Difference between revisions of "Nmap scripts"

From SkullSpace Wiki
Jump to navigation Jump to search
m
 
(26 intermediate revisions by 5 users not shown)
Line 1: Line 1:
* cvs
+
{{Archived}}
** bruteforce pserver
+
 
** list modules
+
* Bruteforce framework improvements
** download source/modules
+
** Handle arbitrary number of inputs (e.g., username, password, repository)
* IMAP
+
** Handle arbitrary number of dictionaries per input
** Bruteforce
+
** Handle arbitrary number of command-line literal strings for inputs
* NRPE
+
** Store tables with successful inputs in registry
** Bruteforce
+
** Scripts to write:
** Trigger commands
+
*** CVS pserver (started)
 +
*** SVN (port to framework)
 +
*** Git (port to framework)
 +
*** Monotone
 +
*** Mercurial
 +
*** Bazaar
 +
*** DNSrecon [https://github.com/darkoperator/dnsrecon/blob/master/dnsrecon.py]
 +
*** Synergy (bruteforce, maybe)
 +
*** NRPE ([http://seclists.org/nmap-dev/2010/q4/702 submitted], but not bruteforce)
 +
*** IMAP
 +
*** SNMP (port to framework)
 +
*** POP (port to framework)
 +
*** Metasploit XML-RPC interface [http://www.metasploit.com/redmine/projects/framework/wiki/XMLRPC]
 +
*** Nessus daemon
 +
*** TFTP paths
 +
* Dropbox LanSync broadcast ([http://seclists.org/nmap-dev/2010/q4/689 submitted])
 
* Exim
 
* Exim
 
** Exploit
 
** Exploit
Line 16: Line 31:
 
* Update brute scripts to use brute.lua  
 
* Update brute scripts to use brute.lua  
 
* SOAP library
 
* SOAP library
* Debian OpenSSL blacklist
+
* Debian OpenSSL blacklist [http://wiki.debian.org/SSLkeys]
* Postgres info
+
* PostgreSQL info
* My ip neighbours
+
* My IP neighbours
 
* Geolocation
 
* Geolocation
 
* Bonjour
 
* Bonjour
 
* Nbstat.nse -> change to using a broadcast prerule
 
* Nbstat.nse -> change to using a broadcast prerule
* IPv6 stuff
+
* IPsec [http://en.wikipedia.org/wiki/Internet_Key_Exchange IKE] enumeration
 +
* IPv6 stuff [https://www.metasploit.com/redmine/projects/framework/repository/revisions/11417]
 +
** Neighbour Discovery
 +
** Router Solicitation
 +
* 802.1X / EAP
 +
* SSL renegotiation [http://extendedsubset.com/?p=8]
 +
* Microsoft hidden SSL certs [http://securitytube.net/Observatory-for-SSLiverse-Defcon-18-video.aspx]
 +
* Linux local commands over ssh
 +
* Windows installed software (registry/uninstall)
 +
** Prefetch
 +
* Windows MSRPC clone of rpcinfo.nse
 +
* DCOM
 +
* WMI - hard++
 +
* sip
 +
** brute
 +
** enum
 +
 
 +
[[Category:Projects]]

Latest revision as of 14:41, 4 October 2017

Info.png This page has been archived. All information in this article is historical.
  • Bruteforce framework improvements
    • Handle arbitrary number of inputs (e.g., username, password, repository)
    • Handle arbitrary number of dictionaries per input
    • Handle arbitrary number of command-line literal strings for inputs
    • Store tables with successful inputs in registry
    • Scripts to write:
      • CVS pserver (started)
      • SVN (port to framework)
      • Git (port to framework)
      • Monotone
      • Mercurial
      • Bazaar
      • DNSrecon [1]
      • Synergy (bruteforce, maybe)
      • NRPE (submitted, but not bruteforce)
      • IMAP
      • SNMP (port to framework)
      • POP (port to framework)
      • Metasploit XML-RPC interface [2]
      • Nessus daemon
      • TFTP paths
  • Dropbox LanSync broadcast (submitted)
  • Exim
    • Exploit
  • http spider
    • Needs finishing
  • Signatures for http-enum web apps
  • SNMP BSSID
  • Update brute scripts to use brute.lua
  • SOAP library
  • Debian OpenSSL blacklist [3]
  • PostgreSQL info
  • My IP neighbours
  • Geolocation
  • Bonjour
  • Nbstat.nse -> change to using a broadcast prerule
  • IPsec IKE enumeration
  • IPv6 stuff [4]
    • Neighbour Discovery
    • Router Solicitation
  • 802.1X / EAP
  • SSL renegotiation [5]
  • Microsoft hidden SSL certs [6]
  • Linux local commands over ssh
  • Windows installed software (registry/uninstall)
    • Prefetch
  • Windows MSRPC clone of rpcinfo.nse
  • DCOM
  • WMI - hard++
  • sip
    • brute
    • enum