX00:0000:5EFE:a.b.c.d
		return {["ISATAP Modified EUI-64 IPv6 Address"]=
			{["IPv4 address"] = format_ipv4( {addr[13], addr[14], addr[15], addr[16]})}}
	end

-- These following use common handling for the Interface ID part
	-- (last 64 bits).

if matches(addr, "2002:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX") then
		-- 6to4, RFC 3056.
		local ipv4 = { addr[3], addr[4], addr[5], addr[6] }
		local mac = decode_eui_64({ addr[9], addr[10], addr[11], addr[12],
			addr[13], addr[14], addr[15], addr[16] })

label = "6to4"
		output["IPv4 address"] = format_ipv4(ipv4)
	end

local mac = decode_eui_64({ addr[9], addr[10], addr[11], addr[12],
		addr[13], addr[14], addr[15], addr[16] })
	if mac then
		output["MAC address"] = format_mac(mac)
		if not label then
			label = "IPv6 EUI-64"
		end
	end

return {[label]= output}
end

action = function(host)
	local addr_s, addr_t

addr_s = host.bin_ip
	addr_t = { string.byte(addr_s, 1, #addr_s) }

if #addr_t == 4 then
		return do_ipv4(addr_t)
	elseif #addr_t == 16 then
		return do_ipv6(addr_t)
	end
end

[+] ..
[-] qscan.nse [edit]
[-] oracle-brute.nse [edit]
[-] smtp-vuln-cve2011-1764.nse [edit]
[-] broadcast-pc-duo.nse [edit]
[-] targets-ipv6-multicast-mld.nse [edit]
[-] http-backup-finder.nse [edit]
[-] http-sitemap-generator.nse [edit]
[-] cassandra-brute.nse [edit]
[-] snmp-win32-services.nse [edit]
[-] ftp-brute.nse [edit]
[-] irc-botnet-channels.nse [edit]
[-] rsync-brute.nse [edit]
[-] icap-info.nse [edit]
[-] citrix-brute-xml.nse [edit]
[-] iax2-version.nse [edit]
[-] nfs-ls.nse [edit]
[-] ndmp-fs-info.nse [edit]
[-] cvs-brute-repository.nse [edit]
[-] http-drupal-modules.nse [edit]
[-] mysql-databases.nse [edit]
[-] xmpp-info.nse [edit]
[-] pgsql-brute.nse [edit]
[-] ssl-google-cert-catalog.nse [edit]
[-] smtp-commands.nse [edit]
[-] rpcinfo.nse [edit]
[-] snmp-hh3c-logins.nse [edit]
[-] dns-zone-transfer.nse [edit]
[-] murmur-version.nse [edit]
[-] metasploit-xmlrpc-brute.nse [edit]
[-] http-brute.nse [edit]
[-] nessus-xmlrpc-brute.nse [edit]
[-] krb5-enum-users.nse [edit]
[-] vuze-dht-info.nse [edit]
[-] smb-ls.nse [edit]
[-] openlookup-info.nse [edit]
[-] hadoop-namenode-info.nse [edit]
[-] informix-tables.nse [edit]
[-] http-vuln-cve2010-0738.nse [edit]
[-] omp2-brute.nse [edit]
[-] http-headers.nse [edit]
[-] bitcoin-info.nse [edit]
[-] smb-psexec.nse [edit]
[-] eppc-enum-processes.nse [edit]
[-] afp-brute.nse [edit]
[-] iscsi-brute.nse [edit]
[-] http-enum.nse [edit]
[-] smb-enum-sessions.nse [edit]
[-] daytime.nse [edit]
[-] mongodb-info.nse [edit]
[-] omp2-enum-targets.nse [edit]
[-] p2p-conficker.nse [edit]
[-] teamspeak2-version.nse [edit]
[-] http-wordpress-brute.nse [edit]
[-] riak-http-info.nse [edit]
[-] http-joomla-brute.nse [edit]
[-] path-mtu.nse [edit]
[-] targets-traceroute.nse [edit]
[-] snmp-win32-users.nse [edit]
[-] http-unsafe-output-escaping.nse [edit]
[-] http-traceroute.nse [edit]
[-] ftp-anon.nse [edit]
[-] mysql-info.nse [edit]
[-] mtrace.nse [edit]
[-] openvas-otp-brute.nse [edit]
[-] lltd-discovery.nse [edit]
[-] ssl-enum-ciphers.nse [edit]
[-] dict-info.nse [edit]
[-] netbus-version.nse [edit]
[-] nfs-statfs.nse [edit]
[-] hostmap-bfk.nse [edit]
[-] dns-random-txid.nse [edit]
[-] http-affiliate-id.nse [edit]
[-] socks-brute.nse [edit]
[-] bitcoin-getaddr.nse [edit]
[-] acarsd-info.nse [edit]
[-] http-cakephp-version.nse [edit]
[-] oracle-enum-users.nse [edit]
[-] dns-brute.nse [edit]
[-] http-google-malware.nse [edit]
[-] hostmap-robtex.nse [edit]
[-] http-barracuda-dir-traversal.nse [edit]
[-] http-auth-finder.nse [edit]
[-] resolveall.nse [edit]
[-] informix-query.nse [edit]
[-] mysql-users.nse [edit]
[-] nrpe-enum.nse [edit]
[-] mysql-empty-password.nse [edit]
[-] broadcast-xdmcp-discover.nse [edit]
[-] ip-geolocation-geobytes.nse [edit]
[-] cups-info.nse [edit]
[-] tftp-enum.nse [edit]
[-] http-icloud-sendmsg.nse [edit]
[-] nbstat.nse [edit]
[-] ajp-headers.nse [edit]
[-] nexpose-brute.nse [edit]
[-] giop-info.nse [edit]
[-] sip-call-spoof.nse [edit]
[-] broadcast-tellstick-discover.nse [edit]
[-] dns-nsec3-enum.nse [edit]
[-] http-grep.nse [edit]
[-] http-drupal-enum-users.nse [edit]
[-] smb-enum-processes.nse [edit]
[-] maxdb-info.nse [edit]
[-] rtsp-url-brute.nse [edit]
[-] ganglia-info.nse [edit]
[-] ip-geolocation-maxmind.nse [edit]
[-] traceroute-geolocation.nse [edit]
[-] rpcap-info.nse [edit]
[-] http-waf-detect.nse [edit]
[-] ms-sql-dac.nse [edit]
[-] citrix-enum-servers.nse [edit]
[-] http-vmware-path-vuln.nse [edit]
[-] mongodb-brute.nse [edit]
[-] http-passwd.nse [edit]
[-] x11-access.nse [edit]
[-] http-generator.nse [edit]
[-] ms-sql-info.nse [edit]
[-] http-method-tamper.nse [edit]
[-] http-robtex-shared-ns.nse [edit]
[-] http-majordomo2-dir-traversal.nse [edit]
[-] ms-sql-empty-password.nse [edit]
[-] broadcast-netbios-master-browser.nse [edit]
[-] citrix-enum-servers-xml.nse [edit]
[-] broadcast-networker-discover.nse [edit]
[-] mrinfo.nse [edit]
[-] lexmark-config.nse [edit]
[-] http-frontpage-login.nse [edit]
[-] smtp-open-relay.nse [edit]
[-] http-git.nse [edit]
[-] targets-asn.nse [edit]
[-] http-favicon.nse [edit]
[-] backorifice-info.nse [edit]
[-] http-vuln-cve2011-3192.nse [edit]
[-] realvnc-auth-bypass.nse [edit]
[-] broadcast-wpad-discover.nse [edit]
[-] http-methods.nse [edit]
[-] smb-check-vulns.nse [edit]
[-] sshv1.nse [edit]
[-] broadcast-bjnp-discover.nse [edit]
[-] http-title.nse [edit]
[-] broadcast-novell-locate.nse [edit]
[-] smb-vuln-ms10-054.nse [edit]
[-] afp-showmount.nse [edit]
[-] broadcast-rip-discover.nse [edit]
[-] http-slowloris.nse [edit]
[-] nat-pmp-mapport.nse [edit]
[-] ftp-libopie.nse [edit]
[-] targets-ipv6-multicast-echo.nse [edit]
[-] nessus-brute.nse [edit]
[-] membase-brute.nse [edit]
[-] ip-geolocation-ipinfodb.nse [edit]
[-] smb-print-text.nse [edit]
[-] smtp-enum-users.nse [edit]
[-] ajp-brute.nse [edit]
[-] bitcoinrpc-info.nse [edit]
[-] auth-owners.nse [edit]
[-] targets-ipv6-multicast-invalid-dst.nse [edit]
[-] afp-path-vuln.nse [edit]
[-] oracle-brute-stealth.nse [edit]
[-] http-vlcstreamer-ls.nse [edit]
[-] auth-spoof.nse [edit]
[-] nping-brute.nse [edit]
[-] broadcast-dropbox-listener.nse [edit]
[-] afp-ls.nse [edit]
[-] broadcast-db2-discover.nse [edit]
[-] quake3-info.nse [edit]
[-] snmp-sysdescr.nse [edit]
[-] dhcp-discover.nse [edit]
[-] ms-sql-config.nse [edit]
[-] http-comments-displayer.nse [edit]
[-] smb-vuln-ms10-061.nse [edit]
[-] ipv6-node-info.nse [edit]
[-] http-awstatstotals-exec.nse [edit]
[-] ldap-rootdse.nse [edit]
[-] rtsp-methods.nse [edit]
[-] smb-enum-domains.nse [edit]
[-] sniffer-detect.nse [edit]
[-] hbase-master-info.nse [edit]
[-] modbus-discover.nse [edit]
[-] http-rfi-spider.nse [edit]
[-] msrpc-enum.nse [edit]
[-] mysql-query.nse [edit]
[-] ftp-vsftpd-backdoor.nse [edit]
[-] domcon-brute.nse [edit]
[-] citrix-enum-apps-xml.nse [edit]
[-] pjl-ready-message.nse [edit]
[-] sip-brute.nse [edit]
[-] http-vuln-cve2011-3368.nse [edit]
[-] firewalk.nse [edit]
[-] http-gitweb-projects-enum.nse [edit]
[-] http-open-redirect.nse [edit]
[-] ajp-methods.nse [edit]
[-] ip-forwarding.nse [edit]
[-] ncp-serverinfo.nse [edit]
[-] smb-enum-shares.nse [edit]
[-] ssh2-enum-algos.nse [edit]
[-] cvs-brute.nse [edit]
[-] nat-pmp-info.nse [edit]
[-] epmd-info.nse [edit]
[-] bjnp-discover.nse [edit]
[-] stuxnet-detect.nse [edit]
[-] ftp-vuln-cve2010-4221.nse [edit]
[-] http-litespeed-sourcecode-download.nse [edit]
[-] gpsd-info.nse [edit]
[-] snmp-ios-config.nse [edit]
[-] broadcast-igmp-discovery.nse [edit]
[-] http-robtex-reverse-ip.nse [edit]
[-] snmp-processes.nse [edit]
[-] broadcast-sybase-asa-discover.nse [edit]
[-] wsdd-discover.nse [edit]
[-] netbus-info.nse [edit]
[-] broadcast-ripng-discover.nse [edit]
[-] pop3-brute.nse [edit]
[-] backorifice-brute.nse [edit]
[-] domcon-cmd.nse [edit]
[-] citrix-enum-apps.nse [edit]
[-] dns-nsec-enum.nse [edit]
[-] rpcap-brute.nse [edit]
[-] ftp-bounce.nse [edit]
[-] stun-info.nse [edit]
[-] dns-update.nse [edit]
[-] broadcast-wake-on-lan.nse [edit]
[-] dns-cache-snoop.nse [edit]
[-] rsync-list-modules.nse [edit]
[-] snmp-netstat.nse [edit]
[-] url-snarf.nse [edit]
[-] snmp-interfaces.nse [edit]
[-] cassandra-info.nse [edit]
[-] http-huawei-hg5xx-vuln.nse [edit]
[-] memcached-info.nse [edit]
[-] http-proxy-brute.nse [edit]
[-] pptp-version.nse [edit]
[-] broadcast-pppoe-discover.nse [edit]
[-] dns-random-srcport.nse [edit]
[-] ip-geolocation-geoplugin.nse [edit]
[-] smb-security-mode.nse [edit]
[-] ms-sql-dump-hashes.nse [edit]
[-] ntp-monlist.nse [edit]
[-] http-wordpress-enum.nse [edit]
[-] ike-version.nse [edit]
[-] broadcast-eigrp-discovery.nse [edit]
[-] amqp-info.nse [edit]
[-] iax2-brute.nse [edit]
[-] mysql-variables.nse [edit]
[-] ajp-request.nse [edit]
[-] cccam-version.nse [edit]
[-] mysql-brute.nse [edit]
[-] http-malware-host.nse [edit]
[-] http-domino-enum-passwords.nse [edit]
[-] vnc-brute.nse [edit]
[-] duplicates.nse [edit]
[-] db2-das-info.nse [edit]
[-] broadcast-dhcp6-discover.nse [edit]
[-] pop3-capabilities.nse [edit]
[-] http-form-fuzzer.nse [edit]
[-] flume-master-info.nse [edit]
[-] ms-sql-tables.nse [edit]
[-] broadcast-wsdd-discover.nse [edit]
[-] jdwp-info.nse [edit]
[-] mcafee-epo-agent.nse [edit]
[-] smb-brute.nse [edit]
[-] irc-sasl-brute.nse [edit]
[-] http-php-version.nse [edit]
[-] ms-sql-brute.nse [edit]
[-] http-form-brute.nse [edit]
[-] http-cors.nse [edit]
[-] jdwp-version.nse [edit]
[-] smbv2-enabled.nse [edit]
[-] ssl-cert.nse [edit]
[-] dns-fuzz.nse [edit]
[-] mysql-enum.nse [edit]
[-] script.db [edit]
[-] rlogin-brute.nse [edit]
[-] ovs-agent-version.nse [edit]
[-] ntp-info.nse [edit]
[-] ajp-auth.nse [edit]
[-] targets-sniffer.nse [edit]
[-] quake3-master-getservers.nse [edit]
[-] http-date.nse [edit]
[-] cups-queue-info.nse [edit]
[-] rdp-vuln-ms12-020.nse [edit]
[-] http-tplink-dir-traversal.nse [edit]
[-] http-robots.txt.nse [edit]
[-] hadoop-tasktracker-info.nse [edit]
[-] eap-info.nse [edit]
[-] ms-sql-xp-cmdshell.nse [edit]
[-] broadcast-dns-service-discovery.nse [edit]
[-] sip-methods.nse [edit]
[-] broadcast-avahi-dos.nse [edit]
[-] hadoop-secondary-namenode-info.nse [edit]
[-] db2-discover.nse [edit]
[-] jdwp-inject.nse [edit]
[-] servicetags.nse [edit]
[-] netbus-brute.nse [edit]
[-] ms-sql-hasdbaccess.nse [edit]
[-] gopher-ls.nse [edit]
[-] asn-query.nse [edit]
[-] firewall-bypass.nse [edit]
[-] redis-brute.nse [edit]
[-] dpap-brute.nse [edit]
[-] imap-capabilities.nse [edit]
[-] smtp-vuln-cve2010-4344.nse [edit]
[-] tls-nextprotoneg.nse [edit]
[-] upnp-info.nse [edit]
[-] http-icloud-findmyiphone.nse [edit]
[-] ventrilo-info.nse [edit]
[-] hostmap-ip2hosts.nse [edit]
[-] wdb-version.nse [edit]
[-] http-qnap-nas-info.nse [edit]
[-] smb-enum-groups.nse [edit]
[-] address-info.nse [edit]
[-] smb-mbenum.nse [edit]
[-] dns-srv-enum.nse [edit]
[-] http-iis-webdav-vuln.nse [edit]
[-] broadcast-listener.nse [edit]
[-] http-default-accounts.nse [edit]
[-] mysql-audit.nse [edit]
[-] bittorrent-discovery.nse [edit]
[-] reverse-index.nse [edit]
[-] smb-os-discovery.nse [edit]
[-] smtp-strangeport.nse [edit]
[-] socks-open-proxy.nse [edit]
[-] http-vhosts.nse [edit]
[-] broadcast-upnp-info.nse [edit]
[-] afp-serverinfo.nse [edit]
[-] targets-ipv6-multicast-slaac.nse [edit]
[-] ldap-novell-getpass.nse [edit]
[-] nfs-showmount.nse [edit]
[-] http-vuln-cve2012-1823.nse [edit]
[-] stun-version.nse [edit]
[-] http-fileupload-exploiter.nse [edit]
[-] vnc-info.nse [edit]
[-] http-axis2-dir-traversal.nse [edit]
[-] ssh-hostkey.nse [edit]
[-] http-phpmyadmin-dir-traversal.nse [edit]
[-] hadoop-jobtracker-info.nse [edit]
[-] http-stored-xss.nse [edit]
[-] hbase-region-info.nse [edit]
[-] broadcast-ataoe-discover.nse [edit]
[-] dns-check-zone.nse [edit]
[-] rdp-enum-encryption.nse [edit]
[-] ms-sql-query.nse [edit]
[-] http-wordpress-plugins.nse [edit]
[-] irc-info.nse [edit]
[-] rmi-vuln-classloader.nse [edit]
[-] ssl-known-key.nse [edit]
[-] mysql-dump-hashes.nse [edit]
[-] rexec-brute.nse [edit]
[-] mmouse-exec.nse [edit]
[-] vmauthd-brute.nse [edit]
[-] dns-ip6-arpa-scan.nse [edit]
[-] smb-system-info.nse [edit]
[-] irc-brute.nse [edit]
[-] broadcast-versant-locate.nse [edit]
[-] xmpp-brute.nse [edit]
[-] ldap-search.nse [edit]
[-] http-put.nse [edit]
[-] banner.nse [edit]
[-] http-adobe-coldfusion-apsa1301.nse [edit]
[-] llmnr-resolve.nse [edit]
[-] domino-enum-users.nse [edit]
[-] broadcast-ms-sql-discover.nse [edit]
[-] telnet-brute.nse [edit]
[-] isns-info.nse [edit]
[-] http-userdir-enum.nse [edit]
[-] smb-enum-users.nse [edit]
[-] dns-nsid.nse [edit]
[-] ndmp-version.nse [edit]
[-] voldemort-info.nse [edit]
[-] sslv2.nse [edit]
[-] redis-info.nse [edit]
[-] drda-brute.nse [edit]
[-] smtp-vuln-cve2011-1720.nse [edit]
[-] skypev2-version.nse [edit]
[-] http-open-proxy.nse [edit]
[-] irc-unrealircd-backdoor.nse [edit]
[-] ssl-date.nse [edit]
[-] couchdb-databases.nse [edit]
[-] snmp-win32-software.nse [edit]
[-] whois.nse [edit]
[-] http-email-harvest.nse [edit]
[-] http-virustotal.nse [edit]
[-] broadcast-pim-discovery.nse [edit]
[-] distcc-cve2004-2687.nse [edit]
[-] http-exif-spider.nse [edit]
[-] couchdb-stats.nse [edit]
[-] rpc-grind.nse [edit]
[-] finger.nse [edit]
[-] metasploit-msgrpc-brute.nse [edit]
[-] http-waf-fingerprint.nse [edit]
[-] http-config-backup.nse [edit]
[-] http-vuln-cve2010-2861.nse [edit]
[-] ipv6-ra-flood.nse [edit]
[-] http-phpself-xss.nse [edit]
[-] http-sql-injection.nse [edit]
[-] telnet-encryption.nse [edit]
[-] jdwp-exec.nse [edit]
[-] hddtemp-info.nse [edit]
[-] metasploit-info.nse [edit]
[-] ipidseq.nse [edit]
[-] http-auth.nse [edit]
[-] ncp-enum-users.nse [edit]
[-] sip-enum-users.nse [edit]
[-] daap-get-library.nse [edit]
[-] socks-auth-info.nse [edit]
[-] broadcast-dhcp-discover.nse [edit]
[-] http-vuln-cve2009-3960.nse [edit]
[-] http-coldfusion-subzero.nse [edit]
[-] mongodb-databases.nse [edit]
[-] xdmcp-discover.nse [edit]
[-] http-chrono.nse [edit]
[-] netbus-auth-bypass.nse [edit]
[-] drda-info.nse [edit]
[-] membase-http-info.nse [edit]
[-] smb-flood.nse [edit]
[-] dns-zeustracker.nse [edit]
[-] http-apache-negotiation.nse [edit]
[-] iscsi-info.nse [edit]
[-] smb-server-stats.nse [edit]
[-] mysql-vuln-cve2012-2122.nse [edit]
[-] dns-service-discovery.nse [edit]
[-] creds-summary.nse [edit]
[-] oracle-sid-brute.nse [edit]
[-] dns-recursion.nse [edit]
[-] broadcast-pc-anywhere.nse [edit]
[-] http-slowloris-check.nse [edit]
[-] snmp-brute.nse [edit]
[-] ftp-proftpd-backdoor.nse [edit]
[-] imap-brute.nse [edit]
[-] gkrellm-info.nse [edit]
[-] versant-info.nse [edit]
[-] svn-brute.nse [edit]
[-] hadoop-datanode-info.nse [edit]
[-] informix-brute.nse [edit]
[-] mmouse-brute.nse [edit]
[-] samba-vuln-cve-2012-1182.nse [edit]
[-] broadcast-ping.nse [edit]
[-] unusual-port.nse [edit]
[-] smtp-brute.nse [edit]
[-] http-vuln-cve2013-0156.nse [edit]
[-] http-trace.nse [edit]
[-] rmi-dumpregistry.nse [edit]
[-] dns-blacklist.nse [edit]
[-] ldap-brute.nse [edit]
[-] pcanywhere-brute.nse [edit]
[-] dns-client-subnet-scan.nse [edit]
[-] snmp-win32-shares.nse [edit]