Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
325 lines (317 sloc) 35 KB
[BruteSettings]
default-password=password
default-username=root
no-password-services="oracle-sid,rsh,smtp-enum"
no-username-services="cisco,cisco-enable,oracle-listener,s7-300,snmp,vnc"
password-wordlist-path=/usr/share/wordlists/
services="asterisk,afp,cisco,cisco-enable,cvs,firebird,ftp,ftps,http-head,http-get,https-head,https-get,http-get-form,https-get-form,http-post-form,https-post-form,http-proxy,http-proxy-urlenum,icq,imap,imaps,irc,ldap2,ldap2s,ldap3,ldap3s,ldap3-crammd5,ldap3-crammd5s,ldap3-digestmd5,ldap3-digestmd5s,mssql,mysql,ncp,nntp,oracle-listener,oracle-sid,pcanywhere,pcnfs,pop3,pop3s,postgres,rdp,rexec,rlogin,rsh,s7-300,sip,smb,smtp,smtps,smtp-enum,snmp,socks5,ssh,sshkey,svn,teamspeak,telnet,telnets,vmauthd,vnc,xmpp"
store-cleartext-passwords-on-exit=True
username-wordlist-path=/usr/share/wordlists/
[GUISettings]
process-tab-column-widths="125,0,100,150,100,0,100,100,0,0,0,0,0,0,0,491,100"
process-tab-detail=false
[GeneralSettings]
default-terminal=gnome-terminal
enable-scheduler=True
enable-scheduler-on-import=False
max-fast-processes=5
max-slow-processes=5
screenshooter-timeout=15000
tool-output-black-background=False
web-services="http,https,ssl,soap,http-proxy,http-alt,https-alt"
[HostActions]
icmp-timestamp=ICMP timestamp, hping3 -V -C 13 -c 1 [IP]
nmap-discover=Run nmap-discover, nmap -n -sV -O --version-light -T4 [IP] -oA \"[OUTPUT]\"
nmap-fast-tcp=Run nmap (fast TCP), nmap -Pn -sV -sC -F -T4 -vvvv [IP] -oA \"[OUTPUT]\"
nmap-fast-udp=Run nmap (fast UDP), "nmap -n -Pn -sU -F --min-rate=1000 -vvvvv [IP] -oA \"[OUTPUT]\""
nmap-full-tcp=Run nmap (full TCP), nmap -Pn -sV -sC -O -p- -T4 -vvvvv [IP] -oA \"[OUTPUT]\"
nmap-full-udp=Run nmap (full UDP), nmap -n -Pn -sU -p- -T4 -vvvvv [IP] -oA \"[OUTPUT]\"
nmap-script-Vulners=Run nmap script - Vulners, "nmap -sV --script=./scripts/nmap/vulners.nse -vvvv [IP] -oA \"[OUTPUT]\""
nmap-udp-1000=Run nmap (top 1000 quick UDP), "nmap -n -Pn -sU --min-rate=1000 -vvvvv [IP] -oA \"[OUTPUT]\""
python-script-PyShodan=Run PyShodan python script, /bin/echo PythonScript pyShodan
unicornscan-full-udp=Run unicornscan (full UDP), unicornscan -mU -Ir 1000 [IP]:a -v
[PortActions]
banner=Grab banner, bash -c \"echo \"\" | nc -v -n -w1 [IP] [PORT]\",
broadcast-ms-sql-discover.nse=broadcast-ms-sql-discover.nse, "nmap -Pn [IP] -p [PORT] --script=broadcast-ms-sql-discover.nse --script-args=unsafe=1", ms-sql
citrix-brute-xml.nse=citrix-brute-xml.nse, "nmap -Pn [IP] -p [PORT] --script=citrix-brute-xml.nse --script-args=unsafe=1", citrix
citrix-enum-apps-xml.nse=citrix-enum-apps-xml.nse, "nmap -Pn [IP] -p [PORT] --script=citrix-enum-apps-xml.nse --script-args=unsafe=1", citrix
citrix-enum-apps.nse=citrix-enum-apps.nse, "nmap -Pn [IP] -p [PORT] --script=citrix-enum-apps.nse --script-args=unsafe=1", citrix
citrix-enum-servers-xml.nse=citrix-enum-servers-xml.nse, "nmap -Pn [IP] -p [PORT] --script=citrix-enum-servers-xml.nse --script-args=unsafe=1", citrix
citrix-enum-servers.nse=citrix-enum-servers.nse, "nmap -Pn [IP] -p [PORT] --script=citrix-enum-servers.nse --script-args=unsafe=1", citrix
cloudfail=Run cloudfail, python3.7 scripts/CloudFail/cloudfail.py --target [IP] --tor, cloudfail
dirbuster=Launch dirbuster, java -Xmx256M -jar /usr/share/dirbuster/DirBuster-1.0-RC1.jar -u http://[IP]:[PORT]/, "http,https,ssl,soap,http-proxy,http-alt"
dnsmap=Run dnsmap, dnsmap [IP] -w ./wordlists/gvit_subdomain_wordlist.txt -r [OUTPUT], dnsmap
enum4linux=Run enum4linux, enum4linux [IP], "netbios-ssn,microsoft-ds"
finger=Enumerate users (finger), ./scripts/fingertool.sh [IP], finger
ftp-anon.nse=ftp-anon.nse, "nmap -Pn [IP] -p [PORT] --script=ftp-anon.nse --script-args=unsafe=1", ftp
ftp-bounce.nse=ftp-bounce.nse, "nmap -Pn [IP] -p [PORT] --script=ftp-bounce.nse --script-args=unsafe=1", ftp
ftp-brute.nse=ftp-brute.nse, "nmap -Pn [IP] -p [PORT] --script=ftp-brute.nse --script-args=unsafe=1", ftp
ftp-default=Check for default ftp credentials, hydra -s [PORT] -C ./wordlists/ftp-default-userpass.txt -u -o \"[OUTPUT].txt\" -f [IP] ftp, ftp
ftp-libopie.nse=ftp-libopie.nse, "nmap -Pn [IP] -p [PORT] --script=ftp-libopie.nse --script-args=unsafe=1", ftp
ftp-proftpd-backdoor.nse=ftp-proftpd-backdoor.nse, "nmap -Pn [IP] -p [PORT] --script=ftp-proftpd-backdoor.nse --script-args=unsafe=1", ftp
ftp-vsftpd-backdoor.nse=ftp-vsftpd-backdoor.nse, "nmap -Pn [IP] -p [PORT] --script=ftp-vsftpd-backdoor.nse --script-args=unsafe=1", ftp
ftp-vuln-cve2010-4221.nse=ftp-vuln-cve2010-4221.nse, "nmap -Pn [IP] -p [PORT] --script=ftp-vuln-cve2010-4221.nse --script-args=unsafe=1", ftp
http-adobe-coldfusion-apsa1301.nse=http-adobe-coldfusion-apsa1301.nse, "nmap -Pn [IP] -p [PORT] --script=http-adobe-coldfusion-apsa1301.nse --script-args=unsafe=1", "http,https"
http-affiliate-id.nse=http-affiliate-id.nse, "nmap -Pn [IP] -p [PORT] --script=http-affiliate-id.nse --script-args=unsafe=1", "http,https"
http-apache-negotiation.nse=http-apache-negotiation.nse, "nmap -Pn [IP] -p [PORT] --script=http-apache-negotiation.nse --script-args=unsafe=1", "http,https"
http-auth-finder.nse=http-auth-finder.nse, "nmap -Pn [IP] -p [PORT] --script=http-auth-finder.nse --script-args=unsafe=1", "http,https"
http-auth.nse=http-auth.nse, "nmap -Pn [IP] -p [PORT] --script=http-auth.nse --script-args=unsafe=1", "http,https"
http-awstatstotals-exec.nse=http-awstatstotals-exec.nse, "nmap -Pn [IP] -p [PORT] --script=http-awstatstotals-exec.nse --script-args=unsafe=1", "http,https"
http-axis2-dir-traversal.nse=http-axis2-dir-traversal.nse, "nmap -Pn [IP] -p [PORT] --script=http-axis2-dir-traversal.nse --script-args=unsafe=1", "http,https"
http-backup-finder.nse=http-backup-finder.nse, "nmap -Pn [IP] -p [PORT] --script=http-backup-finder.nse --script-args=unsafe=1", "http,https"
http-barracuda-dir-traversal.nse=http-barracuda-dir-traversal.nse, "nmap -Pn [IP] -p [PORT] --script=http-barracuda-dir-traversal.nse --script-args=unsafe=1", "http,https"
http-brute.nse=http-brute.nse, "nmap -Pn [IP] -p [PORT] --script=http-brute.nse --script-args=unsafe=1", "http,https"
http-cakephp-version.nse=http-cakephp-version.nse, "nmap -Pn [IP] -p [PORT] --script=http-cakephp-version.nse --script-args=unsafe=1", "http,https"
http-chrono.nse=http-chrono.nse, "nmap -Pn [IP] -p [PORT] --script=http-chrono.nse --script-args=unsafe=1", "http,https"
http-coldfusion-subzero.nse=http-coldfusion-subzero.nse, "nmap -Pn [IP] -p [PORT] --script=http-coldfusion-subzero.nse --script-args=unsafe=1", "http,https"
http-comments-displayer.nse=http-comments-displayer.nse, "nmap -Pn [IP] -p [PORT] --script=http-comments-displayer.nse --script-args=unsafe=1", "http,https"
http-config-backup.nse=http-config-backup.nse, "nmap -Pn [IP] -p [PORT] --script=http-config-backup.nse --script-args=unsafe=1", "http,https"
http-cors.nse=http-cors.nse, "nmap -Pn [IP] -p [PORT] --script=http-cors.nse --script-args=unsafe=1", "http,https"
http-csrf.nse=http-csrf.nse, "nmap -Pn [IP] -p [PORT] --script=http-csrf.nse --script-args=unsafe=1", "http,https"
http-date.nse=http-date.nse, "nmap -Pn [IP] -p [PORT] --script=http-date.nse --script-args=unsafe=1", "http,https"
http-default-accounts.nse=http-default-accounts.nse, "nmap -Pn [IP] -p [PORT] --script=http-default-accounts.nse --script-args=unsafe=1", "http,https"
http-devframework.nse=http-devframework.nse, "nmap -Pn [IP] -p [PORT] --script=http-devframework.nse --script-args=unsafe=1", "http,https"
http-dlink-backdoor.nse=http-dlink-backdoor.nse, "nmap -Pn [IP] -p [PORT] --script=http-dlink-backdoor.nse --script-args=unsafe=1", "http,https"
http-dombased-xss.nse=http-dombased-xss.nse, "nmap -Pn [IP] -p [PORT] --script=http-dombased-xss.nse --script-args=unsafe=1", "http,https"
http-domino-enum-passwords.nse=http-domino-enum-passwords.nse, "nmap -Pn [IP] -p [PORT] --script=http-domino-enum-passwords.nse --script-args=unsafe=1", "http,https"
http-drupal-enum-users.nse=http-drupal-enum-users.nse, "nmap -Pn [IP] -p [PORT] --script=http-drupal-enum-users.nse --script-args=unsafe=1", "http,https"
http-drupal-modules.nse=http-drupal-modules.nse, "nmap -Pn [IP] -p [PORT] --script=http-drupal-modules.nse --script-args=unsafe=1", "http,https"
http-email-harvest.nse=http-email-harvest.nse, "nmap -Pn [IP] -p [PORT] --script=http-email-harvest.nse --script-args=unsafe=1", "http,https"
http-enum.nse=http-enum.nse, "nmap -Pn [IP] -p [PORT] --script=http-enum.nse --script-args=unsafe=1", "http,https"
http-errors.nse=http-errors.nse, "nmap -Pn [IP] -p [PORT] --script=http-errors.nse --script-args=unsafe=1", "http,https"
http-exif-spider.nse=http-exif-spider.nse, "nmap -Pn [IP] -p [PORT] --script=http-exif-spider.nse --script-args=unsafe=1", "http,https"
http-favicon.nse=http-favicon.nse, "nmap -Pn [IP] -p [PORT] --script=http-favicon.nse --script-args=unsafe=1", "http,https"
http-feed.nse=http-feed.nse, "nmap -Pn [IP] -p [PORT] --script=http-feed.nse --script-args=unsafe=1", "http,https"
http-fileupload-exploiter.nse=http-fileupload-exploiter.nse, "nmap -Pn [IP] -p [PORT] --script=http-fileupload-exploiter.nse --script-args=unsafe=1", "http,https"
http-form-brute.nse=http-form-brute.nse, "nmap -Pn [IP] -p [PORT] --script=http-form-brute.nse --script-args=unsafe=1", "http,https"
http-form-fuzzer.nse=http-form-fuzzer.nse, "nmap -Pn [IP] -p [PORT] --script=http-form-fuzzer.nse --script-args=unsafe=1", "http,https"
http-frontpage-login.nse=http-frontpage-login.nse, "nmap -Pn [IP] -p [PORT] --script=http-frontpage-login.nse --script-args=unsafe=1", "http,https"
http-generator.nse=http-generator.nse, "nmap -Pn [IP] -p [PORT] --script=http-generator.nse --script-args=unsafe=1", "http,https"
http-git.nse=http-git.nse, "nmap -Pn [IP] -p [PORT] --script=http-git.nse --script-args=unsafe=1", "http,https"
http-gitweb-projects-enum.nse=http-gitweb-projects-enum.nse, "nmap -Pn [IP] -p [PORT] --script=http-gitweb-projects-enum.nse --script-args=unsafe=1", "http,https"
http-google-malware.nse=http-google-malware.nse, "nmap -Pn [IP] -p [PORT] --script=http-google-malware.nse --script-args=unsafe=1", "http,https"
http-grep.nse=http-grep.nse, "nmap -Pn [IP] -p [PORT] --script=http-grep.nse --script-args=unsafe=1", "http,https"
http-headers.nse=http-headers.nse, "nmap -Pn [IP] -p [PORT] --script=http-headers.nse --script-args=unsafe=1", "http,https"
http-huawei-hg5xx-vuln.nse=http-huawei-hg5xx-vuln.nse, "nmap -Pn [IP] -p [PORT] --script=http-huawei-hg5xx-vuln.nse --script-args=unsafe=1", "http,https"
http-icloud-findmyiphone.nse=http-icloud-findmyiphone.nse, "nmap -Pn [IP] -p [PORT] --script=http-icloud-findmyiphone.nse --script-args=unsafe=1", "http,https"
http-icloud-sendmsg.nse=http-icloud-sendmsg.nse, "nmap -Pn [IP] -p [PORT] --script=http-icloud-sendmsg.nse --script-args=unsafe=1", "http,https"
http-iis-short-name-brute.nse=http-iis-short-name-brute.nse, "nmap -Pn [IP] -p [PORT] --script=http-iis-short-name-brute.nse --script-args=unsafe=1", "http,https"
http-iis-webdav-vuln.nse=http-iis-webdav-vuln.nse, "nmap -Pn [IP] -p [PORT] --script=http-iis-webdav-vuln.nse --script-args=unsafe=1", "http,https"
http-joomla-brute.nse=http-joomla-brute.nse, "nmap -Pn [IP] -p [PORT] --script=http-joomla-brute.nse --script-args=unsafe=1", "http,https"
http-litespeed-sourcecode-download.nse=http-litespeed-sourcecode-download.nse, "nmap -Pn [IP] -p [PORT] --script=http-litespeed-sourcecode-download.nse --script-args=unsafe=1", "http,https"
http-majordomo2-dir-traversal.nse=http-majordomo2-dir-traversal.nse, "nmap -Pn [IP] -p [PORT] --script=http-majordomo2-dir-traversal.nse --script-args=unsafe=1", "http,https"
http-malware-host.nse=http-malware-host.nse, "nmap -Pn [IP] -p [PORT] --script=http-malware-host.nse --script-args=unsafe=1", "http,https"
http-method-tamper.nse=http-method-tamper.nse, "nmap -Pn [IP] -p [PORT] --script=http-method-tamper.nse --script-args=unsafe=1", "http,https"
http-methods.nse=http-methods.nse, "nmap -Pn [IP] -p [PORT] --script=http-methods.nse --script-args=unsafe=1", "http,https"
http-mobileversion-checker.nse=http-mobileversion-checker.nse, "nmap -Pn [IP] -p [PORT] --script=http-mobileversion-checker.nse --script-args=unsafe=1", "http,https"
http-ntlm-info.nse=http-ntlm-info.nse, "nmap -Pn [IP] -p [PORT] --script=http-ntlm-info.nse --script-args=unsafe=1", "http,https"
http-open-proxy.nse=http-open-proxy.nse, "nmap -Pn [IP] -p [PORT] --script=http-open-proxy.nse --script-args=unsafe=1", "http,https"
http-open-redirect.nse=http-open-redirect.nse, "nmap -Pn [IP] -p [PORT] --script=http-open-redirect.nse --script-args=unsafe=1", "http,https"
http-passwd.nse=http-passwd.nse, "nmap -Pn [IP] -p [PORT] --script=http-passwd.nse --script-args=unsafe=1", "http,https"
http-php-version.nse=http-php-version.nse, "nmap -Pn [IP] -p [PORT] --script=http-php-version.nse --script-args=unsafe=1", "http,https"
http-phpmyadmin-dir-traversal.nse=http-phpmyadmin-dir-traversal.nse, "nmap -Pn [IP] -p [PORT] --script=http-phpmyadmin-dir-traversal.nse --script-args=unsafe=1", "http,https"
http-phpself-xss.nse=http-phpself-xss.nse, "nmap -Pn [IP] -p [PORT] --script=http-phpself-xss.nse --script-args=unsafe=1", "http,https"
http-proxy-brute.nse=http-proxy-brute.nse, "nmap -Pn [IP] -p [PORT] --script=http-proxy-brute.nse --script-args=unsafe=1", "http,https"
http-put.nse=http-put.nse, "nmap -Pn [IP] -p [PORT] --script=http-put.nse --script-args=unsafe=1", "http,https"
http-qnap-nas-info.nse=http-qnap-nas-info.nse, "nmap -Pn [IP] -p [PORT] --script=http-qnap-nas-info.nse --script-args=unsafe=1", "http,https"
http-referer-checker.nse=http-referer-checker.nse, "nmap -Pn [IP] -p [PORT] --script=http-referer-checker.nse --script-args=unsafe=1", "http,https"
http-rfi-spider.nse=http-rfi-spider.nse, "nmap -Pn [IP] -p [PORT] --script=http-rfi-spider.nse --script-args=unsafe=1", "http,https"
http-robots.txt.nse=http-robots.txt.nse, "nmap -Pn [IP] -p [PORT] --script=http-robots.txt.nse --script-args=unsafe=1", "http,https"
http-robtex-reverse-ip.nse=http-robtex-reverse-ip.nse, "nmap -Pn [IP] -p [PORT] --script=http-robtex-reverse-ip.nse --script-args=unsafe=1", "http,https"
http-robtex-shared-ns.nse=http-robtex-shared-ns.nse, "nmap -Pn [IP] -p [PORT] --script=http-robtex-shared-ns.nse --script-args=unsafe=1", "http,https"
http-server-header.nse=http-server-header.nse, "nmap -Pn [IP] -p [PORT] --script=http-server-header.nse --script-args=unsafe=1", "http,https"
http-sitemap-generator.nse=http-sitemap-generator.nse, "nmap -Pn [IP] -p [PORT] --script=http-sitemap-generator.nse --script-args=unsafe=1", "http,https"
http-slowloris-check.nse=http-slowloris-check.nse, "nmap -Pn [IP] -p [PORT] --script=http-slowloris-check.nse --script-args=unsafe=1", "http,https"
http-slowloris.nse=http-slowloris.nse, "nmap -Pn [IP] -p [PORT] --script=http-slowloris.nse --script-args=unsafe=1", "http,https"
http-sql-injection.nse=http-sql-injection.nse, "nmap -Pn [IP] -p [PORT] --script=http-sql-injection.nse --script-args=unsafe=1", "http,https"
http-sqlmap=mysql-sqlmap, "sqlmap -v 2 --url=http://[IP] --user-agent=SQLMAP --delay=1 --timeout=15 --retries=2 --keep-alive --threads=5 --eta --batch --level=5 --risk=3 --banner --is-dba --dbs --tables --technique=BEUST -s [OUTPUT] --flush-session -t [OUTPUT] --fresh-queries > [OUTPUT]", mysql
http-stored-xss.nse=http-stored-xss.nse, "nmap -Pn [IP] -p [PORT] --script=http-stored-xss.nse --script-args=unsafe=1", "http,https"
http-title.nse=http-title.nse, "nmap -Pn [IP] -p [PORT] --script=http-title.nse --script-args=unsafe=1", "http,https"
http-tplink-dir-traversal.nse=http-tplink-dir-traversal.nse, "nmap -Pn [IP] -p [PORT] --script=http-tplink-dir-traversal.nse --script-args=unsafe=1", "http,https"
http-trace.nse=http-trace.nse, "nmap -Pn [IP] -p [PORT] --script=http-trace.nse --script-args=unsafe=1", "http,https"
http-traceroute.nse=http-traceroute.nse, "nmap -Pn [IP] -p [PORT] --script=http-traceroute.nse --script-args=unsafe=1", "http,https"
http-unsafe-output-escaping.nse=http-unsafe-output-escaping.nse, "nmap -Pn [IP] -p [PORT] --script=http-unsafe-output-escaping.nse --script-args=unsafe=1", "http,https"
http-useragent-tester.nse=http-useragent-tester.nse, "nmap -Pn [IP] -p [PORT] --script=http-useragent-tester.nse --script-args=unsafe=1", "http,https"
http-userdir-enum.nse=http-userdir-enum.nse, "nmap -Pn [IP] -p [PORT] --script=http-userdir-enum.nse --script-args=unsafe=1", "http,https"
http-vhosts.nse=http-vhosts.nse, "nmap -Pn [IP] -p [PORT] --script=http-vhosts.nse --script-args=unsafe=1", "http,https"
http-virustotal.nse=http-virustotal.nse, "nmap -Pn [IP] -p [PORT] --script=http-virustotal.nse --script-args=unsafe=1", "http,https"
http-vlcstreamer-ls.nse=http-vlcstreamer-ls.nse, "nmap -Pn [IP] -p [PORT] --script=http-vlcstreamer-ls.nse --script-args=unsafe=1", "http,https"
http-vmware-path-vuln.nse=http-vmware-path-vuln.nse, "nmap -Pn [IP] -p [PORT] --script=http-vmware-path-vuln.nse --script-args=unsafe=1", "http,https"
http-vuln-cve2009-3960.nse=http-vuln-cve2009-3960.nse, "nmap -Pn [IP] -p [PORT] --script=http-vuln-cve2009-3960.nse --script-args=unsafe=1", "http,https"
http-vuln-cve2010-0738.nse=http-vuln-cve2010-0738.nse, "nmap -Pn [IP] -p [PORT] --script=http-vuln-cve2010-0738.nse --script-args=unsafe=1", "http,https"
http-vuln-cve2010-2861.nse=http-vuln-cve2010-2861.nse, "nmap -Pn [IP] -p [PORT] --script=http-vuln-cve2010-2861.nse --script-args=unsafe=1", "http,https"
http-vuln-cve2011-3192.nse=http-vuln-cve2011-3192.nse, "nmap -Pn [IP] -p [PORT] --script=http-vuln-cve2011-3192.nse --script-args=unsafe=1", "http,https"
http-vuln-cve2011-3368.nse=http-vuln-cve2011-3368.nse, "nmap -Pn [IP] -p [PORT] --script=http-vuln-cve2011-3368.nse --script-args=unsafe=1", "http,https"
http-vuln-cve2012-1823.nse=http-vuln-cve2012-1823.nse, "nmap -Pn [IP] -p [PORT] --script=http-vuln-cve2012-1823.nse --script-args=unsafe=1", "http,https"
http-vuln-cve2013-0156.nse=http-vuln-cve2013-0156.nse, "nmap -Pn [IP] -p [PORT] --script=http-vuln-cve2013-0156.nse --script-args=unsafe=1", "http,https"
http-vuln-zimbra-lfi.nse=http-vuln-zimbra-lfi.nse, "nmap -Pn [IP] -p [PORT] --script=http-vuln-zimbra-lfi.nse --script-args=unsafe=1", "http,https"
http-waf-detect.nse=http-waf-detect.nse, "nmap -Pn [IP] -p [PORT] --script=http-waf-detect.nse --script-args=unsafe=1", "http,https"
http-waf-fingerprint.nse=http-waf-fingerprint.nse, "nmap -Pn [IP] -p [PORT] --script=http-waf-fingerprint.nse --script-args=unsafe=1", "http,https"
http-wapiti=http-wapiti, wapiti http://[IP] -n 10 -b folder -u -v 1 -f txt -o [OUTPUT], http
http-wordpress-brute.nse=http-wordpress-brute.nse, "nmap -Pn [IP] -p [PORT] --script=http-wordpress-brute.nse --script-args=unsafe=1", "http,https"
http-wordpress-enum.nse=http-wordpress-enum.nse, "nmap -Pn [IP] -p [PORT] --script=http-wordpress-enum.nse --script-args=unsafe=1", "http,https"
http-wordpress-plugins.nse=http-wordpress-plugins.nse, "nmap -Pn [IP] -p [PORT] --script=http-wordpress-plugins.nse --script-args=unsafe=1", "http,https"
http-xssed.nse=http-xssed.nse, "nmap -Pn [IP] -p [PORT] --script=http-xssed.nse --script-args=unsafe=1", "http,https"
https-wapiti=https-wapiti, wapiti https://[IP] -n 10 -b folder -u -v 1 -f txt -o [OUTPUT], https
imap-brute.nse=imap-brute.nse, "nmap -Pn [IP] -p [PORT] --script=imap-brute.nse --script-args=unsafe=1", imap
imap-capabilities.nse=imap-capabilities.nse, "nmap -Pn [IP] -p [PORT] --script=imap-capabilities.nse --script-args=unsafe=1", imap
irc-botnet-channels.nse=irc-botnet-channels.nse, "nmap -Pn [IP] -p [PORT] --script=irc-botnet-channels.nse --script-args=unsafe=1", irc
irc-brute.nse=irc-brute.nse, "nmap -Pn [IP] -p [PORT] --script=irc-brute.nse --script-args=unsafe=1", irc
irc-info.nse=irc-info.nse, "nmap -Pn [IP] -p [PORT] --script=irc-info.nse --script-args=unsafe=1", irc
irc-sasl-brute.nse=irc-sasl-brute.nse, "nmap -Pn [IP] -p [PORT] --script=irc-sasl-brute.nse --script-args=unsafe=1", irc
irc-unrealircd-backdoor.nse=irc-unrealircd-backdoor.nse, "nmap -Pn [IP] -p [PORT] --script=irc-unrealircd-backdoor.nse --script-args=unsafe=1", irc
ldapsearch=Run ldapsearch, ldapsearch -h [IP] -p [PORT] -x -s base, ldap
membase-http-info.nse=membase-http-info.nse, "nmap -Pn [IP] -p [PORT] --script=membase-http-info.nse --script-args=unsafe=1", "http,https"
ms-sql-brute.nse=ms-sql-brute.nse, "nmap -Pn [IP] -p [PORT] --script=ms-sql-brute.nse --script-args=unsafe=1", ms-sql
ms-sql-config.nse=ms-sql-config.nse, "nmap -Pn [IP] -p [PORT] --script=ms-sql-config.nse --script-args=unsafe=1", ms-sql
ms-sql-dac.nse=ms-sql-dac.nse, "nmap -Pn [IP] -p [PORT] --script=ms-sql-dac.nse --script-args=unsafe=1", ms-sql
ms-sql-dump-hashes.nse=ms-sql-dump-hashes.nse, "nmap -Pn [IP] -p [PORT] --script=ms-sql-dump-hashes.nse --script-args=unsafe=1", ms-sql
ms-sql-empty-password.nse=ms-sql-empty-password.nse, "nmap -Pn [IP] -p [PORT] --script=ms-sql-empty-password.nse --script-args=unsafe=1", ms-sql
ms-sql-hasdbaccess.nse=ms-sql-hasdbaccess.nse, "nmap -Pn [IP] -p [PORT] --script=ms-sql-hasdbaccess.nse --script-args=unsafe=1", ms-sql
ms-sql-info.nse=ms-sql-info.nse, "nmap -Pn [IP] -p [PORT] --script=ms-sql-info.nse --script-args=unsafe=1", ms-sql
ms-sql-query.nse=ms-sql-query.nse, "nmap -Pn [IP] -p [PORT] --script=ms-sql-query.nse --script-args=unsafe=1", ms-sql
ms-sql-tables.nse=ms-sql-tables.nse, "nmap -Pn [IP] -p [PORT] --script=ms-sql-tables.nse --script-args=unsafe=1", ms-sql
ms-sql-xp-cmdshell.nse=ms-sql-xp-cmdshell.nse, "nmap -Pn [IP] -p [PORT] --script=ms-sql-xp-cmdshell.nse --script-args=unsafe=1", ms-sql
msrpc-enum.nse=msrpc-enum.nse, "nmap -Pn [IP] -p [PORT] --script=msrpc-enum.nse --script-args=unsafe=1", msrpc
mssql-default=Check for default mssql credentials, hydra -s [PORT] -C ./wordlists/mssql-default-userpass.txt -u -o \"[OUTPUT].txt\" -f [IP] mssql, ms-sql-s
mysql-audit.nse=mysql-audit.nse, "nmap -Pn [IP] -p [PORT] --script=mysql-audit.nse --script-args=unsafe=1", mysql
mysql-brute.nse=mysql-brute.nse, "nmap -Pn [IP] -p [PORT] --script=mysql-brute.nse --script-args=unsafe=1", mysql
mysql-databases.nse=mysql-databases.nse, "nmap -Pn [IP] -p [PORT] --script=mysql-databases.nse --script-args=unsafe=1", mysql
mysql-default=Check for default mysql credentials, hydra -s [PORT] -C ./wordlists/mysql-default-userpass.txt -u -o \"[OUTPUT].txt\" -f [IP] mysql, mysql
mysql-dump-hashes.nse=mysql-dump-hashes.nse, "nmap -Pn [IP] -p [PORT] --script=mysql-dump-hashes.nse --script-args=unsafe=1", mysql
mysql-empty-password.nse=mysql-empty-password.nse, "nmap -Pn [IP] -p [PORT] --script=mysql-empty-password.nse --script-args=unsafe=1", mysql
mysql-enum.nse=mysql-enum.nse, "nmap -Pn [IP] -p [PORT] --script=mysql-enum.nse --script-args=unsafe=1", mysql
mysql-info.nse=mysql-info.nse, "nmap -Pn [IP] -p [PORT] --script=mysql-info.nse --script-args=unsafe=1", mysql
mysql-query.nse=mysql-query.nse, "nmap -Pn [IP] -p [PORT] --script=mysql-query.nse --script-args=unsafe=1", mysql
mysql-users.nse=mysql-users.nse, "nmap -Pn [IP] -p [PORT] --script=mysql-users.nse --script-args=unsafe=1", mysql
mysql-variables.nse=mysql-variables.nse, "nmap -Pn [IP] -p [PORT] --script=mysql-variables.nse --script-args=unsafe=1", mysql
mysql-vuln-cve2012-2122.nse=mysql-vuln-cve2012-2122.nse, "nmap -Pn [IP] -p [PORT] --script=mysql-vuln-cve2012-2122.nse --script-args=unsafe=1", mysql
nbtscan=Run nbtscan, nbtscan -v -h [IP], netbios-ns
nfs-ls.nse=nfs-ls.nse, "nmap -Pn [IP] -p [PORT] --script=nfs-ls.nse --script-args=unsafe=1", nfs
nfs-showmount.nse=nfs-showmount.nse, "nmap -Pn [IP] -p [PORT] --script=nfs-showmount.nse --script-args=unsafe=1", nfs
nfs-statfs.nse=nfs-statfs.nse, "nmap -Pn [IP] -p [PORT] --script=nfs-statfs.nse --script-args=unsafe=1", nfs
nikto=Run nikto, nikto -o [OUTPUT].txt -p [PORT] -h [IP] -C all, "http,https,ssl,soap,http-proxy,http-alt"
nmap=Run nmap (scripts) on port, nmap -Pn -sV -sC -vvvvv -p[PORT] [IP] -oA [OUTPUT],
oracle-brute-stealth.nse=oracle-brute-stealth.nse, "nmap -Pn [IP] -p [PORT] --script=oracle-brute-stealth.nse --script-args=unsafe=1", oracle
oracle-brute.nse=oracle-brute.nse, "nmap -Pn [IP] -p [PORT] --script=oracle-brute.nse --script-args=unsafe=1", oracle
oracle-default=Check for default oracle credentials, hydra -s [PORT] -C ./wordlists/oracle-default-userpass.txt -u -o \"[OUTPUT].txt\" -f [IP] oracle-listener, oracle-tns
oracle-enum-users.nse=oracle-enum-users.nse, "nmap -Pn [IP] -p [PORT] --script=oracle-enum-users.nse --script-args=unsafe=1", oracle
oracle-sid=Oracle SID enumeration, "msfcli auxiliary/scanner/oracle/sid_enum rhosts=[IP] E", oracle-tns
oracle-sid-brute.nse=oracle-sid-brute.nse, "nmap -Pn [IP] -p [PORT] --script=oracle-sid-brute.nse --script-args=unsafe=1", oracle
oracle-version=Get version, "msfcli auxiliary/scanner/oracle/tnslsnr_version rhosts=[IP] E", oracle-tns
polenum=Extract password policy (polenum), polenum [IP], "netbios-ssn,microsoft-ds"
pop3-brute.nse=pop3-brute.nse, "nmap -Pn [IP] -p [PORT] --script=pop3-brute.nse --script-args=unsafe=1", pop3
pop3-capabilities.nse=pop3-capabilities.nse, "nmap -Pn [IP] -p [PORT] --script=pop3-capabilities.nse --script-args=unsafe=1", pop3
postgres-default=Check for default postgres credentials, hydra -s [PORT] -C ./wordlists/postgres-default-userpass.txt -u -o \"[OUTPUT].txt\" -f [IP] postgres, postgresql
rdp-sec-check=Run rdp-sec-check.pl, perl ./scripts/rdp-sec-check.pl [IP]:[PORT], ms-wbt-server
realvnc-auth-bypass.nse=realvnc-auth-bypass.nse, "nmap -Pn [IP] -p [PORT] --script=realvnc-auth-bypass.nse --script-args=unsafe=1", vnc
riak-http-info.nse=riak-http-info.nse, "nmap -Pn [IP] -p [PORT] --script=riak-http-info.nse --script-args=unsafe=1", "http,https"
rpcinfo=Run rpcinfo, rpcinfo -p [IP], rpcbind
rwho=Run rwho, rwho -a [IP], who
samba-vuln-cve-2012-1182.nse=samba-vuln-cve-2012-1182.nse, "nmap -Pn [IP] -p [PORT] --script=samba-vuln-cve-2012-1182.nse --script-args=unsafe=1", samba
samrdump=Run samrdump, python /usr/share/doc/python-impacket-doc/examples/samrdump.py [IP] [PORT]/SMB, "netbios-ssn,microsoft-ds"
showmount=Show nfs shares, showmount -e [IP], nfs
smb-brute.nse=smb-brute.nse, "nmap -Pn [IP] -p [PORT] --script=smb-brute.nse --script-args=unsafe=1", smb
smb-check-vulns.nse=smb-check-vulns.nse, "nmap -Pn [IP] -p [PORT] --script=smb-check-vulns.nse --script-args=unsafe=1", smb
smb-enum-admins=Enumerate domain admins (net), "net rpc group members \"Domain Admins\" -I [IP] -U% ", "netbios-ssn,microsoft-ds"
smb-enum-domains.nse=smb-enum-domains.nse, "nmap -Pn [IP] -p [PORT] --script=smb-enum-domains.nse --script-args=unsafe=1", smb
smb-enum-groups=Enumerate groups (nmap), "nmap -p[PORT] --script=smb-enum-groups [IP] -vvvvv", "netbios-ssn,microsoft-ds"
smb-enum-groups.nse=smb-enum-groups.nse, "nmap -Pn [IP] -p [PORT] --script=smb-enum-groups.nse --script-args=unsafe=1", smb
smb-enum-policies=Extract password policy (nmap), "nmap -p[PORT] --script=smb-enum-domains [IP] -vvvvv", "netbios-ssn,microsoft-ds"
smb-enum-processes.nse=smb-enum-processes.nse, "nmap -Pn [IP] -p [PORT] --script=smb-enum-processes.nse --script-args=unsafe=1", smb
smb-enum-sessions=Enumerate logged in users (nmap), "nmap -p[PORT] --script=smb-enum-sessions [IP] -vvvvv", "netbios-ssn,microsoft-ds"
smb-enum-sessions.nse=smb-enum-sessions.nse, "nmap -Pn [IP] -p [PORT] --script=smb-enum-sessions.nse --script-args=unsafe=1", smb
smb-enum-shares=Enumerate shares (nmap), "nmap -p[PORT] --script=smb-enum-shares [IP] -vvvvv", "netbios-ssn,microsoft-ds"
smb-enum-shares.nse=smb-enum-shares.nse, "nmap -Pn [IP] -p [PORT] --script=smb-enum-shares.nse --script-args=unsafe=1", smb
smb-enum-users=Enumerate users (nmap), "nmap -p[PORT] --script=smb-enum-users [IP] -vvvvv", "netbios-ssn,microsoft-ds"
smb-enum-users-rpc=Enumerate users (rpcclient), bash -c \"echo 'enumdomusers' | rpcclient [IP] -U%\", "netbios-ssn,microsoft-ds"
smb-enum-users.nse=smb-enum-users.nse, "nmap -Pn [IP] -p [PORT] --script=smb-enum-users.nse --script-args=unsafe=1", smb
smb-flood.nse=smb-flood.nse, "nmap -Pn [IP] -p [PORT] --script=smb-flood.nse --script-args=unsafe=1", smb
smb-ls.nse=smb-ls.nse, "nmap -Pn [IP] -p [PORT] --script=smb-ls.nse --script-args=unsafe=1", smb
smb-mbenum.nse=smb-mbenum.nse, "nmap -Pn [IP] -p [PORT] --script=smb-mbenum.nse --script-args=unsafe=1", smb
smb-null-sessions=Check for null sessions (rpcclient), bash -c \"echo 'srvinfo' | rpcclient [IP] -U%\", "netbios-ssn,microsoft-ds"
smb-os-discovery.nse=smb-os-discovery.nse, "nmap -Pn [IP] -p [PORT] --script=smb-os-discovery.nse --script-args=unsafe=1", smb
smb-print-text.nse=smb-print-text.nse, "nmap -Pn [IP] -p [PORT] --script=smb-print-text.nse --script-args=unsafe=1", smb
smb-psexec.nse=smb-psexec.nse, "nmap -Pn [IP] -p [PORT] --script=smb-psexec.nse --script-args=unsafe=1", smb
smb-security-mode.nse=smb-security-mode.nse, "nmap -Pn [IP] -p [PORT] --script=smb-security-mode.nse --script-args=unsafe=1", smb
smb-server-stats.nse=smb-server-stats.nse, "nmap -Pn [IP] -p [PORT] --script=smb-server-stats.nse --script-args=unsafe=1", smb
smb-system-info.nse=smb-system-info.nse, "nmap -Pn [IP] -p [PORT] --script=smb-system-info.nse --script-args=unsafe=1", smb
smb-vuln-ms10-054.nse=smb-vuln-ms10-054.nse, "nmap -Pn [IP] -p [PORT] --script=smb-vuln-ms10-054.nse --script-args=unsafe=1", smb
smb-vuln-ms10-061.nse=smb-vuln-ms10-061.nse, "nmap -Pn [IP] -p [PORT] --script=smb-vuln-ms10-061.nse --script-args=unsafe=1", smb
smbenum=Run smbenum, bash ./scripts/smbenum.sh [IP], "netbios-ssn,microsoft-ds"
smbv2-enabled.nse=smbv2-enabled.nse, "nmap -Pn [IP] -p [PORT] --script=smbv2-enabled.nse --script-args=unsafe=1", smb
smtp-brute.nse=smtp-brute.nse, "nmap -Pn [IP] -p [PORT] --script=smtp-brute.nse --script-args=unsafe=1", smtp
smtp-commands.nse=smtp-commands.nse, "nmap -Pn [IP] -p [PORT] --script=smtp-commands.nse --script-args=unsafe=1", smtp
smtp-enum-expn=Enumerate SMTP users (EXPN), smtp-user-enum -M EXPN -U /usr/share/metasploit-framework/data/wordlists/unix_users.txt -t [IP] -p [PORT], smtp
smtp-enum-rcpt=Enumerate SMTP users (RCPT), smtp-user-enum -M RCPT -U /usr/share/metasploit-framework/data/wordlists/unix_users.txt -t [IP] -p [PORT], smtp
smtp-enum-users.nse=smtp-enum-users.nse, "nmap -Pn [IP] -p [PORT] --script=smtp-enum-users.nse --script-args=unsafe=1", smtp
smtp-enum-vrfy=Enumerate SMTP users (VRFY), smtp-user-enum -M VRFY -U /usr/share/metasploit-framework/data/wordlists/unix_users.txt -t [IP] -p [PORT], smtp
smtp-open-relay.nse=smtp-open-relay.nse, "nmap -Pn [IP] -p [PORT] --script=smtp-open-relay.nse --script-args=unsafe=1", smtp
smtp-strangeport.nse=smtp-strangeport.nse, "nmap -Pn [IP] -p [PORT] --script=smtp-strangeport.nse --script-args=unsafe=1", smtp
smtp-vuln-cve2010-4344.nse=smtp-vuln-cve2010-4344.nse, "nmap -Pn [IP] -p [PORT] --script=smtp-vuln-cve2010-4344.nse --script-args=unsafe=1", smtp
smtp-vuln-cve2011-1720.nse=smtp-vuln-cve2011-1720.nse, "nmap -Pn [IP] -p [PORT] --script=smtp-vuln-cve2011-1720.nse --script-args=unsafe=1", smtp
smtp-vuln-cve2011-1764.nse=smtp-vuln-cve2011-1764.nse, "nmap -Pn [IP] -p [PORT] --script=smtp-vuln-cve2011-1764.nse --script-args=unsafe=1", smtp
snmp-brute=Bruteforce community strings (medusa), bash -c \"medusa -h [IP] -u root -P ./wordlists/snmp-default.txt -M snmp | grep SUCCESS\", "snmp,snmptrap"
snmp-brute.nse=snmp-brute.nse, "nmap -Pn [IP] -p [PORT] --script=snmp-brute.nse --script-args=unsafe=1", snmp
snmp-default=Check for default community strings, python ./scripts/snmpbrute.py -t [IP] -p [PORT] -f ./wordlists/snmp-default.txt -b --no-colours, "snmp,snmptrap"
snmp-hh3c-logins.nse=snmp-hh3c-logins.nse, "nmap -Pn [IP] -p [PORT] --script=snmp-hh3c-logins.nse --script-args=unsafe=1", snmp
snmp-interfaces.nse=snmp-interfaces.nse, "nmap -Pn [IP] -p [PORT] --script=snmp-interfaces.nse --script-args=unsafe=1", snmp
snmp-ios-config.nse=snmp-ios-config.nse, "nmap -Pn [IP] -p [PORT] --script=snmp-ios-config.nse --script-args=unsafe=1", snmp
snmp-netstat.nse=snmp-netstat.nse, "nmap -Pn [IP] -p [PORT] --script=snmp-netstat.nse --script-args=unsafe=1", snmp
snmp-processes.nse=snmp-processes.nse, "nmap -Pn [IP] -p [PORT] --script=snmp-processes.nse --script-args=unsafe=1", snmp
snmp-sysdescr.nse=snmp-sysdescr.nse, "nmap -Pn [IP] -p [PORT] --script=snmp-sysdescr.nse --script-args=unsafe=1", snmp
snmp-win32-services.nse=snmp-win32-services.nse, "nmap -Pn [IP] -p [PORT] --script=snmp-win32-services.nse --script-args=unsafe=1", snmp
snmp-win32-shares.nse=snmp-win32-shares.nse, "nmap -Pn [IP] -p [PORT] --script=snmp-win32-shares.nse --script-args=unsafe=1", snmp
snmp-win32-software.nse=snmp-win32-software.nse, "nmap -Pn [IP] -p [PORT] --script=snmp-win32-software.nse --script-args=unsafe=1", snmp
snmp-win32-users.nse=snmp-win32-users.nse, "nmap -Pn [IP] -p [PORT] --script=snmp-win32-users.nse --script-args=unsafe=1", snmp
snmpcheck=Run snmpcheck, snmpcheck -t [IP], "snmp,snmptrap"
sslscan=Run sslscan, sslscan --no-failed [IP]:[PORT], "https,ssl"
sslyze=Run sslyze, sslyze --regular [IP]:[PORT], "https,ssl,ms-wbt-server,imap,pop3,smtp"
tftp-enum.nse=tftp-enum.nse, "nmap -Pn [IP] -p [PORT] --script=tftp-enum.nse --script-args=unsafe=1", tftp
theharvester=Run theharvester, "theharvester -d [IP]:[PORT] -b all -n -c -t -h", dns
vnc-brute.nse=vnc-brute.nse, "nmap -Pn [IP] -p [PORT] --script=vnc-brute.nse --script-args=unsafe=1", vnc
vnc-info.nse=vnc-info.nse, "nmap -Pn [IP] -p [PORT] --script=vnc-info.nse --script-args=unsafe=1", vnc
wafw00f=Run wafw00f, wafw00f [IP]:[PORT], "https,ssl"
webslayer=Launch webslayer, webslayer, "http,https,ssl,soap,http-proxy,http-alt"
whatweb=Run whatweb, "whatweb [IP]:[PORT] --color=never --log-brief=[OUTPUT].txt", "http,https,ssl,soap,http-proxy,http-alt"
wpscan=Run wpscan, "wpscan --url [IP]:[PORT], http", "https\nx11screen=Run x11screenshot, bash ./scripts/x11screenshot.sh [IP] 0 [OUTPUT], X11\n\n[PortTerminalActions]\nfirefox=Open with firefox, firefox [IP]:[PORT], \nftp=Open with ftp client, ftp [IP] [PORT], ftp\nmssql=Open with mssql client (as sa), python /usr/share/doc/python-impacket-doc/examples/mssqlclient.py -p [PORT] sa@[IP], mys-sql-s"
[PortTerminalActions]
firefox=Open with firefox, firefox [IP]:[PORT],
ftp=Open with ftp client, ftp [IP] [PORT], ftp
mssql=Open with mssql client (as sa), python /usr/share/doc/python-impacket-doc/examples/mssqlclient.py -p [PORT] sa@[IP], "mys-sql-s,codasrv-se"
mysql=Open with mysql client (as root), "mysql -u root -h [IP] --port=[PORT] -p", mysql
netcat=Open with netcat, nc -v [IP] [PORT],
psql=Open with postgres client (as postgres), psql -h [IP] -p [PORT] -U postgres, postgres
rdesktop=Open with rdesktop, rdesktop [IP]:[PORT], ms-wbt-server
rlogin=Open with rlogin, rlogin -i root -p [PORT] [IP], login
rpcclient=Open with rpcclient (NULL session), rpcclient [IP] -p [PORT] -U%, "netbios-ssn,microsoft-ds"
rsh=Open with rsh, rsh -l root [IP], shell
ssh=Open with ssh client (as root), ssh root@[IP] -p [PORT], ssh
telnet=Open with telnet, telnet [IP] [PORT],
vncviewer=Open with vncviewer, vncviewer [IP]:[PORT], vnc
xephyr=Open with Xephyr, Xephyr -query [IP] :1, xdmcp
[SchedulerSettings]
ftp-default=ftp, tcp
mssql-default=ms-sql-s, tcp
mysql-default=mysql, tcp
nikto="http,https,ssl,soap,http-proxy,http-alt,https-alt", tcp
oracle-default=oracle-tns, tcp
postgres-default=postgresql, tcp
screenshooter="http,https,ssl,http-proxy,http-alt,https-alt", tcp
smbenum=microsoft-ds, tcp
smtp-enum-vrfy=smtp, tcp
snmp-default=snmp, udp
snmpcheck=snmp, udp
x11screen=X11, tcp
[StagedNmapSettings]
stage1-ports="T:80,443"
stage2-ports="T:25,135,137,139,445,1433,3306,5432,U:137,161,162,1434"
stage3-ports="Vulners,CVE"
stage4-ports="T:23,21,22,110,111,2049,3389,8080,U:500,5060"
stage5-ports="T:0-20,24,26-79,81-109,112-134,136,138,140-442,444,446-1432,1434-2048,2050-3305,3307-3388,3390-5431,5433-8079,8081-29999"
stage6-ports=T:30000-65535
[ToolSettings]
cutycapt-path=/usr/bin/cutycapt
hydra-path=/usr/bin/hydra
nmap-path=/sbin/nmap
texteditor-path=/usr/bin/leafpad
You can’t perform that action at this time.