OXIESEC PANEL
- Current Dir:
/
/
usr
/
share
/
nmap
/
scripts
Server IP: 139.59.38.164
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
08/07/2020 12:36:00 PM
rwxr-xr-x
📄
acarsd-info.nse
3.81 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
address-info.nse
8.52 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
afp-brute.nse
3.27 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
afp-ls.nse
6.73 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
afp-path-vuln.nse
6.84 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
afp-serverinfo.nse
5.54 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
afp-showmount.nse
2.56 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ajp-auth.nse
2.21 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ajp-brute.nse
2.9 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ajp-headers.nse
1.3 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ajp-methods.nse
2.46 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ajp-request.nse
2.95 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
allseeingeye-info.nse
6.87 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
amqp-info.nse
1.64 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
asn-query.nse
14.79 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
auth-owners.nse
2.01 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
auth-spoof.nse
870 bytes
04/16/2018 01:11:39 AM
rw-r--r--
📄
backorifice-brute.nse
9.21 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
backorifice-info.nse
9.81 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
bacnet-info.nse
40.08 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
banner.nse
5.99 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
bitcoin-getaddr.nse
1.94 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
bitcoin-info.nse
1.68 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
bitcoinrpc-info.nse
4.3 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
bittorrent-discovery.nse
3.79 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
bjnp-discover.nse
1.31 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-ataoe-discover.nse
4.36 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-avahi-dos.nse
2.89 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-bjnp-discover.nse
4.67 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-db2-discover.nse
2.38 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-dhcp-discover.nse
7.07 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-dhcp6-discover.nse
3.14 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-dns-service-discovery.nse
1.46 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-dropbox-listener.nse
3.75 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-eigrp-discovery.nse
11.92 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-igmp-discovery.nse
14.59 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-listener.nse
10.15 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-ms-sql-discover.nse
3.72 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-netbios-master-browser.nse
1.9 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-networker-discover.nse
2.28 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-novell-locate.nse
1.92 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-ospf2-discover.nse
16.45 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-pc-anywhere.nse
1.92 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-pc-duo.nse
3.47 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-pim-discovery.nse
5.85 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-ping.nse
8.99 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-pppoe-discover.nse
3.15 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-rip-discover.nse
4.79 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-ripng-discover.nse
5.76 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-sonicwall-discover.nse
3.53 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-sybase-asa-discover.nse
5.18 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-tellstick-discover.nse
1.85 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-upnp-info.nse
1.5 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-versant-locate.nse
924 bytes
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-wake-on-lan.nse
2.04 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-wpad-discover.nse
7.27 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-wsdd-discover.nse
3.04 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
broadcast-xdmcp-discover.nse
1.92 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
cassandra-brute.nse
3.67 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
cassandra-info.nse
2.5 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
cccam-version.nse
1.47 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
cics-enum.nse
17.54 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
cics-info.nse
13.46 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
cics-user-brute.nse
10.6 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
cics-user-enum.nse
9.07 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
citrix-brute-xml.nse
4.64 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
citrix-enum-apps-xml.nse
4.54 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
citrix-enum-apps.nse
4.09 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
citrix-enum-servers-xml.nse
1.1 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
citrix-enum-servers.nse
3.81 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
clamav-exec.nse
6.93 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
clock-skew.nse
5.11 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
coap-resources.nse
9.14 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
couchdb-databases.nse
2.53 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
couchdb-stats.nse
8.78 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
creds-summary.nse
1.06 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
cups-info.nse
2.11 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
cups-queue-info.nse
1.39 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
cvs-brute-repository.nse
3.82 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
cvs-brute.nse
2.89 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
daap-get-library.nse
9.13 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
daytime.nse
595 bytes
04/16/2018 01:11:39 AM
rw-r--r--
📄
db2-das-info.nse
14.08 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dhcp-discover.nse
6.01 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dict-info.nse
2.44 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
distcc-cve2004-2687.nse
3.61 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-blacklist.nse
5.2 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-brute.nse
9.7 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-cache-snoop.nse
6.46 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-check-zone.nse
14.81 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-client-subnet-scan.nse
14.51 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-fuzz.nse
10.66 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-ip6-arpa-scan.nse
3.61 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-nsec-enum.nse
10.26 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-nsec3-enum.nse
12.23 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-nsid.nse
3.31 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-random-srcport.nse
4.31 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-random-txid.nse
4.31 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-recursion.nse
1.42 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-service-discovery.nse
2.14 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-srv-enum.nse
5.55 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-update.nse
5.63 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-zeustracker.nse
2.03 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dns-zone-transfer.nse
26.02 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
docker-version.nse
1.24 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
domcon-brute.nse
3.77 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
domcon-cmd.nse
4.39 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
domino-enum-users.nse
4.07 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
dpap-brute.nse
2.77 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
drda-brute.nse
5.67 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
drda-info.nse
3.71 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
duplicates.nse
7.26 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
eap-info.nse
5.72 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
enip-info.nse
48.05 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
epmd-info.nse
1.68 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
eppc-enum-processes.nse
2.45 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
fcrdns.nse
3.78 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
finger.nse
1.06 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
fingerprint-strings.nse
3.47 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
firewalk.nse
28.44 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
firewall-bypass.nse
8.73 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
flume-master-info.nse
10.56 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
fox-info.nse
3.71 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
freelancer-info.nse
3.72 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ftp-anon.nse
4.46 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ftp-bounce.nse
3.18 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ftp-brute.nse
3.04 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ftp-libopie.nse
3.18 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ftp-proftpd-backdoor.nse
3.22 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ftp-syst.nse
3.72 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ftp-vsftpd-backdoor.nse
5.87 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ftp-vuln-cve2010-4221.nse
5.8 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ganglia-info.nse
7.79 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
giop-info.nse
1.82 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
gkrellm-info.nse
6.61 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
gopher-ls.nse
2.25 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
gpsd-info.nse
2.52 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
hadoop-datanode-info.nse
1.89 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
hadoop-jobtracker-info.nse
6.84 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
hadoop-namenode-info.nse
6.57 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
hadoop-secondary-namenode-info.nse
4.41 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
hadoop-tasktracker-info.nse
2.88 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
hbase-master-info.nse
5.35 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
hbase-region-info.nse
3.56 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
hddtemp-info.nse
1.8 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
hnap-info.nse
4.32 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
hostmap-bfk.nse
3.64 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
hostmap-ip2hosts.nse
3.58 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
hostmap-robtex.nse
1.86 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-adobe-coldfusion-apsa1301.nse
2.1 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-affiliate-id.nse
4.99 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-apache-negotiation.nse
1.9 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-apache-server-status.nse
4.39 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-aspnet-debug.nse
1.76 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-auth-finder.nse
3.87 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-auth.nse
3.11 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-avaya-ipoffice-users.nse
2.83 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-awstatstotals-exec.nse
4.27 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-axis2-dir-traversal.nse
6.71 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-backup-finder.nse
5.36 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-barracuda-dir-traversal.nse
6.24 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-brute.nse
4.83 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-cakephp-version.nse
4.31 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-chrono.nse
4.81 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-cisco-anyconnect.nse
1.66 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-coldfusion-subzero.nse
5.39 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-comments-displayer.nse
4.05 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-config-backup.nse
7.08 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-cookie-flags.nse
5.02 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-cors.nse
2.51 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-cross-domain-policy.nse
13.44 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-csrf.nse
5.29 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-date.nse
1.64 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-default-accounts.nse
13.9 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-devframework.nse
4.19 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-dlink-backdoor.nse
2.47 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-dombased-xss.nse
4.35 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-domino-enum-passwords.nse
13.58 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-drupal-enum-users.nse
2.2 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-drupal-enum.nse
6.75 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-enum.nse
19.69 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-errors.nse
3.27 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-exif-spider.nse
20.05 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-favicon.nse
5.08 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-feed.nse
4.35 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-fetch.nse
8.78 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-fileupload-exploiter.nse
10.82 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-form-brute.nse
20.83 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-form-fuzzer.nse
8.03 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-frontpage-login.nse
2.67 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-generator.nse
2.25 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-git.nse
11.82 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-gitweb-projects-enum.nse
3.12 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-google-malware.nse
3.27 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-grep.nse
11.67 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-headers.nse
1.87 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-huawei-hg5xx-vuln.nse
6.82 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-icloud-findmyiphone.nse
2.71 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-icloud-sendmsg.nse
3.99 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-iis-short-name-brute.nse
5.93 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-iis-webdav-vuln.nse
7.71 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-internal-ip-disclosure.nse
2.51 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-joomla-brute.nse
5.29 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-litespeed-sourcecode-download.nse
2.56 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-ls.nse
5.97 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-majordomo2-dir-traversal.nse
3.17 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-malware-host.nse
2.81 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-mcmp.nse
3.62 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-method-tamper.nse
6.71 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-methods.nse
7.04 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-mobileversion-checker.nse
2.64 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-ntlm-info.nse
4.35 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-open-proxy.nse
8.08 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-open-redirect.nse
4.64 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-passwd.nse
6.86 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-php-version.nse
6.88 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-phpmyadmin-dir-traversal.nse
5.64 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-phpself-xss.nse
5.69 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-proxy-brute.nse
3.41 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-put.nse
1.88 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-qnap-nas-info.nse
3.19 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-referer-checker.nse
2.12 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-rfi-spider.nse
9.47 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-robots.txt.nse
2.67 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-robtex-reverse-ip.nse
2.04 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-robtex-shared-ns.nse
2.46 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-security-headers.nse
15.61 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-server-header.nse
2.99 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-shellshock.nse
5.42 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-sitemap-generator.nse
5.22 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-slowloris-check.nse
5.34 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-slowloris.nse
10.87 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-sql-injection.nse
9.18 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-stored-xss.nse
8.25 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-svn-enum.nse
3.95 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-svn-info.nse
4.29 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-title.nse
2.29 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-tplink-dir-traversal.nse
5.88 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-trace.nse
1.87 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-traceroute.nse
5.17 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-unsafe-output-escaping.nse
5.42 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-useragent-tester.nse
5.26 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-userdir-enum.nse
4.44 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vhosts.nse
5.77 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-virustotal.nse
10.52 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vlcstreamer-ls.nse
2.03 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vmware-path-vuln.nse
4.01 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2006-3392.nse
3.21 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2009-3960.nse
6.43 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2010-0738.nse
2.89 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2010-2861.nse
5.51 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2011-3192.nse
4.44 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2011-3368.nse
5.76 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2012-1823.nse
4.3 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2013-0156.nse
4.72 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2013-6786.nse
2.83 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2013-7091.nse
4.89 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2014-2126.nse
2.88 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2014-2127.nse
3.26 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2014-2128.nse
3.12 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2014-2129.nse
2.91 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2014-3704.nse
13.93 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2014-8877.nse
4.41 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2015-1427.nse
7.62 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2015-1635.nse
3.35 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2017-1001000.nse
4.34 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2017-5638.nse
2.52 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2017-5689.nse
5.38 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-cve2017-8917.nse
5.07 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-misfortune-cookie.nse
2.64 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-vuln-wnr1000-creds.nse
4.13 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-waf-detect.nse
5.29 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-waf-fingerprint.nse
18.89 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-webdav-scan.nse
5.66 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-wordpress-brute.nse
4.94 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-wordpress-enum.nse
10.61 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-wordpress-users.nse
4.5 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
http-xssed.nse
2.59 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
iax2-brute.nse
2.08 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
iax2-version.nse
1.34 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
icap-info.nse
3.34 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
iec-identify.nse
4.24 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ike-version.nse
4.99 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
imap-brute.nse
4.34 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
imap-capabilities.nse
1.48 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
imap-ntlm-info.nse
5.27 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
impress-remote-discover.nse
6.34 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
informix-brute.nse
2.85 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
informix-query.nse
3.33 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
informix-tables.nse
4.44 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ip-forwarding.nse
3.14 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ip-geolocation-geoplugin.nse
2.11 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ip-geolocation-ipinfodb.nse
2.67 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ip-geolocation-map-bing.nse
5.84 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ip-geolocation-map-google.nse
5.82 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ip-geolocation-map-kml.nse
2.23 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ip-geolocation-maxmind.nse
22.4 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ip-https-discover.nse
2.38 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ipidseq.nse
5.69 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ipmi-brute.nse
3.46 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ipmi-cipher-zero.nse
3.12 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ipmi-version.nse
3.66 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ipv6-multicast-mld-list.nse
16.07 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ipv6-node-info.nse
8.37 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ipv6-ra-flood.nse
6.47 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
irc-botnet-channels.nse
6.86 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
irc-brute.nse
3.56 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
irc-info.nse
4.46 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
irc-sasl-brute.nse
6.21 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
irc-unrealircd-backdoor.nse
8.28 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
iscsi-brute.nse
2.32 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
iscsi-info.nse
3.04 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
isns-info.nse
1.91 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
jdwp-exec.nse
3.24 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
jdwp-info.nse
3.04 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
jdwp-inject.nse
3 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
jdwp-version.nse
2.28 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
knx-gateway-discover.nse
11.92 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
knx-gateway-info.nse
7 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
krb5-enum-users.nse
12.94 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ldap-brute.nse
13.8 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ldap-novell-getpass.nse
4.9 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ldap-rootdse.nse
9.19 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ldap-search.nse
12.15 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
lexmark-config.nse
2.49 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
llmnr-resolve.nse
6.54 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
lltd-discovery.nse
9.85 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
maxdb-info.nse
6.22 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mcafee-epo-agent.nse
2.57 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
membase-brute.nse
2.8 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
membase-http-info.nse
4.76 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
memcached-info.nse
3.56 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
metasploit-info.nse
9.9 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
metasploit-msgrpc-brute.nse
3.3 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
metasploit-xmlrpc-brute.nse
3.15 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mikrotik-routeros-brute.nse
3.15 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mmouse-brute.nse
3.19 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mmouse-exec.nse
5.55 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
modbus-discover.nse
5.91 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mongodb-brute.nse
2.52 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mongodb-databases.nse
2.52 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mongodb-info.nse
3.58 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mqtt-subscribe.nse
14.71 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mrinfo.nse
9.08 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ms-sql-brute.nse
11.73 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ms-sql-config.nse
5.91 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ms-sql-dac.nse
3.3 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ms-sql-dump-hashes.nse
4.22 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ms-sql-empty-password.nse
6.94 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ms-sql-hasdbaccess.nse
5.8 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ms-sql-info.nse
11.08 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ms-sql-ntlm-info.nse
3.86 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ms-sql-query.nse
4.61 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ms-sql-tables.nse
9.15 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ms-sql-xp-cmdshell.nse
6.11 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
msrpc-enum.nse
3.16 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mtrace.nse
12.26 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
murmur-version.nse
3.37 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mysql-audit.nse
6.48 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mysql-brute.nse
2.91 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mysql-databases.nse
2.88 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mysql-dump-hashes.nse
3.19 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mysql-empty-password.nse
1.97 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mysql-enum.nse
3.37 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mysql-info.nse
3.4 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mysql-query.nse
3.63 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mysql-users.nse
2.75 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mysql-variables.nse
3.19 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
mysql-vuln-cve2012-2122.nse
6.81 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
nat-pmp-info.nse
1.22 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
nat-pmp-mapport.nse
4.39 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
nbstat.nse
7.48 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ncp-enum-users.nse
1.31 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ncp-serverinfo.nse
1.23 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ndmp-fs-info.nse
2.27 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ndmp-version.nse
2.25 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
nessus-brute.nse
4.48 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
nessus-xmlrpc-brute.nse
4 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
netbus-auth-bypass.nse
1.79 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
netbus-brute.nse
1.64 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
netbus-info.nse
5.5 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
netbus-version.nse
1.15 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
nexpose-brute.nse
2.67 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
nfs-ls.nse
14.19 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
nfs-showmount.nse
2.58 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
nfs-statfs.nse
9.63 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
nje-node-brute.nse
6.23 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
nje-pass-brute.nse
6.11 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
nntp-ntlm-info.nse
5 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
nping-brute.nse
3.98 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
nrpe-enum.nse
7.73 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ntp-info.nse
6.02 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ntp-monlist.nse
32.19 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
omp2-brute.nse
2.12 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
omp2-enum-targets.nse
3.25 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
omron-info.nse
6.64 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
openlookup-info.nse
5.04 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
openvas-otp-brute.nse
3.12 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
openwebnet-discovery.nse
6.83 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
oracle-brute-stealth.nse
6.54 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
oracle-brute.nse
7.22 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
oracle-enum-users.nse
3.84 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
oracle-sid-brute.nse
4.71 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
oracle-tns-version.nse
2.75 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ovs-agent-version.nse
2.95 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
p2p-conficker.nse
21.79 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
path-mtu.nse
9.95 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
pcanywhere-brute.nse
5.31 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
pcworx-info.nse
3.48 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
pgsql-brute.nse
5.18 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
pjl-ready-message.nse
2.97 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
pop3-brute.nse
3.86 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
pop3-capabilities.nse
1.37 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
pop3-ntlm-info.nse
4.85 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
pptp-version.nse
3.38 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
puppet-naivesigning.nse
8.57 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
qconn-exec.nse
4.22 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
qscan.nse
14.37 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
quake1-info.nse
10.66 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
quake3-info.nse
6.6 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
quake3-master-getservers.nse
7.16 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
rdp-enum-encryption.nse
4.28 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
rdp-vuln-ms12-020.nse
8.68 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
realvnc-auth-bypass.nse
3.19 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
redis-brute.nse
2.71 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
redis-info.nse
6.83 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
resolveall.nse
4.38 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
reverse-index.nse
4.56 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
rexec-brute.nse
2.57 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
rfc868-time.nse
1.8 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
riak-http-info.nse
5.43 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
rlogin-brute.nse
4.75 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
rmi-dumpregistry.nse
10.55 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
rmi-vuln-classloader.nse
3.92 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
rpc-grind.nse
8.68 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
rpcap-brute.nse
2.07 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
rpcap-info.nse
2.59 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
rpcinfo.nse
4.38 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
rsync-brute.nse
3.04 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
rsync-list-modules.nse
1.19 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
rtsp-methods.nse
1.4 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
rtsp-url-brute.nse
5.59 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
rusers.nse
5.36 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
s7-info.nse
9.92 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
samba-vuln-cve-2012-1182.nse
4.07 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
script.db
48.72 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
servicetags.nse
8.49 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
shodan-api.nse
6.42 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
sip-brute.nse
3.54 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
sip-call-spoof.nse
5.96 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
sip-enum-users.nse
8.41 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
sip-methods.nse
1.57 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
skypev2-version.nse
2.11 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-brute.nse
44.1 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-double-pulsar-backdoor.nse
5.19 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-enum-domains.nse
4.73 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-enum-groups.nse
5.79 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-enum-processes.nse
7.86 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-enum-sessions.nse
11.77 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-enum-shares.nse
6.76 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-enum-users.nse
12.24 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-flood.nse
1.67 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-ls.nse
7.21 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-mbenum.nse
8.59 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-os-discovery.nse
7.85 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-print-text.nse
4.96 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-protocols.nse
1.89 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-psexec.nse
62.1 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-security-mode.nse
5.07 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-server-stats.nse
2.37 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-system-info.nse
13.82 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-vuln-conficker.nse
7.41 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-vuln-cve-2017-7494.nse
22.61 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-vuln-cve2009-3103.nse
6.34 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-vuln-ms06-025.nse
6.46 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-vuln-ms07-029.nse
5.32 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-vuln-ms08-067.nse
5.64 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-vuln-ms10-054.nse
5.49 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-vuln-ms10-061.nse
7.15 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-vuln-ms17-010.nse
6.98 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb-vuln-regsvc-dos.nse
4.42 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb2-capabilities.nse
3.31 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb2-security-mode.nse
3.05 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb2-time.nse
1.3 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smb2-vuln-uptime.nse
5 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smtp-brute.nse
4.21 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smtp-commands.nse
4.66 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smtp-enum-users.nse
11.72 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smtp-ntlm-info.nse
5.76 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smtp-open-relay.nse
9.91 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smtp-strangeport.nse
716 bytes
04/16/2018 01:11:39 AM
rw-r--r--
📄
smtp-vuln-cve2010-4344.nse
14.39 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smtp-vuln-cve2011-1720.nse
7.48 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
smtp-vuln-cve2011-1764.nse
7.41 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
sniffer-detect.nse
4.23 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
snmp-brute.nse
7.34 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
snmp-hh3c-logins.nse
4.27 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
snmp-info.nse
5.06 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
snmp-interfaces.nse
27.96 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
snmp-ios-config.nse
5.79 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
snmp-netstat.nse
4.05 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
snmp-processes.nse
4.31 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
snmp-sysdescr.nse
1.8 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
snmp-win32-services.nse
2.5 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
snmp-win32-shares.nse
2.66 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
snmp-win32-software.nse
4.54 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
snmp-win32-users.nse
1.96 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
socks-auth-info.nse
1.71 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
socks-brute.nse
2.44 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
socks-open-proxy.nse
6.37 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ssh-auth-methods.nse
1.18 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ssh-brute.nse
3 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ssh-hostkey.nse
15.1 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ssh-publickey-acceptance.nse
4.14 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ssh-run.nse
2.85 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ssh2-enum-algos.nse
5.53 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
sshv1.nse
1.41 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ssl-ccs-injection.nse
8.61 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ssl-cert-intaddr.nse
3.75 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ssl-cert.nse
8.59 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ssl-date.nse
6.61 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ssl-dh-params.nse
38.83 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ssl-enum-ciphers.nse
39.37 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ssl-heartbleed.nse
7.65 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ssl-known-key.nse
4.13 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ssl-poodle.nse
11.41 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
sslv2-drown.nse
10.86 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
sslv2.nse
1.54 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
sstp-discover.nse
2.27 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
stun-info.nse
1.16 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
stun-version.nse
1.11 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
stuxnet-detect.nse
3.27 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
supermicro-ipmi-conf.nse
3.65 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
svn-brute.nse
7.31 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
targets-asn.nse
2.81 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
targets-ipv6-map4to6.nse
7.32 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
targets-ipv6-multicast-echo.nse
4.98 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
targets-ipv6-multicast-invalid-dst.nse
6.23 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
targets-ipv6-multicast-mld.nse
4.38 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
targets-ipv6-multicast-slaac.nse
9.11 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
targets-ipv6-wordlist.nse
9.01 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
targets-sniffer.nse
4.51 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
targets-traceroute.nse
1.78 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
targets-xml.nse
3.51 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
teamspeak2-version.nse
2.45 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
telnet-brute.nse
19.4 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
telnet-encryption.nse
2.92 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
telnet-ntlm-info.nse
4.46 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
tftp-enum.nse
5.54 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
tls-nextprotoneg.nse
3.88 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
tls-ticketbleed.nse
11.64 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
tn3270-screen.nse
3.37 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
tor-consensus-checker.nse
3.51 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
traceroute-geolocation.nse
5.59 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
tso-brute.nse
12.46 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
tso-enum.nse
9.86 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
unittest.nse
895 bytes
04/16/2018 01:11:39 AM
rw-r--r--
📄
unusual-port.nse
3.75 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
upnp-info.nse
1.66 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
url-snarf.nse
4.06 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
ventrilo-info.nse
24.81 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
versant-info.nse
3.12 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
vmauthd-brute.nse
3.29 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
vmware-version.nse
2.94 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
vnc-brute.nse
4.28 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
vnc-info.nse
4.25 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
vnc-title.nse
2.97 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
voldemort-info.nse
5.41 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
vtam-enum.nse
10 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
vuze-dht-info.nse
2.52 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
wdb-version.nse
7.66 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
weblogic-t3-info.nse
3.43 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
whois-domain.nse
4.08 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
whois-ip.nse
87.54 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
wsdd-discover.nse
2.57 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
x11-access.nse
2.23 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
xdmcp-discover.nse
2.05 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
xmlrpc-methods.nse
4.23 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
xmpp-brute.nse
4.2 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
xmpp-info.nse
16.88 KB
04/16/2018 01:11:39 AM
rw-r--r--
Editing: firewalk.nse
Close
local bin = require "bin" local ipOps = require "ipOps" local math = require "math" local nmap = require "nmap" local packet = require "packet" local stdnse = require "stdnse" local tab = require "tab" local table = require "table" description = [[ Tries to discover firewall rules using an IP TTL expiration technique known as firewalking. To determine a rule on a given gateway, the scanner sends a probe to a metric located behind the gateway, with a TTL one higher than the gateway. If the probe is forwarded by the gateway, then we can expect to receive an ICMP_TIME_EXCEEDED reply from the gateway next hop router, or eventually the metric itself if it is directly connected to the gateway. Otherwise, the probe will timeout. It starts with a TTL equals to the distance to the target. If the probe timeout, then it is resent with a TTL decreased by one. If we get an ICMP_TIME_EXCEEDED, then the scan is over for this probe. Every "no-reply" filtered TCP and UDP ports are probed. As for UDP scans, this process can be quite slow if lots of ports are blocked by a gateway close to the scanner. Scan parameters can be controlled using the <code>firewalk.*</code> optional arguments. From an original idea of M. Schiffman and D. Goldsmith, authors of the firewalk tool. ]] --- -- @usage -- nmap --script=firewalk --traceroute <host> -- -- @usage -- nmap --script=firewalk --traceroute --script-args=firewalk.max-retries=1 <host> -- -- @usage -- nmap --script=firewalk --traceroute --script-args=firewalk.probe-timeout=400ms <host> -- -- @usage -- nmap --script=firewalk --traceroute --script-args=firewalk.max-probed-ports=7 <host> -- -- -- @args firewalk.max-retries the maximum number of allowed retransmissions. -- @args firewalk.recv-timeout the duration of the packets capture loop (in milliseconds). -- @args firewalk.probe-timeout validity period of a probe (in milliseconds). -- @args firewalk.max-active-probes maximum number of parallel active probes. -- @args firewalk.max-probed-ports maximum number of ports to probe per protocol. Set to -1 to scan every filtered port. -- -- -- @output -- | firewalk: -- | HOP HOST PROTOCOL BLOCKED PORTS -- | 2 192.168.1.1 tcp 21-23,80 -- | udp 21-23,80 -- | 6 10.0.1.1 tcp 67-68 -- | 7 10.0.1.254 tcp 25 -- |_ udp 25 -- -- -- 11/29/2010: initial version -- 03/28/2011: added IPv4 check -- 01/02/2012: added IPv6 support author = "Henri Doreau" license = "Same as Nmap--See https://nmap.org/book/man-legal.html" categories = {"safe", "discovery"} -- TODO -- o add an option to select gateway(s)/TTL(s) to probe -- o remove traceroute dependency -----= scan parameters defaults =----- -- number of retries for unanswered probes local DEFAULT_MAX_RETRIES = 2 -- packets capture loop timeout in milliseconds local DEFAULT_RECV_TIMEOUT = 20 -- probe life time in milliseconds local DEFAULT_PROBE_TIMEOUT = 2000 -- max number of simultaneously neither replied nor timed out probes local DEFAULT_MAX_ACTIVE_PROBES = 20 -- maximum number of probed ports per protocol local DEFAULT_MAX_PROBED_PORTS = 10 ---------------------------------------- -- global scan parameters local MaxRetries local RecvTimeout local ProbeTimeout local MaxActiveProbes local MaxProbedPorts -- cache ports to probe between the hostrule and the action function local FirewalkPorts -- ICMP constants local ICMP_TIME_EXCEEDEDv4 = 11 local ICMP_TIME_EXCEEDEDv6 = 03 -- Layer 4 specific function tables local proto_vtable = {} -- Layer 3 specific function tables for the scanner local Firewalk = {} --- lookup for TTL of a given gateway in a traceroute results table -- @param traceroute a host traceroute results table -- @param gw the IP address of the gateway (as a decimal-dotted string) -- @return the TTL of the gateway or -1 on error local function gateway_ttl(traceroute, gw) for ttl, hop in ipairs(traceroute) do -- check hop.ip ~= nil as timedout hops are represented by empty tables if hop.ip and hop.ip == gw then return ttl end end return -1 end --- get the protocol name given its "packet" value -- @param proto the protocol value (eg. packet.IPPROTO_*) -- @return the protocol name as a string local function proto2str(proto) if proto == packet.IPPROTO_TCP then return "tcp" elseif proto == packet.IPPROTO_UDP then return "udp" end return nil end --= -- Protocol specific functions are broken down per protocol, in separate tables. -- This design eases the addition of new protocols. -- -- Layer 4 (TCP, UDP) tables are duplicated to distinguish IPv4 and IPv6 -- versions. --= --- TCP related functions (IPv4 versions) local tcp_funcs_v4 = { --- update the global scan status with a reply -- @param scanner the scanner handle -- @param ip the ICMP time exceeded error packet -- @param ip2 the ICMP payload (our original expired probe) update_scan = function(scanner, ip, ip2) local port = ip2.tcp_dport if port and scanner.ports.tcp[port] then stdnse.debug1("Marking port %d/tcp v4 as forwarded (reply from %s)", ip2.tcp_dport, ip.ip_src) -- mark the gateway as forwarding the packet scanner.ports.tcp[port].final_ttl = gateway_ttl(scanner.target.traceroute, ip.ip_src) scanner.ports.tcp[port].scanned = true -- remove the related probe for i, probe in ipairs(scanner.active_probes) do if probe.proto == "tcp" and probe.portno == ip2.tcp_dport then table.remove(scanner.active_probes, i) end end else stdnse.debug1("Invalid reply to port %d/tcp", ip2.tcp_dport) end end, --- create a TCP probe packet -- @param host Host object that represents the destination -- @param dport the TCP destination port -- @param ttl the IP time to live -- @return the newly crafted IP packet getprobe = function(host, dport, ttl) local pktbin = stdnse.fromhex( "4500 0014 0000 4000 8000 0000 0000 0000 0000 0000" .. "0000 0000 0000 0000 0000 0000 6002 0c00 0000 0000 0204 05b4" ) local ip = packet.Packet:new(pktbin, pktbin:len()) ip:tcp_parse(false) ip:ip_set_bin_src(host.bin_ip_src) ip:ip_set_bin_dst(host.bin_ip) ip:set_u8(ip.ip_offset + 9, packet.IPPROTO_TCP) ip.ip_p = packet.IPPROTO_TCP ip:ip_set_len(pktbin:len()) ip:tcp_set_sport(math.random(0x401, 0xffff)) ip:tcp_set_dport(dport) ip:tcp_set_seq(math.random(1, 0x7fffffff)) ip:tcp_count_checksum() ip:ip_set_ttl(ttl) ip:ip_count_checksum() return ip end, } -- UDP related functions (IPv4 versions) local udp_funcs_v4 = { --- update the global scan status with a reply -- @param scanner the scanner handle -- @param ip the ICMP time exceeded error packet -- @param ip2 the ICMP payload (our original expired probe) update_scan = function(scanner, ip, ip2) local port = ip2.udp_dport if port and scanner.ports.udp[port] then stdnse.debug1("Marking port %d/udp v4 as forwarded", ip2.udp_dport) -- mark the gateway as forwarding the packet scanner.ports.udp[port].final_ttl = gateway_ttl(scanner.target.traceroute, ip.ip_src) scanner.ports.udp[port].scanned = true for i, probe in ipairs(scanner.active_probes) do if probe.proto == "udp" and probe.portno == ip2.udp_dport then table.remove(scanner.active_probes, i) end end else stdnse.debug1("Invalid reply to port %d/udp", ip2.udp_dport) end end, --- create a generic UDP probe packet, with IP ttl and destination port set to zero -- @param host Host object that represents the destination -- @param dport the UDP destination port -- @param ttl the IP time to live -- @return the newly crafted IP packet getprobe = function(host, dport, ttl) local pktbin = stdnse.fromhex( "4500 0014 0000 4000 8000 0000 0000 0000 0000 0000" .. "0000 0000 0800 0000" ) local ip = packet.Packet:new(pktbin, pktbin:len()) ip:udp_parse(false) ip:ip_set_bin_src(host.bin_ip_src) ip:ip_set_bin_dst(host.bin_ip) ip:set_u8(ip.ip_offset + 9, packet.IPPROTO_UDP) ip.ip_p = packet.IPPROTO_UDP ip:ip_set_len(pktbin:len()) ip:udp_set_sport(math.random(0x401, 0xffff)) ip:udp_set_dport(dport) ip:udp_set_length(ip.ip_len - ip.ip_hl * 4) ip:udp_count_checksum() ip:ip_set_ttl(ttl) ip:ip_count_checksum() return ip end, } --- TCP related functions (IPv6 versions) local tcp_funcs_v6 = { --- update the global scan status with a reply -- @param scanner the scanner handle -- @param ip the ICMP time exceeded error packet -- @param ip2 the ICMP payload (our original expired probe) update_scan = function(scanner, ip, ip2) local port = ip2.tcp_dport if port and scanner.ports.tcp[port] then stdnse.debug1("Marking port %d/tcp v6 as forwarded (reply from %s)", ip2.tcp_dport, ip.ip_src) -- mark the gateway as forwarding the packet scanner.ports.tcp[port].final_ttl = gateway_ttl(scanner.target.traceroute, ip.ip_src) scanner.ports.tcp[port].scanned = true -- remove the related probe for i, probe in ipairs(scanner.active_probes) do if probe.proto == "tcp" and probe.portno == ip2.tcp_dport then table.remove(scanner.active_probes, i) end end else stdnse.debug1("Invalid reply to port %d/tcp", ip2.tcp_dport) end end, --- create a TCP probe packet -- @param host Host object that represents the destination -- @param dport the TCP destination port -- @param ttl the IP time to live -- @return the newly crafted IP packet getprobe = function(host, dport, ttl) local pktbin = stdnse.fromhex( "4500 0014 0000 4000 8000 0000 0000 0000 0000 0000" .. "0000 0000 0000 0000 0000 0000 6002 0c00 0000 0000 0204 05b4" ) local tcp = packet.Packet:new(pktbin, pktbin:len()) local ip = packet.Packet:new() tcp:tcp_parse(false) tcp:tcp_set_sport(math.random(0x401, 0xffff)) tcp:tcp_set_dport(dport) tcp:tcp_set_seq(math.random(1, 0x7fffffff)) tcp:tcp_count_checksum() tcp:ip_count_checksum() -- Extract layer 4 part and add it as payload to the IP packet local tcp_buf = tcp.buf:sub(tcp.tcp_offset + 1, tcp.buf:len()) ip:build_ipv6_packet(host.bin_ip_src, host.bin_ip, packet.IPPROTO_TCP, tcp_buf, ttl) return ip end, } -- UDP related functions (IPv6 versions) local udp_funcs_v6 = { --- update the global scan status with a reply -- @param scanner the scanner handle -- @param ip the ICMP time exceeded error packet -- @param ip2 the ICMP payload (our original expired probe) update_scan = function(scanner, ip, ip2) local port = ip2.udp_dport if port and scanner.ports.udp[port] then stdnse.debug1("Marking port %d/udp v6 as forwarded (reply from %s)", ip2.udp_dport, ip2.ip_src) -- mark the gateway as forwarding the packet scanner.ports.udp[port].final_ttl = gateway_ttl(scanner.target.traceroute, ip.ip_src) scanner.ports.udp[port].scanned = true for i, probe in ipairs(scanner.active_probes) do if probe.proto == "udp" and probe.portno == ip2.udp_dport then table.remove(scanner.active_probes, i) end end else stdnse.debug1("Invalid reply to port %d/udp", ip2.udp_dport) end end, --- create a generic UDP probe packet, with IP ttl and destination port set to zero -- @param host Host object that represents the destination -- @param dport the UDP destination port -- @param ttl the IP time to live -- @return the newly crafted IP packet getprobe = function(host, dport, ttl) local pktbin = stdnse.fromhex( "4500 0014 0000 4000 8000 0000 0000 0000 0000 0000" .. "0000 0000 0800 0000" ) local udp = packet.Packet:new(pktbin, pktbin:len()) local ip = packet.Packet:new() udp:udp_parse(false) udp:udp_set_sport(math.random(0x401, 0xffff)) udp:udp_set_dport(dport) udp:udp_set_length(8) udp:udp_count_checksum() udp:ip_count_checksum() -- Extract layer 4 part and add it as payload to the IP packet local udp_buf = udp.buf:sub(udp.udp_offset + 1, udp.buf:len()) ip:build_ipv6_packet(host.bin_ip_src, host.bin_ip, packet.IPPROTO_UDP, udp_buf, ttl) return ip end, } --= -- IP-specific functions. The following tables provides scanner functions that -- depend on the IP version. --= -- IPv4 functions local Firewalk_v4 = { --- IPv4 initialization function. Open injection and reception sockets. -- @param scanner the scanner handle init = function(scanner) local saddr = ipOps.str_to_ip(scanner.target.bin_ip_src) scanner.sock = nmap.new_dnet() scanner.pcap = nmap.new_socket() -- filter for incoming ICMP time exceeded replies scanner.pcap:pcap_open(scanner.target.interface, 104, false, "icmp and dst host " .. saddr) local try = nmap.new_try() try(scanner.sock:ip_open()) end, --- IPv4 cleanup function. Close injection and reception sockets. -- @param scanner the scanner handle shutdown = function(scanner) scanner.sock:ip_close() scanner.pcap:pcap_close() end, --- check whether an incoming IP packet is an ICMP TIME_EXCEEDED packet or not -- @param src the source IP address -- @param layer3 the IP incoming datagram -- @return whether the packet seems to be a valid reply or not check = function(src, layer3) local ip = packet.Packet:new(layer3, layer3:len()) return ip.ip_bin_dst == src and ip.ip_p == packet.IPPROTO_ICMP and ip.icmp_type == ICMP_TIME_EXCEEDEDv4 end, --- update global state with an incoming reply -- @param scanner the scanner handle -- @param pkt an incoming valid IP packet parse_reply = function(scanner, pkt) local ip = packet.Packet:new(pkt, pkt:len()) if ip.ip_p ~= packet.IPPROTO_ICMP or ip.icmp_type ~= ICMP_TIME_EXCEEDEDv4 then return end local is = ip.buf:sub(ip.icmp_offset + 9) local ip2 = packet.Packet:new(is, is:len(), true) -- check ICMP payload if ip2.ip_bin_src == scanner.target.bin_ip_src and ip2.ip_bin_dst == scanner.target.bin_ip then -- layer 4 checks local proto_func = proto_vtable[proto2str(ip2.ip_p)] if proto_func then -- mark port as forwarded and discard any related pending probes proto_func.update_scan(scanner, ip, ip2) else stdnse.debug1("Invalid protocol for reply (%d)", ip2.ip_p) end end end, } -- IPv6 functions local Firewalk_v6 = { --- IPv6 initialization function. Open injection and reception sockets. -- @param scanner the scanner handle init = function(scanner) local saddr = ipOps.str_to_ip(scanner.target.bin_ip_src) scanner.sock = nmap.new_dnet() scanner.pcap = nmap.new_socket() -- filter for incoming ICMP time exceeded replies scanner.pcap:pcap_open(scanner.target.interface, 1500, false, "icmp6 and dst host " .. saddr) local try = nmap.new_try() try(scanner.sock:ip_open()) end, --- IPv6 cleanup function. Close injection and reception sockets. -- @param scanner the scanner handle shutdown = function(scanner) scanner.sock:ip_close() scanner.pcap:pcap_close() end, --- check whether an incoming IP packet is an ICMP TIME_EXCEEDED packet or not -- @param src the source IP address -- @param layer3 the IP incoming datagram -- @return whether the packet seems to be a valid reply or not check = function(src, layer3) local ip = packet.Packet:new(layer3) return ip.ip_bin_dst == src and ip.ip_p == packet.IPPROTO_ICMPV6 and ip.icmpv6_type == ICMP_TIME_EXCEEDEDv6 end, --- update global state with an incoming reply -- @param scanner the scanner handle -- @param pkt an incoming valid IP packet parse_reply = function(scanner, pkt) local ip = packet.Packet:new(pkt) if ip.ip_p ~= packet.IPPROTO_ICMPV6 or ip.icmpv6_type ~= ICMP_TIME_EXCEEDEDv6 then return end local is = ip.buf:sub(ip.icmpv6_offset + 9, ip.buf:len()) local ip2 = packet.Packet:new(is) -- check ICMP payload if ip2.ip_bin_src == scanner.target.bin_ip_src and ip2.ip_bin_dst == scanner.target.bin_ip then -- layer 4 checks local proto_func = proto_vtable[proto2str(ip2.ip_p)] if proto_func then -- mark port as forwarded and discard any related pending probes proto_func.update_scan(scanner, ip, ip2) else stdnse.debug1("Invalid protocol for reply (%d)", ip2.ip_p) end end end, } --- Initialize global function tables according to the current address family local function firewalk_init() if nmap.address_family() == "inet" then proto_vtable.tcp = tcp_funcs_v4 proto_vtable.udp = udp_funcs_v4 Firewalk = Firewalk_v4 else proto_vtable.tcp = tcp_funcs_v6 proto_vtable.udp = udp_funcs_v6 Firewalk = Firewalk_v6 end end --- generate list of ports to probe -- @param host the destination host object -- @return an array of the ports to probe, sorted per protocol local function build_portlist(host) local portlist = {} local combos = { {"tcp", "filtered"}, {"udp", "open|filtered"} } for _, combo in ipairs(combos) do local i = 0 local port = nil local proto = combo[1] local state = combo[2] repeat port = nmap.get_ports(host, port, proto, state) -- do not include administratively prohibited ports if port and port.reason == "no-response" then local pentry = { final_ttl = 0, -- TTL of the blocking gateway scanned = false, -- initial state: unprobed } portlist[proto] = portlist[proto] or {} portlist[proto][port.number] = pentry i = i + 1 end until not port or i == MaxProbedPorts end return portlist end --- wrapper for stdnse.parse_timespec() to get specified value in milliseconds -- @param spec the time specification string (like "10s", "120ms"...) -- @return the equivalent number of milliseconds or nil on failure local function parse_timespec_ms(spec) local t = stdnse.parse_timespec(spec) if t then return t * 1000 else return nil end end --- set scan parameters using user values if specified or defaults otherwise local function getopts() -- assign parameters to scan constants or use defaults MaxRetries = tonumber(stdnse.get_script_args("firewalk.max-retries")) or DEFAULT_MAX_RETRIES MaxActiveProbes = tonumber(stdnse.get_script_args("firewalk.max-active-probes")) or DEFAULT_MAX_ACTIVE_PROBES MaxProbedPorts = tonumber(stdnse.get_script_args("firewalk.max-probed-ports")) or DEFAULT_MAX_PROBED_PORTS -- use stdnse time specification parser for ProbeTimeout and RecvTimeout local timespec = stdnse.get_script_args("firewalk.recv-timeout") if timespec then RecvTimeout = parse_timespec_ms(timespec) if not RecvTimeout then stdnse.debug1("Invalid time specification for option: firewalk.recv-timeout (%s)", timespec) return false end else -- no value supplied: use default RecvTimeout = DEFAULT_RECV_TIMEOUT end timespec = stdnse.get_script_args("firewalk.probe-timeout") if timespec then ProbeTimeout = parse_timespec_ms(timespec) if not ProbeTimeout then stdnse.debug1("Invalid time specification for option: firewalk.probe-timeout (%s)", timespec) return false end else -- no value supplied: use default ProbeTimeout = DEFAULT_PROBE_TIMEOUT end return true end --- host rule, check for requirements before to launch the script hostrule = function(host) if not nmap.is_privileged() then nmap.registry[SCRIPT_NAME] = nmap.registry[SCRIPT_NAME] or {} if not nmap.registry[SCRIPT_NAME].rootfail then stdnse.verbose1("not running for lack of privileges.") end nmap.registry[SCRIPT_NAME].rootfail = true return false end if not host.interface then return false end -- assign user's values to scan parameters or use defaults if not getopts() then return false end -- get the list of ports to probe FirewalkPorts = build_portlist(host) -- schedule the execution if there are filtered ports to probe return (next(FirewalkPorts) ~= nil) end --- return the initial TTL to use (the one of the last gateway before the target) -- @param host the object representing the target with traceroute results available -- @return the IP TTL of the last gateway before the target local function initial_ttl(host) if not host.traceroute then if not nmap.registry['firewalk'] then nmap.registry['firewalk'] = {} end if nmap.registry['firewalk']['traceroutefail'] then return nil end nmap.registry['firewalk']['traceroutefail'] = true if nmap.verbosity() > 0 then stdnse.debug1("requires unavailable traceroute information.") end return nil end stdnse.debug1("Using ttl %d", #host.traceroute) return #host.traceroute end --- convert an array of ports into a port ranges string like "x,y-z" -- @param ports an array of numbers -- @return a string representing the ports as folded ranges local function portrange(ports) table.sort(ports) local numranges = {} if #ports == 0 then return "(none found)" end for _, p in ipairs(ports) do local stored = false -- iterate over the ports list for k, range in ipairs(numranges) do -- increase an existing range by the left if p == range["start"] - 1 then numranges[k]["start"] = p stored = true -- increase an existing range by the right elseif p == range["stop"] + 1 then numranges[k]["stop"] = p stored = true -- port contained in an already existing range (catch doublons) elseif p >= range["start"] and p <= range["stop"] then stored = true end end -- start a new range if not stored then local range = {} range["start"] = p range["stop"] = p table.insert(numranges, range) end end -- stringify the ranges local strrange = {} for i, val in ipairs(numranges) do local start = tostring(val["start"]) local stop = tostring(val["stop"]) if start == stop then table.insert(strrange, start) else -- contiguous ranges are represented as x-z table.insert(strrange, start .. "-" .. stop) end end -- ranges are delimited by `,' return stdnse.strjoin(",", strrange) end --- return a printable report of the scan -- @param scanner the scanner handle -- @return a printable table of scan results local function report(scanner) local entries = 0 local output = tab.new(4) tab.add(output, 1, "HOP") tab.add(output, 2, "HOST") tab.add(output, 3, "PROTOCOL") tab.add(output, 4, "BLOCKED PORTS") tab.nextrow(output) -- duplicate traceroute results and add localhost at the beginning local path = { -- XXX 'localhost' might be a better choice? {ip = ipOps.str_to_ip(scanner.target.bin_ip_src)} } for _, v in pairs(scanner.target.traceroute) do table.insert(path, v) end for ttl = 0, #path - 1 do local fwdedports = {} for proto, portlist in pairs(scanner.ports) do fwdedports[proto] = {} for portno, port in pairs(portlist) do if port.final_ttl == ttl then table.insert(fwdedports[proto], portno) end end end local nb_fports = 0 for _, proto in pairs(fwdedports) do for _ in pairs(proto) do nb_fports = nb_fports + 1 end end if nb_fports > 0 then entries = entries + 1 -- the blocking gateway is just after the last forwarding one tab.add(output, 1, tostring(ttl)) -- timedout traceroute hops are represented by empty tables if path[ttl + 1].ip then tab.add(output, 2, path[ttl + 1].ip) else tab.add(output, 2, "???") end for proto, ports in pairs(fwdedports) do if #fwdedports[proto] > 0 then tab.add(output, 3, proto) tab.add(output, 4, portrange(ports)) tab.nextrow(output) end end end end if entries > 0 then return "\n" .. tab.dump(output) else return "None found" end end --- check whether the scan is finished or not -- @param scanner the scanner handle -- @return if some port is still in unknown state local function finished(scanner) for proto, ports in pairs(scanner.ports) do -- ports are sorted per protocol for _, port in pairs(ports) do -- if a port is still unprobed => we're not done! if not port.scanned then return false end end end -- every ports have been scanned return true end --- send a probe and update it -- @param scanner the scanner handle -- @param probe the probe specifications and related information local function send_probe(scanner, probe) local try = nmap.new_try(function() scanner.sock:ip_close() end) stdnse.debug1("Sending new probe (%d/%s ttl=%d)", probe.portno, probe.proto, probe.ttl) -- craft the raw packet local pkt = proto_vtable[probe.proto].getprobe(scanner.target, probe.portno, probe.ttl) try(scanner.sock:ip_send(pkt.buf, scanner.target)) -- update probe information probe.retry = probe.retry + 1 probe.sent_time = nmap.clock_ms() end --- send some new probes -- @param scanner the scanner handle local function send_next_probes(scanner) -- this prevents sending too much probes at the same time while #scanner.active_probes < MaxActiveProbes do local probe -- perform resends if #scanner.pending_resends > 0 then probe = scanner.pending_resends[1] table.remove(scanner.pending_resends, 1) table.insert(scanner.active_probes, probe) send_probe(scanner, probe) -- send new probes elseif #scanner.sendqueue > 0 then probe = scanner.sendqueue[1] table.remove(scanner.sendqueue, 1) table.insert(scanner.active_probes, probe) send_probe(scanner, probe) -- nothing else to send right now else return end end end --- wait for incoming replies -- @param scanner the scanner handle local function read_replies(scanner) -- capture loop local timeout = RecvTimeout repeat local start = nmap.clock_ms() scanner.pcap:set_timeout(timeout) local status, _, _, l3, _ = scanner.pcap:pcap_receive() if status and Firewalk.check(scanner.target.bin_ip_src, l3) then Firewalk.parse_reply(scanner, l3) end timeout = timeout - (nmap.clock_ms() - start) until timeout <= 0 or #scanner.active_probes == 0 end --- delete timedout probes, update pending probes -- @param scanner the scanner handle local function update_probe_queues(scanner) local now = nmap.clock_ms() -- remove timedout probes for i, probe in ipairs(scanner.active_probes) do if (now - probe.sent_time) >= ProbeTimeout then table.remove(scanner.active_probes, i) if probe.retry < MaxRetries then table.insert(scanner.pending_resends, probe) else -- decrease ttl, reset retries counter and put probes in send queue if probe.ttl > 1 then probe.ttl = probe.ttl - 1 probe.retry = 0 table.insert(scanner.sendqueue, probe) else -- set final_ttl to zero (=> probe might be blocked by localhost) scanner.ports[probe.proto][probe.portno].final_ttl = 0 scanner.ports[probe.proto][probe.portno].scanned = true end end end end end --- fills the send queue with initial probes -- @param scanner the scanner handle local function generate_initial_probes(scanner) for proto, ports in pairs(scanner.ports) do for portno in pairs(ports) do -- simply store probe parameters and craft packet at send time local probe = { ttl = scanner.ttl, -- initial ttl value proto = proto, -- layer 4 protocol (string) portno = portno, -- layer 4 port number retry = 0, -- retries counter sent_time = 0 -- last sending time } table.insert(scanner.sendqueue, probe) end end end --- firewalk entry point action = function(host) firewalk_init() -- global script initialization process -- scan handle, scanner state is saved in this table local scanner = { target = host, ttl = initial_ttl(host), ports = FirewalkPorts, sendqueue = {}, -- pending probes pending_resends = {}, -- probes needing to be resent active_probes = {}, -- probes currently neither replied nor timedout } if not scanner.ttl then return nil end Firewalk.init(scanner) generate_initial_probes(scanner) while not finished(scanner) do send_next_probes(scanner) read_replies(scanner) update_probe_queues(scanner) end Firewalk.shutdown(scanner) return report(scanner) end