Nmap Development mailing list archives
NSE console script help
From: Martin Holst Swende <martin () swende se>
Date: Mon, 17 Jan 2011 20:49:34 +0100
Hi, Reposting this which I posted earlier ([1], [2]), perhaps with a bad subject-line, since there was no response. While I was fiddling with nse_main, I added another thing I have been missing. I often don't really know what scripts are possible to run for a particular service or port, and I don't always know what they do. So, I added another script argument: "help". For all the scripts that would have been run, it instead prints out info about the scripts. I find it extremely useful, since there are a *lot* of script nowadays and several in non-default categories which is a bit of a pain to find. Example usage: nmap <host> --script=all --script-args help - Would print out info about all scripts which can be used against the target. Example usage: nmap localhost -p80 --script=intrusive,vuln --script-args=help - In the intrusive category, I like to read up on what the script does before using it and not just fire away. nmap google.com -p80 -sC --script-args help ... NSE: ------------- Script help ------------- http-methods.nse Categories default safe Description Finds out what options are supported by an HTTP server by sending an OPTIONS request. Lists potentially risky methods. Optionally tests each method individually to see if they are subject to e.g. IP address restrictions. In this script, "potentially risky" methods are anything except GET, HEAD, POST, and OPTIONS. If the script reports potentially risky methods, they may not all be security risks, but you should check to make sure. This page lists the dangers of some common methods: http://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_%28OWASP-CM-008%29 The list of supported methods comes from the contents of the Allow and Public header fields. In verbose mode, a list of all methods is printed, followed by the list of potentially risky methods. Without verbose mode, only the potentially risky methods are shown. NSE: ------------- Script help ------------- http-vmware-path-vuln.nse Categories vuln safe default Description Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server (CVE-2009-3733). The vulnerability was originally released by Justin Morehouse and Tony Flick, who presented at Shmoocon 2010 (http://fyrmassociates.com/tools.html). NSE: ------------- Script help ------------- robots.txt.nse Categories default discovery safe Description Checks for disallowed entries in <code>robots.txt</code>. The higher the verbosity or debug level, the more disallowed entries are shown. ... Having used it a while myself, I like it a lot. /Martin [1] http://seclists.org/nmap-dev/2010/q4/543 [2] http://seclists.org/nmap-dev/2010/q4/567 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE console script help Martin Holst Swende (Jan 17)
- Re: NSE console script help Arturo 'Buanzo' Busleiman (Jan 17)
- RE: NSE console script help Drazen Popovic (Jan 17)
- Re: NSE console script help David Fifield (Jan 17)
- Re: NSE console script help Martin Holst Swende (Jan 17)
- Re: NSE console script help Fyodor (Jan 18)
- Re: NSE console script help Martin Holst Swende (Jan 18)
- Re: NSE console script help Patrick Donnelly (Jan 18)
- Re: NSE console script help Martin Holst Swende (Jan 18)
- Re: NSE console script help Fyodor (Jan 18)
- Re: NSE console script help Kris Katterjohn (Jan 18)
- Re: NSE console script help Martin Holst Swende (Jan 18)