Difference between revisions of "Nmap scripts"
Jump to navigation
Jump to search
m |
|||
(19 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
− | * | + | {{Archived}} |
− | ** | + | |
− | ** | + | * Bruteforce framework improvements |
− | ** | + | ** Handle arbitrary number of inputs (e.g., username, password, repository) |
− | * IMAP | + | ** Handle arbitrary number of dictionaries per input |
− | ** | + | ** Handle arbitrary number of command-line literal strings for inputs |
− | * | + | ** Store tables with successful inputs in registry |
− | ** | + | ** Scripts to write: |
− | ** | + | *** CVS pserver (started) |
+ | *** SVN (port to framework) | ||
+ | *** Git (port to framework) | ||
+ | *** Monotone | ||
+ | *** Mercurial | ||
+ | *** Bazaar | ||
+ | *** DNSrecon [https://github.com/darkoperator/dnsrecon/blob/master/dnsrecon.py] | ||
+ | *** Synergy (bruteforce, maybe) | ||
+ | *** NRPE ([http://seclists.org/nmap-dev/2010/q4/702 submitted], but not bruteforce) | ||
+ | *** IMAP | ||
+ | *** SNMP (port to framework) | ||
+ | *** POP (port to framework) | ||
+ | *** Metasploit XML-RPC interface [http://www.metasploit.com/redmine/projects/framework/wiki/XMLRPC] | ||
+ | *** Nessus daemon | ||
+ | *** TFTP paths | ||
+ | * Dropbox LanSync broadcast ([http://seclists.org/nmap-dev/2010/q4/689 submitted]) | ||
* Exim | * Exim | ||
** Exploit | ** Exploit | ||
Line 22: | Line 37: | ||
* Bonjour | * Bonjour | ||
* Nbstat.nse -> change to using a broadcast prerule | * Nbstat.nse -> change to using a broadcast prerule | ||
− | * IPv6 stuff | + | * IPsec [http://en.wikipedia.org/wiki/Internet_Key_Exchange IKE] enumeration |
+ | * IPv6 stuff [https://www.metasploit.com/redmine/projects/framework/repository/revisions/11417] | ||
** Neighbour Discovery | ** Neighbour Discovery | ||
** Router Solicitation | ** Router Solicitation | ||
− | |||
* 802.1X / EAP | * 802.1X / EAP | ||
* SSL renegotiation [http://extendedsubset.com/?p=8] | * SSL renegotiation [http://extendedsubset.com/?p=8] | ||
Line 31: | Line 46: | ||
* Linux local commands over ssh | * Linux local commands over ssh | ||
* Windows installed software (registry/uninstall) | * Windows installed software (registry/uninstall) | ||
+ | ** Prefetch | ||
+ | * Windows MSRPC clone of rpcinfo.nse | ||
+ | * DCOM | ||
+ | * WMI - hard++ | ||
+ | * sip | ||
+ | ** brute | ||
+ | ** enum | ||
+ | |||
+ | [[Category:Projects]] |
Latest revision as of 14:41, 4 October 2017
- Bruteforce framework improvements
- Handle arbitrary number of inputs (e.g., username, password, repository)
- Handle arbitrary number of dictionaries per input
- Handle arbitrary number of command-line literal strings for inputs
- Store tables with successful inputs in registry
- Scripts to write:
- Dropbox LanSync broadcast (submitted)
- Exim
- Exploit
- http spider
- Needs finishing
- Signatures for http-enum web apps
- SNMP BSSID
- Update brute scripts to use brute.lua
- SOAP library
- Debian OpenSSL blacklist [3]
- PostgreSQL info
- My IP neighbours
- Geolocation
- Bonjour
- Nbstat.nse -> change to using a broadcast prerule
- IPsec IKE enumeration
- IPv6 stuff [4]
- Neighbour Discovery
- Router Solicitation
- 802.1X / EAP
- SSL renegotiation [5]
- Microsoft hidden SSL certs [6]
- Linux local commands over ssh
- Windows installed software (registry/uninstall)
- Prefetch
- Windows MSRPC clone of rpcinfo.nse
- DCOM
- WMI - hard++
- sip
- brute
- enum