Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Re: Choosing a list of scripts (NSE), but ignored by nmap.
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 1 Apr 2009 19:33:15 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Also remember that Nmap has the --datadir option.  I've got so many
different SVN builds of Nmap all over the place that my
standard-operating-procedure has been to change to the local Nmap
directory and then do ./nmap --datadir . <more options here>

Also, don't forget to keep your script.db up-to-date.  Use:

nmap --datadir <path> --script-updatedb

Brandon


On Wed, 01 Apr 2009 14:04:38 -0500
Ron <ron () skullsecurity net> wrote:

Not all, just the good ones ;)

If you run Nmap with -d (or maybe -d2), it'll tell you which scripts
are supposed to run, based on the open ports. Try that, and if maybe
post it here.

Richard Miles wrote:
Hi Ron,

Good to heard from you again, you are in all mail-lists. :)

But all this scripts exist locally, see below:

-rw-r--r--  1 root root 9.3K Sep 12  2008 ASN.nse
-rw-r--r--  1 root root 2.1K Sep 12  2008 HTTPAuth.nse
-rw-r--r--  1 root root 2.4K Sep 12  2008 HTTP_open_proxy.nse
-rw-r--r--  1 root root 2.5K Sep 12  2008 HTTPpasswd.nse
-rw-r--r--  1 root root 2.5K Sep 12  2008 HTTPtrace.nse
-rw-r--r--  1 root root 9.1K Sep 12  2008 MSSQLm.nse
-rw-r--r--  1 root root 5.0K Sep 12  2008 MySQLinfo.nse
-rw-r--r--  1 root root 3.7K Sep 12  2008 PPTPversion.nse
-rw-r--r--  1 root root 1.1K Sep 12  2008 RealVNC_auth_bypass.nse
-rw-r--r--  1 root root 4.3K Sep 12  2008 SMTP_openrelay_test.nse
-rw-r--r--  1 root root 4.3K Sep 12  2008 SMTPcommands.nse
-rw-r--r--  1 root root 2.3K Sep 12  2008 SNMPcommunitybrute.nse
-rw-r--r--  1 root root 2.9K Sep 12  2008 SNMPsysdescr.nse
-rw-r--r--  1 root root 6.4K Sep 12  2008 SQLInject.nse
-rw-r--r--  1 root root 1.3K Sep 12  2008 SSHv1-support.nse
-rw-r--r--  1 root root 6.5K Sep 12  2008 SSLv2-support.nse
-rw-r--r--  1 root root 5.9K Sep 12  2008 UPnP-info.nse
-rw-r--r--  1 root root 1.2K Sep 12  2008 anonFTP.nse
-rw-r--r--  1 root root 2.1K Sep 12  2008 brutePOP3.nse
-rw-r--r--  1 root root 5.4K Sep 12  2008 bruteTelnet.nse
-rw-r--r--  1 root root  589 Sep 12  2008 chargenTest.nse
-rw-r--r--  1 root root  512 Sep 12  2008 daytimeTest.nse
-rw-r--r--  1 root root 6.3K Sep 12  2008
dns-safe-recursion-port.nse -rw-r--r--  1 root root 6.3K Sep 12
2008 dns-safe-recursion-txid.nse -rw-r--r--  1 root root 1.2K Sep
12  2008 dns-test-open-recursion.nse -rw-r--r--  1 root root  602
Sep 12  2008 echoTest.nse -rw-r--r--  1 root root  490 Sep 12  2008
finger.nse -rw-r--r--  1 root root 3.8K Sep 12  2008 ftpbounce.nse
-rw-r--r--  1 root root 1.2K Sep 12  2008 iax2Detect.nse
-rw-r--r--  1 root root 6.6K Sep 12  2008 ircServerInfo.nse
-rw-r--r--  1 root root  574 Sep 12  2008 ircZombieTest.nse
-rw-r--r--  1 root root 5.9K Sep 12  2008 nbstat.nse
-rw-r--r--  1 root root  18K Sep 12  2008
netbios-smb-os-discovery.nse -rw-r--r--  1 root root  885 Sep 12
2008 popcapa.nse -rw-r--r--  1 root root 4.0K Sep 12  2008
promiscuous.nse -rw-r--r--  1 root root  863 Sep 12  2008
ripeQuery.nse -rw-r--r--  1 root root 2.6K Sep 12  2008 robots.nse
-rw-r--r--  1 root root 4.0K Sep 12  2008 rpcinfo.nse
-rw-r--r--  1 root root 5.6K Apr  1 10:39 script.db
-rw-r--r--  1 root root 1.8K Sep 12  2008 showHTMLTitle.nse
-rw-r--r--  1 root root 2.2K Sep 12  2008 showHTTPVersion.nse
-rw-r--r--  1 root root 1.6K Sep 12  2008 showOwner.nse
-rw-r--r--  1 root root  655 Sep 12  2008 showSMTPVersion.nse
-rw-r--r--  1 root root  975 Sep 12  2008 showSSHVersion.nse
-rw-r--r--  1 root root 1.4K Sep 12  2008 skype_v2-version.nse
-rw-r--r--  1 root root  921 Sep 12  2008 strangeSMTPport.nse
-rw-r--r--  1 root root  88K Sep 12  2008 whois.nse
-rw-r--r--  1 root root 1.5K Sep 12  2008 xamppDefaultPass.nse
-rw-r--r--  1 root root  12K Sep 12  2008 zoneTrans.nse

I tested --script=all and --scripts=ALL and the result is the same.

Any clue for me?

Thanks

On Wed, Apr 1, 2009 at 1:32 PM, Ron <ron () skullsecurity net> wrote:
Richard Miles wrote:
Hi

I use nmap for a long time, but I'm new at the script world.
There are some really exciting scripts.... congratulations!

I went to run the following collections of scripts together with
nmap:


finger,anonFTP,showSMTPVersion,showHTMLTitle,nbstat,HTTPAuth,MSSQLm,MySQLinfo,RealVNC_auth_bypass,netbios-smb-os-discovery,SNMPcommunitybrute,SNMPsysdescr,UPnP-info

But it never worked.

I used in different ways like:

nmap -PN -sT -sU

--script=finger,anonFTP,showSMTPVersion,showHTMLTitle,nbstat,HTTPAuth,MSSQLm,MySQLinfo,RealVNC_auth_bypass,netbios-smb-os-discovery,SNMPcommunitybrute,SNMPsysdescr,UPnP-info
--script-args=safe=1 -v MyIP

nmap -PN -sT -sU

--script=finger.nse,anonFTP.nse,showSMTPVersion.nse,showHTMLTitle.nse,nbstat.nse,HTTPAuth.nse,MSSQLm.nse,MySQLinfo.nse,RealVNC_auth_bypass.nse,netbios-smb-os-discovery.nse,SNMPcommunitybrute.nse,SNMPsysdescr.nse,UPnP-info.nse
--script-args=safe=1 -v MyIP

nmap -PN -sT -sU

--script=finger,anonFTP,showSMTPVersion,showHTMLTitle,nbstat,HTTPAuth,MSSQLm,MySQLinfo,RealVNC_auth_bypass,netbios-smb-os-discovery,SNMPcommunitybrute,SNMPsysdescr,UPnP-info
-v MyIP

nmap -PN -sT -sU --script=ALL -v MyIP

nmap -PN -sT -sU --script=/usr/share/nmap/scripts/  -v MyIP

nmap -PN -sT -sU -sC  -v MyIP

What is the problem:

At MyIP I have all this services running, and it always only
report NETBIOS stuff, sometimes ssh version and sometimes the
whois and AS number. :(

Why this can be happening?

This scripts do not show anything even if it's not vulnerable? For
example in the case of VNC.

Also at my /usr/share/nmap/scripts/ there is not conflicker
check, and it's uptodate.

Thanks.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Hi Richard,

The names of the scripts have changed since whatever it is you're
using. They're now in the form <protocol>-<script>, such as
smb-pwdump.nse. You can find the list
in /usr/local/share/nmap/scripts or c:\program files\nmap\scripts.

To do all, I use --script=all (not sure if case matters).

Good luck with scripts, I'm personally a huge fan of Nmap scripts.
I love 'em! :)

Ron


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)

iEYEARECAAYFAknTwXwACgkQqaGPzAsl94LWuQCbBHwH+mcCD046cq6NtAFKWoSM
fmoAoJLBe4AuLybzoo2KDN2J0IWHKoxu
=dVZu
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault