def traceroute(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for traceroute:
\t[1] traceroute-geolocation\n\t[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File traceroute-geolocation
Script types: hostrule
Categories: safe, external, discovery
Download: http://nmap.org/svn/scripts/traceroute-geolocation.nse
User Summary
Lists the geographic locations of each hop in a traceroute and optionally saves the results to a KML file, plottable on Google earth and maps.
Script Arguments
traceroute-geolocation.kmlfile
full path and name of file to write KML data to. The KML file can be used in Google earth or maps to plot the traceroute data.
slaxml.debug
See the documentation for the slaxml library.
http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap --traceroute --script traceroute-geolocation
Default Option Used in script:
nmap -sV --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-no-port[Y/N]:")
if port_select == "Y" or port_select == "y":
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script traceroute-geolocation ' +
' ' + arg + ' ' + host_ip + ' ' + output,
shell=True)
traceroute(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script traceroute-geolocation -p ' +
' ' + custom_port + ' ' + arg + ' ' + host_ip +
' ' + output,
shell=True)
traceroute(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def pptp(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for point-to-point tunneling protocol (PPTP) service:
\t[1] pptp-version\n\t[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File pptp-version
Script types: portrule
Categories: version
Download: http://nmap.org/svn/scripts/pptp-version.nse
User Summary
Attempts to extract system information from the point-to-point tunneling protocol (PPTP) service.
Example Usage
nmap -sV <target>
Default Option Used in script:
nmap -sV --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-no-port[Y/N]:")
if port_select == "Y" or port_select == "y":
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script pptp-version' + ' ' + arg +
' ' + host_ip + ' ' + output,
shell=True)
pptp(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script pptp-version -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
pptp(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def firewall(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for firewall:
[1] firewalk
[2] firewall-bypass
[3] flume-master-info
[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File firewalk
Script types: hostrule
Categories: safe, discovery
Download: http://nmap.org/svn/scripts/firewalk.nse
User Summary
Tries to discover firewalk rules using an IP TTL expiration technique known as firewalking.
To determine a rule on a given gateway, the scanner sends a probe to a metric located behind the gateway, with a
TTL one higher than the gateway. If the probe is forwarded by the gateway, then we can expect to receive an
ICMP_TIME_EXCEEDED reply from the gateway next hop router, or eventually the metric itself if it is directly connected
to the gateway. Otherwise, the probe will timeout.
It starts with a TTL equals to the distance to the target. If the probe timeout, then it is resent with a TTL decreased by
one. If we get an ICMP_TIME_EXCEEDED, then the scan is over for this probe.
Every "no-reply" filtered TCP and UDP ports are probed. As for UDP scans, this process can be quite slow if lots of ports
are blocked by a gateway close to the scanner.
Script Arguments
firewalk.max-probed-ports
maximum number of ports to probe per protocol. Set to -1 to scan every filtered port.
firewalk.max-retries
the maximum number of allowed retransmissions.
firewalk.recv-timeout
the duration of the packets capture loop (in milliseconds).
firewalk.max-active-probes
maximum number of parallel active probes.
firewalk.probe-timeout
validity period of a probe (in milliseconds).
Example Usage
nmap --script=firewalk --traceroute <host>
nmap --script=firewalk --traceroute --script-args=firewalk.max-retries=1 <host>
nmap --script=firewalk --traceroute --script-args=firewalk.probe-timeout=400ms <host>
nmap --script=firewalk --traceroute --script-args=firewalk.max-probed-ports=7 <host>
Default Option Used in script:
nmap --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-no-port[Y/N]:")
if port_select == "Y" or port_select == "y":
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script firewalk' + ' ' + arg + ' ' +
host_ip + ' ' + output,
shell=True)
firewall(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script firewalk -p ' + ' ' + custom_port +
' ' + arg + ' ' + host_ip + ' ' + output,
shell=True)
firewall(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "2":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File firewall-bypass
Script types: hostrule
Categories: vuln, intrusive
Download: http://nmap.org/svn/scripts/firewall-bypass.nse
User Summary
Detects a vulnerability in netfilter and other firewalls that use helpers to dynamically open ports for protocols
such as ftp and sip.
The script works by spoofing a packet from the target server asking for opening a related connection to a target port
which will be fulfilled by the firewall through the adequate protocol helper port. The attacking machine should be on
the same network segment as the firewall for this to work. The script supports ftp helper on both IPv4 and IPv6.
Real path filter is used to prevent such attacks.
Script Arguments
firewall-bypass.helper
The helper to use. Defaults to ftp. Supported helpers: ftp (Both IPv4 and IPv6).
firewall-bypass.targetport
Port to test vulnerability on. Target port should be a non-open port. If not given, the script will try to find a filtered or closed port from the port scan results.
firewall-bypass.helperport
If not using the helper's default port.
Example Usage
nmap --script firewall-bypass <target>
nmap --script firewall-bypass --script-args firewall-bypass.helper="ftp", firewall-bypass.targetport=22 <target>
Default Option Used in script:
nmap --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-no-port[Y/N]:")
if port_select == "Y" or port_select == "y":
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script firewall-bypass' + ' ' + arg + ' ' +
host_ip + ' ' + output,
shell=True)
firewall(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script firewall-bypass -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
firewall(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "3":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File flume-master-info
Script types: portrule
Categories: default, discovery, safe
Download: http://nmap.org/svn/scripts/flume-master-info.nse
User Summary
Retrieves information from Flume master HTTP pages.
Information gathered:
Flume version
Flume server id
Zookeeper/Hbase master servers present in configured flows
Java information
OS information
various other local configurations.
If this script is run wth -v, it will output lots more info.
Use the newtargets script argument to add discovered hosts to the Nmap scan queue.
Script Arguments
slaxml.debug
See the documentation for the slaxml library.
http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.
max-newtargets, newtargets
See the documentation for the target library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap --script flume-master-info -p 35871 host
Default Option Used in script:
nmap -p 35871 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-35871[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "35871"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script flume-master-info -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
firewall(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script flume-master-info -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
firewall(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def mcafee(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for ePO agent:
[1] mcafee-epo-agent
[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File mcafee-epo-agent
Script types: portrule
Categories: version, safe
Download: http://nmap.org/svn/scripts/mcafee-epo-agent.nse
User Summary
Check if ePO agent is running on port 8081 or port identified as ePO Agent port.
Script Arguments
slaxml.debug
See the documentation for the slaxml library.
http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap -sV <target>
Default Option Used in script:
nmap -sV --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-no-port[Y/N]:")
if port_select == "Y" or port_select == "y":
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script mcafee-epo-agent' + ' ' + arg +
' ' + host_ip + ' ' + output,
shell=True)
mcafee(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script mcafee-epo-agent -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mcafee(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def wdb(host_ip,desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for VxWorks Wind DeBug agents:
\t[1] wdb-version\n\t[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
option=input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File wdb-version
Script types: portrule
Categories: default, version, discovery, vuln
Download: http://nmap.org/svn/scripts/wdb-version.nse
User Summary
Detects vulnerabilities and gathers information (such as version numbers and hardware support) from VxWorks Wind DeBug agents.
Wind DeBug is a SunRPC-type service that is enabled by default on many devices that use the popular VxWorks real-time embedded operating system. H.D. Moore of Metasploit has identified several security vulnerabilities and design flaws with the service, including weakly-hashed passwords and raw memory dumping.
See also: http://www.kb.cert.org/vuls/id/362332
Script Arguments
mount.version, nfs.version, rpc.protocol
See the documentation for the rpc library.
Example Usage
nmap -sU -p 17185 --script wdb-version <target>
Default Option Used in script:
nmap -sV -sU -p 17185 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
port_select=input("Set Default option-port-17185[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port="17185"
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap -sV -sU --script voldemort-info -p'+' '+default_port+' '+arg+' '+host_ip+' '+output,shell=True)
wdb(host_ip,desc)
elif port_select == "N" or port_select == "n":
custom_port=input("Enter your Custom port:")
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap -sV --script -sU voldemort-info -p '+' '+custom_port+' '+arg+' '+host_ip+' '+output,shell=True)
wdb(host_ip,desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def cups(host_ip,desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for CUPS printing service:
[1] cups-info
[2] cups-queue-info\n\t[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
option=input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File cups-info
Script types: portrule
Categories: safe, discovery
Download: http://nmap.org/svn/scripts/cups-info.nse
User Summary
Lists printers managed by the CUPS printing service.
Script Arguments
slaxml.debug
See the documentation for the slaxml library.
http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap -p 631 <ip> --script cups-info
Default Option Used in script:
nmap --script [script name] -p 631 [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
port_select=input("Set Default option-port-631[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port="631"
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap -sU --script cups-info -p '+' '+default_port+' '+arg+' '+host_ip+' '+output,shell=True)
cups(host_ip,desc)
elif port_select == "N" or port_select == "n":
custom_port=input("Enter your Custom port:")
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap -sU --script cups-info -p '+custom_port+' '+arg+' '+host_ip+' '+output,shell=True)
cups(host_ip,desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "2":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File cups-queue-info
Script types: portrule
Categories: safe, discovery
Download: http://nmap.org/svn/scripts/cups-queue-info.nse
User Summary
Lists currently queued print jobs of the remote CUPS service grouped by printer.
Script Arguments
slaxml.debug
See the documentation for the slaxml library.
http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap -p 631 <ip> --script cups-queue-info
Default Option Used in script:
nmap --script [script name] -p 631 [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
port_select=input("Set Default option-port-631[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port="631"
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap -sU --script cups-queue -p '+' '+default_port+' '+arg+' '+host_ip+' '+output,shell=True)
cups(host_ip,desc)
elif port_select == "N" or port_select == "n":
custom_port=input("Enter your Custom port:")
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap -sU --script cups-queue -p '+custom_port+' '+arg+' '+host_ip+' '+output,shell=True)
cups(host_ip,desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def redis(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for Redis key-value store:
\t[1] redis-brute\n\t[2] redis-info\n\t[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File redis-brute
Script types: portrule
Categories: intrusive, brute
Download: http://nmap.org/svn/scripts/redis-brute.nse
User Summary
Performs brute force passwords auditing against a Redis key-value store.
Script Arguments
brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.threads, brute.unique, brute.useraspass
See the documentation for the brute library.
creds.[service], creds.global
See the documentation for the creds library.
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.
Example Usage
nmap -p 6379 <ip> --script redis-brute
Default Option Used in script:
nmap -sV -p 6379 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-6379[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "6379"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script redis-brute -p' + default_port +
' ' + arg + ' ' + host_ip + ' ' + output,
shell=True)
redis(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script redis-brute -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
redis(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "2":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File redis-info
Script types: portrule
Categories: discovery, safe
Download: http://nmap.org/svn/scripts/redis-info.nse
User Summary
Retrieves information (such as version number and architecture) from a Redis key-value store.
Script Arguments
creds.[service], creds.global
See the documentation for the creds library.
Example Usage
nmap -p 6379 <ip> --script redis-info
Default Option Used in script:
nmap -sV -p 6379 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-6379[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "6379"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script redis-info -p' + default_port +
' ' + arg + ' ' + host_ip + ' ' + output,
shell=True)
redis(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script redis-info -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
redis(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def citrix(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for Citrix PN Web Agent XML Service:
[1] citrix-brute-xml
[2] citrix-enum-apps-xml
[3] citrix-enum-apps
[4] citrix-enum-servers-xml
[5] citrix-enum-servers
[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File citrix-brute-xml
Script types: portrule
Categories: intrusive, brute
Download: http://nmap.org/svn/scripts/citrix-brute-xml.nse
User Summary
Attempts to guess valid credentials for the Citrix PN Web Agent XML Service. The XML service authenticates
against the localWindows server or the Active Directory.
This script makes no attempt of preventing account lockout. If the password list contains more passwords than the
lockout-threshold accounts will be locked.
Script Arguments
slaxml.debug
See the documentation for the slaxml library.
http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap --script=citrix-brute-xml --script-args=userdb=<userdb>,passdb=<passdb>,ntdomain=<domain> -p 80,443,8080 <host>
Default Option Used in script:
nmap --script [script name] -p 80,443,8080 [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option port-80,443,8080[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "80,443,8080"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script citrix-brute-xml-p ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
citrix(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script citrix-brute-xml -p ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
citrix(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "2":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File citrix-enum-apps-xml
Script types: portrule
Categories: discovery, safe
Download: http://nmap.org/svn/scripts/citrix-enum-apps-xml.nse
User Summary
Extracts a list of applications, ACLs, and settings from the Citrix XML service.
The script returns more output with higher verbosity.
Script Arguments
slaxml.debug
See the documentation for the slaxml library.
http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap --script=citrix-enum-apps-xml -p 80,443,8080 <host>
Default Option Used in script:
nmap --script [script name] -p 80,443,8080 [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default port-80,443,8080[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "80,443,8080"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script citrix-enum-apps-xml -p' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
citrix(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script citrix-enum-apps-xml -p ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
citrix(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "3":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File citrix-enum-apps
Script types: portrule
Categories: discovery, safe
Download: http://nmap.org/svn/scripts/citrix-enum-apps.nse
User Summary
Extracts a list of published applications from the ICA Browser service.
Example Usage
sudo ./nmap -sU --script=citrix-enum-apps -p 1604 <host
Default Option Used in script:
nmap -sU --script [script name] -p 1604 [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default Option port-1604 [Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "1604"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sU --script citrix-enum-apps ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
citrix(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script citrix-enum-apps -p ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
citrix(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "4":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File citrix-enum-servers-xml
Script types: portrule
Categories: discovery, safe
Download: http://nmap.org/svn/scripts/citrix-enum-servers-xml.nse
User Summary
Extracts the name of the server farm and member servers from Citrix XML service.
Script Arguments
slaxml.debug
See the documentation for the slaxml library.
http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap --script=citrix-enum-servers-xml -p 80,443,8080 <host>
Default Option Used in script:
nmap --script [script name] -p 80,443,8080 [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option port-80,443,8080[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "80,443,8080"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script citrix-enum-servers-xml ' +
arg + ' ' + host_ip + ' ' + output,
shell=True)
citrix(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script citrix-enum-servers-xml -p ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
citrix(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "5":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File citrix-enum-servers
Script types: portrule
Categories: discovery, safe
Download: http://nmap.org/svn/scripts/citrix-enum-servers.nse
User Summary
Extracts a list of Citrix servers from the ICA Browser service.
Example Usage
sudo ./nmap -sU --script=citrix-enum-servers -p 1604
Default Option Used in script:
nmap --script [script name] -p 80,443,8080 [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-80,443,8080 [Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "80,443,8080"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script citrix-enum-servers ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
citrix(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script citrix-enum-servers -p ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
citrix(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def cvs(host_ip,desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for CoAP endpoints:
[1] cvs-brute-repository
[2] cvs-brute
[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
option=input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File cvs-brute-repository
Script types: portrule
Categories: intrusive, brute
Download: http://nmap.org/svn/scripts/cvs-brute-repository.nse
.
User Summary
Attempts to guess the name of the CVS repositories hosted on the remote server. With knowledge of the
correct repository name, usernames and passwords can be guessed.
Script Arguments
cvs-brute-repository.repofile
a file containing a list of repositories to guess
cvs-brute-repository.nodefault
when set the script does not attempt to guess the list of hardcoded repositories
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.
creds.[service], creds.global
See the documentation for the creds library.
brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly,
brute.retries, brute.threads, brute.unique, brute.useraspass
See the documentation for the brute library.
Example Usage
nmap -p 2401 --script cvs-brute-repository <host>
Default Option Used in script:
nmap --script [script name] -p 2401 [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
port_select=input("Set Default option-port-2401[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port="2401"
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap --script cvs-brute-repository -p '+' '+default_port+' '+arg+' '+host_ip+' '+output,shell=True)
cvs(host_ip,desc)
elif port_select == "N" or port_select == "n":
custom_port=input("Enter your Custom port:")
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap --script cvs-brute-repository -p '+custom_port+' '+arg+' '+host_ip+' '+output,shell=True)
cvs(host_ip,desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
if option == "2":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File cvs-brute
Script types: portrule
Categories: intrusive, brute
Download: http://nmap.org/svn/scripts/cvs-brute.nse
User Summary
Performs brute force password auditing against CVS pserver authentication.
Script Arguments
cvs-brute.repo
string containing the name of the repository to brute if no repo was given the script checks the registry for
any repositories discovered by the cvs-brute-repository script. If the registry contains any discovered repositories,
the script attempts to brute force the credentials for the first one.
brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.threads, brute.unique, brute.useraspass
See the documentation for the brute library.
creds.[service], creds.global
See the documentation for the creds library.
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.
Example Usage
nmap -p 2401 --script cvs-brute <host>
Default Option Used in script:
nmap --script [script name] -p 2401 [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
port_select=input("Set Default option-port-2401[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port="2401"
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap --script cvs-brute -p '+' '+default_port+' '+arg+' '+host_ip+' '+output,shell=True)
cvs(host_ip,desc)
elif port_select == "N" or port_select == "n":
custom_port=input("Enter your Custom port:")
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap --script cvs-brute -p '+custom_port+' '+arg+' '+host_ip+' '+output,shell=True)
cvs(host_ip,desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip,desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def acarsd(host_ip, desc):
import banner
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for ACARS (Aircraft Communication Addressing and Reporting System)
[1] acarsd-info
[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File acarsd-info
Script types: portrule
Categories: safe, discovery
Download: http://nmap.org/svn/scripts/acarsd-info.nse
User Summary
Retrieves information from a listening acarsd daemon.
Acarsd decodes ACARS (Aircraft Communication Addressing and Reporting System) data in real time.
The information retrieved by this script includes the daemon version, API version, administrator e-mail
address and listening frequency.
For more information about acarsd, see:
http://www.acarsd.org/
Script Arguments
acarsd-info.timeout
Set the timeout in seconds. The default value is 10.
acarsd-info.bytes
Set the number of bytes to retrieve. The default value is 512.
Example Usage
nmap --script acarsd-info --script-args "acarsd-info.timeout=10,acarsd-info.bytes=512" -p <port> <host>
Default Option Used in tool:
nmap --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default port-2202 [Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "2022"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script acarsd-info ' + default_port + ' ' +
arg + ' ' + host_ip + ' ' + output,
shell=True)
acarsd(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script acarsd-info -p ' + custom_port +
' ' + arg + ' ' + host_ip + ' ' + output,
shell=True)
acarsd(host_ip, desc)
else:
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def nessus(host_ip,desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for Nessus vulnerability scanning:
\t[1] nessus-brute\n\t[2] nessus-xmlrpc-brute\n\t[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
option=input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File nessus-brute
Script types: portrule
Categories: intrusive, brute
Download: http://nmap.org/svn/scripts/nessus-brute.nse
User Summary
Performs brute force password auditing against a Nessus vulnerability scanning daemon using the NTP 1.2 protocol.
Script Arguments
brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly,
brute.retries, brute.threads, brute.unique, brute.useraspass
See the documentation for the brute library.
creds.[service], creds.global
See the documentation for the creds library.
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.
Example Usage
nmap --script nessus-brute -p 1241 <host>
Default Option Used in script:
nmap -p 1241 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
port_select=input("Set Default option-port-1241[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port="1241"
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap --script nessus-brute -p '+' '+default_port+' '+arg+' '+host_ip+' '+output,shell=True)
nessus(host_ip,desc)
elif port_select == "N" or port_select == "n":
custom_port=input("Enter your Custom port:")
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap --script nessus-brute -p '+' '+custom_port+' '+arg+' '+host_ip+' '+output,shell=True)
nessus(host_ip,desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "2":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File nessus-xmlrpc-brute
Script types: portrule
Categories: intrusive, brute
Download: http://nmap.org/svn/scripts/nessus-xmlrpc-brute.nse
User Summary
Performs brute force password auditing against a Nessus vulnerability scanning daemon using the XMLRPC protocol.
Script Arguments
nessus-xmlrpc-brute.timeout
socket timeout for connecting to Nessus (default 5s)
nessus-xmlrpc-brute.threads
sets the number of threads.
brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly,
brute.retries, brute.threads, brute.unique, brute.useraspass
See the documentation for the brute library.
creds.[service], creds.global
See the documentation for the creds library.
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.
Example Usage
nmap -sV --script=nessus-xmlrpc-brute <target>
nmap -sV <target>
Default Option Used in script:
nmap -sV --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
port_select=input("Set Default option-no-port[Y/N]:")
if port_select == "Y" or port_select == "y":
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap -sV --script nessus-xmlrpc-brute'+' '+arg+' '+host_ip+' '+output,shell=True)
nessus(host_ip,desc)
elif port_select == "N" or port_select == "n":
custom_port=input("Enter your Custom port:")
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap --script nessus-xmlrpc-brute -p '+' '+custom_port+' '+arg+' '+host_ip+' '+output,shell=True)
nessus(host_ip,desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def multihomed(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for multihomed systems:
\t[1] duplicates \n\t[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File duplicates
Script types:
Categories: safe
Download: http://nmap.org/svn/scripts/duplicates.nse
User Summary
Attempts to discover multihomed systems by analysing and comparing information collected by other scripts.
The information analyzed currently includes, SSL certificates, SSH host keys, MAC addresses, and Netbios server names.
In order for the script to be able to analyze the data it has dependencies to the following scripts: ssl-cert,ssh-hostkey,nbtstat.
One or more of these scripts have to be run in order to allow the duplicates script to analyze the data.
Example Usage
sudo nmap -PN -p445,443 --script duplicates,nbstat,ssl-cert <ips>
Default Option Used in script:
nmap -PN -p445,443 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-445,443[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "445,443"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call(
'nmap -PN --script duplicates,nbstat,ssl-cert -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' + output,
shell=True)
multihomed(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call(
'nmap -PN --script duplicates,nbstat,ssl-cert -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' + output,
shell=True)
multihomed(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def rlogin(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for (remote login) service:
\t[1] rlogin-brute\n\t[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File rlogin-brute
Script types: portrule
Categories: brute, intrusive
Download: http://nmap.org/svn/scripts/rlogin-brute.nse
User Summary
Performs brute force password auditing against the classic UNIX rlogin (remote login) service. This script must be run in privileged mode on UNIX because it must bind to a low source port number.
Script Arguments
rlogin-brute.timeout
socket timeout for connecting to rlogin (default 10s)
brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.threads, brute.unique, brute.useraspass
See the documentation for the brute library.
creds.[service], creds.global
See the documentation for the creds library.
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.
Example Usage
nmap -p 513 --script rlogin-brute <ip>
Default Option Used in script:
nmap -sV -p 513 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-513[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "513"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script rlogin-brute -p' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
rlogin(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script rlogin-brute -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
rlogin(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def cccam(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for CCcam service
[1] cccam-version
[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File cccam-version
Script types: portrule
Categories: version
Download: http://nmap.org/svn/scripts/cccam-version.nse
User Summary
Detects the CCcam service (software for sharing subscription TV among multiple receivers).
The service normally runs on port 12000. It distinguishes itself by printing 16 random-looking bytes upon
receiving a connection.
Because the script attempts to detect "random-looking" bytes, it has a small chance of failing to detect the service when
the data do not seem random enough.
Example Usage
nmap -sV <target>
Default Option Used in script:
nmap --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-no port [Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "548"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script auth-owners -p ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
cccam(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script auth-owners -p ' + custom_port +
' ' + arg + ' ' + host_ip + ' ' + output,
shell=True)
cccam(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def eppc(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for Apple Remote Event protocol:
[1] eppc-enum-processes
[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File eppc-enum-processes
Script types: portrule
Categories: discovery, safe
Download: http://nmap.org/svn/scripts/eppc-enum-processes.nse
User Summary
Attempts to enumerate process info over the Apple Remote Event protocol. When accessing an application over
the Apple Remote Event protocol the service responds with the uid and pid of the application, if it is running,
prior to requesting authentication.
Example Usage
nmap -p 3031 <ip> --script eppc-enum-processes
Default Option Used in script:
nmap -p 3031 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-3031[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "3031"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script eppc-enum-processes -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
eppc(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script eppc-enum-processes -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
eppc(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def tor(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for Tor directory authorities:
\t[1] tor-consensus-checkern\t[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File tor-consensus-checker
Script types: hostrule
Categories: external, safe
Download: http://nmap.org/svn/scripts/tor-consensus-checker.nse
User Summary
Checks if a target is a known Tor node.
The script works by querying the Tor directory authorities. Initially, the script stores all
IPs of Tor nodes in a lookup table to reduce the number of requests and make lookups quicker.
Script Arguments
slaxml.debug
See the documentation for the slaxml library.
http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap --script=tor-consensus-checker <host>
Default Option Used in script:
nmap -sV --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-no-port[Y/N]:")
if port_select == "Y" or port_select == "y":
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script tor-consensus-checker ' + ' ' +
arg + ' ' + host_ip + ' ' + output,
shell=True)
tor(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script tor-consensus-checker -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
tor(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def omron(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for FINS packet:
\t[1] omron-info\n\t[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File omron-info
Script types: portrule
Categories: discovery, version
Download: http://nmap.org/svn/scripts/omron-info.nse
User Summary
This NSE script is used to send a FINS packet to a remote device. The script will send a Controller Data Read Command and once a response
is received, it validates that it was a proper response to the command that was sent, and then will parse out the data.
Example Usage
nmap --script omron-info -sU -p 9600 <host>
Default Option Used in script:
nmap -sV -sU -p 9600 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-9600[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "9600"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV -sU --script omron-info -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
omron(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script omron-info -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
omron(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def ntp(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for NTP server:
\t[1] ntp-info\n\t[2] ntp-monlistsssss\n\t[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ntp-info
Script types: portrule
Categories: default, discovery, safe
Download: http://nmap.org/svn/scripts/ntp-info.nse
User Summary
Gets the time and configuration variables from an NTP server. We send two requests: a time request and a "read variables" (opcode 2) control message. Without verbosity, the script shows the time and the value of the version, processor, system, refid, and stratum variables. With verbosity, all variables are shown.
See RFC 1035 and the Network Time Protocol Version 4 Reference and Implementation Guide (http://www.eecis.udel.edu/~mills/database/reports/ntp4/ntp4.pdf) for documentation of the protocol.
Example Usage
nmap -sU -p 123 --script ntp-info <target>
Default Option Used in script:
nmap -sV -sU 5666 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-123[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "123"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV -sU --script ntp-info -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
ntp(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ntp-info -p ' + ' ' + custom_port +
' ' + arg + ' ' + host_ip + ' ' + output,
shell=True)
ntp(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "2":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ntp-monlist
Script types: portrule
Categories: discovery, intrusive
Download: http://nmap.org/svn/scripts/ntp-monlist.nse
User Summary
Obtains and prints an NTP server's monitor data.
Monitor data is a list of the most recently used (MRU) having NTP associations with the target. Each record contains information about the most recent NTP packet sent by a host to the target including the source and destination addresses and the NTP version and mode of the packet. With this information it is possible to classify associated hosts as Servers, Peers, and Clients.
A Peers command is also sent to the target and the peers list in the response allows differentiation between configured Mode 1 Peers and clients which act like Peers (such as the Windows W32Time service).
Associated hosts are further classified as either public or private. Private hosts are those having IP addresses which are not routable on the public Internet and thus can help to form a picture about the topology of the private network on which the target resides.
Other information revealed by the monlist and peers commands are the host with which the target clock is synchronized and hosts which send Control Mode (6) and Private Mode (7) commands to the target and which may be used by admins for the NTP service.
It should be noted that the very nature of the NTP monitor data means that the Mode 7 commands sent by this script are recorded by the target (and will often appear in these results). Since the monitor data is a MRU list, it is probable that you can overwrite the record of the Mode 7 command by sending an innocuous looking Client Mode request. This can be achieved easily using Nmap: nmap -sU -pU:123 -Pn -n --max-retries=0 <target>
Notes:
The monitor list in response to the monlist command is limited to 600 associations.
The monitor capability may not be enabled on the target in which case you may receive an error number 4 (No Data Available).
There may be a restriction on who can perform Mode 7 commands (e.g. "restrict noquery" in ntp.conf) in which case you may not receive a reply.
This script does not handle authenticating and targets expecting auth info may respond with error number 3 (Format Error).
Example Usage
nmap -sU -pU:123 -Pn -n --script=ntp-monlist <target>
Default Option Used in script:
nmap -Pn -n -sV -pU 123 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-123[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "123"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -Pn -n -sV --script ntp-monlist -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
ntp(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ntp-monlist -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
ntp(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def ganglia(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for Ganglia Monitoring Daemon:
[1] ganglia-info
[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ganglia-info
Script types: portrule
Categories: default, discovery, safe
Download: http://nmap.org/svn/scripts/ganglia-info.nse
User Summary
Retrieves system information (OS version, available memory, etc.) from a listening Ganglia Monitoring Daemon or Ganglia Meta Daemon.
Ganglia is a scalable distributed monitoring system for high-performance computing systems such as clusters and Grids.
The information retrieved includes HDD size, available memory, OS version, architecture (and more) from each of the systems in
each of the clusters in the grid.
Script Arguments
ganglia-info.bytes
Set the number of bytes to retrieve. The default value is 1000000. This should be enough for a grid of more than 100 hosts.
About 5KB-10KB of data is returned for each host in the cluster.
ganglia-info.timeout
Set the timeout in seconds. The default value is 30.
slaxml.debug
See the documentation for the slaxml library.
Example Usage
nmap --script ganglia-info --script-args ganglia-info.timeout=60,ganglia-info.bytes=1000000 -p <port> <target>>
Default Option Used in script:
nmap -p [all-port] --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-all-port[Y/N]:")
if port_select == "Y" or port_select == "y":
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ganglia-info' + ' ' + arg + ' ' +
host_ip + ' ' + output,
shell=True)
ganglia(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ganglia-info -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
ganglia(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def nexpose(host_ip,desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for Nexpose:
\t[1] nexpose-brute\n\t[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
option=input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File nexpose-brute
Script types: portrule
Categories: intrusive, brute
Download: http://nmap.org/svn/scripts/nexpose-brute.nse
User Summary
Performs brute force password auditing against a Nexpose vulnerability scanner using the API 1.1.
As the Nexpose application enforces account lockout after 4 incorrect login attempts, the script performs only 3 guesses per default. This can be altered by supplying the brute.guesses argument a different value or 0 (zero) to guess the whole dictionary.
Script Arguments
creds.[service], creds.global
See the documentation for the creds library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.
brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.threads, brute.unique, brute.useraspass
See the documentation for the brute library.
slaxml.debug
See the documentation for the slaxml library.
http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.
Example Usage
nmap --script nexpose-brute -p 3780 <ip>>
Default Option Used in script:
nmap -sV -p 3780 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
port_select=input("Set Default option-port-3780[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port="3780"
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap -sV --script nexpose-brute -p '+' '+default_port+' '+arg+' '+host_ip+' '+output,shell=True)
nexpose(host_ip,desc)
elif port_select == "N" or port_select == "n":
custom_port=input("Enter your Custom port:")
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap --script nexpose-brute -p '+' '+custom_port+' '+arg+' '+host_ip+' '+output,shell=True)
nexpose(host_ip,desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def informix(host_ip,desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for distributed compiler daemon distcc:
[1] informix-brute
[2] informix-query
[3] informix-tables
[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
option=input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File informix-brute
Script types: portrule
Categories: intrusive, brute
Download: http://nmap.org/svn/scripts/informix-brute.nse
User Summary
Performs brute force password auditing against IBM Informix Dynamic Server.
Script Arguments
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.
informix.instance
See the documentation for the informix library.
creds.[service], creds.global
See the documentation for the creds library.
brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.threads, brute.unique, brute.useraspass
See the documentation for the brute library.
Example Usage
nmap --script informix-brute -p 9088 <host>
Default Option Used in script:
nmap -p 9088--script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
port_select=input("Set Default option-port-9088[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port="9088"
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap -sV --script informix-brute -p '+' '+default_port+' '+arg+' '+host_ip+' '+output,shell=True)
informix(host_ip,desc)
elif port_select == "N" or port_select == "n":
custom_port=input("Enter your Custom port:")
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap --script informix-brute -p '+' '+custom_port+' '+arg+' '+host_ip+' '+output,shell=True)
informix(host_ip,desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "2":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File informix-query
Script types: portrule
Categories: intrusive, auth
Download: http://nmap.org/svn/scripts/informix-query.nse
User Summary
Runs a query against IBM Informix Dynamic Server using the given authentication credentials (see also: informix-query).
Script Arguments
informix-query.query
The query to run against the server (default: returns hostname and version)
informix-query.username
The username used for authentication
informix-query.database
The name of the database to connect to (default: sysmaster)
informix-query.instance
The name of the instance to connect to
informix-query.password
The password used for authentication
informix.instance
See the documentation for the informix library.
Example Usage
nmap -p 9088 <host> --script informix-query --script-args informix-query.username=informix,informix-query.password=informixte -p 9088 <host>
Default Option Used in script:
nmap -p 9088--script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
port_select=input("Set Default option-port-9088[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port="9088"
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap --script informix-query -p '+' '+default_port+' '+arg+' '+host_ip+' '+output,shell=True)
informix(host_ip,desc)
elif port_select == "N" or port_select == "n":
custom_port=input("Enter your Custom port:")
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap --script informix-query -p '+' '+custom_port+' '+arg+' '+host_ip+' '+output,shell=True)
informix(host_ip,desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "3":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File informix-tables
Script types: portrule
Categories: intrusive, auth
Download: http://nmap.org/svn/scripts/informix-tables.nse
User Summary
Retrieves a list of tables and column definitions for each database on an Informix server.
Script Arguments
informix-tables.username
The username used for authentication
informix-tables.password
The password used for authentication
Version 0.1 Created 27/07/2010 - v0.1 - created by Patrik Karlsson <*****@*****.**>
informix.instance
See the documentation for the informix library.
Example Usage
nmap -p 9088 <host> --script informix-tables --script-args informix-tables.username=informix,informix-tables.password=informix
Default Option Used in script:
nmap -p 9088--script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m""")
port_select=input("Set Default option-port-9088[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port="9088"
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap --script informix-tables -p '+' '+default_port+' '+arg+' '+host_ip+' '+output,shell=True)
informix(host_ip,desc)
elif port_select == "N" or port_select == "n":
custom_port=input("Enter your Custom port:")
arg=input("Enter argument if you need or press just enter:")
file_name=input("Enter your file name to save:")
output="-oN"+' '+"output/"+host_ip+"-"+file_name+".txt"
subprocess.call('nmap --script informix-tables -p '+' '+custom_port+' '+arg+' '+host_ip+' '+output,shell=True)
informix(host_ip,desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def teamspeak2(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for TeamSpeak 2 voice communication server:
\t[1]teamspeak2-version\n\t[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File teamspeak2-version
Script types: portrule
Categories: version
Download: http://nmap.org/svn/scripts/teamspeak2-version.nse
User Summary
Detects the TeamSpeak 2 voice communication server and attempts to determine version and configuration information.
A single UDP packet (a login request) is sent. If the server does not have a password set, the exact version, name, and OS type will also be reported on.
Example Usage
nmap -sU -sV -p 8767 <target>
Default Option Used in script:
nmap -sV -p 8767 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-8767[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "8767"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script teamspeak2-version -p' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
teamspeak2(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script teamspeak2-version -p ' +
' ' + custom_port + ' ' + arg + ' ' + host_ip +
' ' + output,
shell=True)
teamspeak2(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def ike(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for IKE service:
[1] ike-version
[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
_
File ike-version
Script types: portrule
Categories: default, discovery, safe, version
Download: http://nmap.org/svn/scripts/ike-version.nse
User Summary
Obtains information (such as vendor and device type where available) from an IKE service by sending four packets to the host. This scripts tests with both Main and Aggressive Mode and sends multiple transforms per request.
Example Usage
nmap -sU -sV -p 500 <target>
nmap -sU -p 500 --script ike-version <target>
Default Option Used in script:
nmap -sU -sV -p 500 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-500[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "500"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sU -sV --script ike-version -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
ike(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sU -sV --script ike-version -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
ike(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def ipmi(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for IPMI RPC server:
[1] ipmi-brute
[2] ipmi-cipher-zero
[3] ipmi-version
[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ipmi-brute
Script types: portrule
Categories: intrusive, brute
Download: http://nmap.org/svn/scripts/ipmi-brute.nse
User Summary
Performs brute force password auditing against IPMI RPC server.
Script Arguments
brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.threads, brute.unique, brute.useraspass
See the documentation for the brute library.
creds.[service], creds.global
See the documentation for the creds library.
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.
Example Usage
nmap -sU --script ipmi-brute -p 623 <host>
Default Option Used in script:
nmap -p 623--script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-623[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "623"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sU --script ipmi-brute -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
ipmi(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sU --script ipmi-brute -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
ipmi(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "2":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ipmi-cipher-zero
Script types: portrule
Categories: vuln, safe
Download: http://nmap.org/svn/scripts/ipmi-cipher-zero.nse
User Summary
IPMI 2.0 Cipher Zero Authentication Bypass Scanner. This module identifies IPMI 2.0 compatible systems that are vulnerable to an authentication bypass vulnerability through the use of cipher zero.
Script Arguments
vulns.showall
See the documentation for the vulns library.
Example Usage
nmap -sU --script ipmi-cipher-zero -p 623 <host>
Default Option Used in script:
nmap -p 623 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-623[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "623"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sU --script ipmi-cipher-zero -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
ipmi(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sU --script ipmi-cipher-zero -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
ipmi(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "3":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ipmi-version
Script types: portrule
Categories: discovery, safe
Download: http://nmap.org/svn/scripts/ipmi-version.nse
User Summary
Performs IPMI Information Discovery through Channel Auth probes.
Example Usage
nmap -sU --script ipmi-version -p 623 <host>
Default Option Used in script:
nmap -sU -p 623 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-623[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "623"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sU --script ipmi-version -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
ipmi(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sU --script ipmi-version -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
ipmi(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def wsdd(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for Web Services Dynamic Discovery (WS-Discovery) protocol:
\t[1] wsdd-discover\n\t[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File wsdd-discover
Script types: portrule
Categories: safe, discovery, default
Download: http://nmap.org/svn/scripts/wsdd-discover.nse
User Summary
Retrieves and displays information from devices supporting the Web Services Dynamic Discovery (WS-Discovery) protocol.
It also attempts to locate any published Windows Communication Framework (WCF) web services (.NET 4.0 or later).
Script Arguments
max-newtargets, newtargets
See the documentation for the target library.
Example Usage
sudo ./nmap --script wsdd-discover
Default Option Used in script:
nmap -sV --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-no-port[Y/N]:")
if port_select == "Y" or port_select == "y":
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script wsdd-discover ' + ' ' + arg +
' ' + host_ip + ' ' + output,
shell=True)
wsdd(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script wsdd-discover -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
wsdd(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def vmauthd(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for vmauthd-brute:
\t[1] vmauthd-brute\n\t[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File vmauthd-brute
Script types: portrule
Categories: brute, intrusive
Download: http://nmap.org/svn/scripts/vmauthd-brute.nse
User Summary
Performs brute force password auditing against the VMWare Authentication Daemon (vmware-authd).
Script Arguments
brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.threads, brute.unique, brute.useraspass
See the documentation for the brute library.
creds.[service], creds.global
See the documentation for the creds library.
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.
Example Usage
nmap -p 902 <ip> --script vmauthd-brute
Default Option Used in script:
nmap -sV -p 902 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-902[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "902"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script vmauthd-brute -p' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
vmauthd(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script vmauthd-brute -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
vmauthd(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def mssql(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for Microsoft SQL Server (ms-sql):
[1] ms-sql-brute
[2] ms-sql-config
[3] ms-sql-dac
[4] ms-sql-dump-hashes
[5] ms-sql-hasdbaccess
[6] ms-sql-hasdbaccess
[7] ms-sql-info
[8] ms-sql-ntlm-info
[9] ms-sql-query ms-sql-tables
[10] ms-sql-tables
[11] ms-sql-xp-cmdshell
[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ms-sql-brute
Script types: hostrule, portrule
Categories: brute, intrusive
Download: http://nmap.org/svn/scripts/ms-sql-brute.nse
User Summary
Performs password guessing against Microsoft SQL Server (ms-sql).
Works best in conjunction with the broadcast-ms-sql-discover script.
SQL Server credentials required: No (will not benefit from mssql.username & mssql.password).
Script Arguments
ms-sql-brute.ignore-lockout
WARNING! Including this argument will cause the script to continue attempting to brute-forcing passwords for users even after a user has
been locked out. This may result in many SQL Server logins being locked out!
ms-sql-brute.brute-windows-accounts
Enable targeting Windows accounts as part of the brute force attack. This should be used in conjunction with the mssql library's mssql.
domain argument.
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.
mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only,
mssql.timeout, mssql.username
See the documentation for the mssql library.
randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap -p 445 --script ms-sql-brute --script-args mssql.instance-all,userdb=customuser.txt,passdb=custompass.txt <host>
nmap -p 1433 --script ms-sql-brute --script-args userdb=customuser.txt,passdb=custompass.txt <host>
Default Option Used in script:
nmap -p 445,1433 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-445,1433[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "445,1433"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-brute -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-brute -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "2":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ms-sql-config
Script types: hostrule, portrule
Categories: discovery, safe
Download: http://nmap.org/svn/scripts/ms-sql-config.nse
User Summary
Queries Microsoft SQL Server (ms-sql) instances for a list of databases, linked servers, and configuration settings.
Script Arguments
ms-sql-config.showall
If set, shows all configuration options.
mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username
See the documentation for the mssql library.
randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap -p 1433 --script ms-sql-config --script-args mssql.username=sa,mssql.password=sa <host>
Default Option Used in script:
nmap -p 1433 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-1433[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "1433"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-config -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-config -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "3":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ms-sql-dac
Script types: hostrule
Categories: discovery, safe
Download: http://nmap.org/svn/scripts/ms-sql-dac.nse
User Summary
Queries the Microsoft SQL Browser service for the DAC (Dedicated Admin Connection) port of a given (or all) SQL Server instance.
The DAC port is used to connect to the database instance when normal connection attempts fail, for example, when server is hanging,
out of memory or in other bad states. In addition, the DAC port provides an admin with access to system objects otherwise not accessible
over normal connections.
Script Arguments
mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only,
mssql.timeout, mssql.username
See the documentation for the mssql library.
randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
sudo nmap -sU -p 1434 --script ms-sql-dac <ip>
Default Option Used in script:
nmap -sU -p 1434 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-1434[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "1434"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sU --script ms-sql-dac -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sU --script ms-sql-dac -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "4":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ms-sql-dump-hashes
Script types: hostrule, portrule
Categories: auth, discovery, safe
Download: http://nmap.org/svn/scripts/ms-sql-dump-hashes.nse
User Summary
Dumps the password hashes from an MS-SQL server in a format suitable for cracking by tools such as John-the-ripper.
In order to do so the user needs to have the appropriate DB privileges.
Credentials passed as script arguments take precedence over credentials discovered by other scripts.
Script Arguments
ms-sql-dump-hashes.dir
Dump hashes to a file in this directory. File name is <ip>_<instance>_ms-sql_hashes.txt. Default: no file is saved.
mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username
See the documentation for the mssql library.
randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap -p 1433 <ip> --script ms-sql-dump-hashes
Default Option Used in script:
nmap -p 1433 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-1433[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "1433"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-dump-hashes -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-dump-hashes -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "5":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ms-sql-hasdbaccess
Script types: hostrule, portrule
Categories: auth, intrusive
Download: http://nmap.org/svn/scripts/ms-sql-hasdbaccess.nse
User Summary
Attempts to authenticate to Microsoft SQL Servers using an empty password for the sysadmin (sa) account.
SQL Server credentials required: No (will not benefit from mssql.username & mssql.password). Run criteria:
Script Arguments
mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username
See the documentation for the mssql library.
randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap -p 445 --script ms-sql-hasdbaccess --script-args mssql.instance-all <host>
nmap -p 1433 --script ms-sql-hasdbaccess <host>
Default Option Used in script:
nmap -p 445,1433 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-445,1433[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "445,1433"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-hasdbaccess -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-hasdbaccess -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "6":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ms-sql-hasdbaccess
Script types: hostrule, portrule
Categories: auth, discovery, safe
Download: http://nmap.org/svn/scripts/ms-sql-hasdbaccess.nse
User Summary
Queries Microsoft SQL Server (ms-sql) instances for a list of databases a user has access to.
SQL Server credentials required: Yes (use ms-sql-brute, ms-sql-hasdbaccess and/or mssql.username & mssql.password) Run criteria:
Host script: Will run if the mssql.instance-all, mssql.instance-name
or mssql.instance-port script arguments are used (see mssql.lua).
Port script: Will run against any services identified as SQL Servers, but only
if the mssql.instance-all, mssql.instance-name and mssql.instance-port script arguments are NOT used.
The script needs an account with the sysadmin server role to work.
When run, the script iterates over the credentials and attempts to run the command for each available set of credentials.
NOTE: The "owner" field in the results will be truncated at 20 characters. This is a limitation of the sp_MShasdbaccess stored procedure
that the script uses.
NOTE: Communication with instances via named pipes depends on the smb library. To communicate with (and possibly to discover) instances
via named pipes, the host must have at least one SMB port (e.g. TCP 445) that was scanned and found to be open. Additionally, named pipe
connections may require Windows authentication to connect to the Windows host (via SMB) in addition to the authentication required to
connect to the SQL Server instances itself. See the documentation and arguments for the smb library for more information.
NOTE: By default, the ms-sql-* scripts may attempt to connect to and communicate with ports that were not included in the port list for
the Nmap scan. This can be disabled using the mssql.scanned-ports-only script argument.
Script Arguments
ms-sql-hasdbaccess.limit
limits the amount of databases per-user that are returned (default 5). If set to zero or less all databases the user has access to are returned.
mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username
See the documentation for the mssql library.
randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap -p 1433 --script ms-sql-hasdbaccess --script-args mssql.username=sa,mssql.password=sa <host>
Default Option Used in script:
nmap -p 1433 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-1433[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "1433"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-hasdbaccess -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-hasdbaccess -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "7":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ms-sql-info
Script types: hostrule
Categories: default, discovery, safe
Download: http://nmap.org/svn/scripts/ms-sql-info.nse
User Summary
Attempts to determine configuration and version information for Microsoft SQL Server instances.
SQL Server credentials required: No (will not benefit from mssql.username & mssql.password). Run criteria:
Host script: Will always run.
Port script: N/A
NOTE: Unlike previous versions, this script will NOT attempt to log in to SQL Server instances. Blank passwords can be checked using the
ms-sql-info script. E.g.: nmap -sn --script ms-sql-info --script-args mssql.instance-all <host>
The script uses two means of getting version information for SQL Server instances:
Querying the SQL Server Browser service, which runs by default on UDP port
1434 on servers that have SQL Server 2000 or later installed. However, this service may be disabled without affecting the functionality of
the instances. Additionally, it provides imprecise version information.
Sending a probe to the instance, causing the instance to respond with
information including the exact version number. This is the same method that Nmap uses for service versioning; however, this script can also
do the same for instances accessible via Windows named pipes, and can target all of the instances listed by the SQL Server Browser service.
In the event that the script can connect to the SQL Server Browser service (UDP 1434) but is unable to connect directly to the instance to
obtain more accurate version information (because ports are blocked or the mssql.scanned-ports-only argument has been used), the script will
rely only upon the version number provided by the SQL Server Browser/Monitor, which has the following limitations:
For SQL Server 2000 and SQL Server 7.0 instances, the RTM version number is
always given, regardless of any service packs or patches installed.
For SQL Server 2005 and later, the version number will reflect the service pack installed, but the script will not be able
to tell whether patches have been installed.
Where possible, the script will determine major version numbers, service pack levels and whether patches have been installed.
However, in cases where particular determinations can not be made, the script will report only what can be confirmed.
NOTE: Communication with instances via named pipes depends on the smb library. To communicate with (and possibly to discover) instances
via named pipes, the host must have at least one SMB port (e.g. TCP 445) that was scanned and found to be open. Additionally, named pipe
connections may require Windows authentication to connect to the Windows host (via SMB) in addition to the authentication required to connect
to the SQL Server instances itself. See the documentation and arguments for the smb library for more information.
NOTE: By default, the ms-sql-* scripts may attempt to connect to and communicate with ports that were not included in the port
list for the Nmap scan. This can be disabled using the mssql.scanned-ports-only script argument.
Script Arguments
mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only,
mssql.timeout, mssql.username
See the documentation for the mssql library.
randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap -p 445 --script ms-sql-info <host>
nmap -p 1433 --script ms-sql-info --script-args mssql.instance-port=1433 <host>
Default Option Used in script:
nmap -p 445,1433 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-445,1433[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "445,1433"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-info -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-info -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "8":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ms-sql-ntlm-info
Script types: portrule
Categories: default, discovery, safe
Download: http://nmap.org/svn/scripts/ms-sql-ntlm-info.nse
User Summary
This script enumerates information from remote Microsoft SQL services with NTLM authentication enabled.
Sending a MS-TDS NTLM authentication request with an invalid domain and null credentials will cause the remote service to respond with a NTLMSSP message disclosing information to include NetBIOS, DNS, and OS build version.
Script Arguments
mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username
See the documentation for the mssql library.
randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap -p 1433 --script ms-sql-ntlm-info <target>
Default Option Used in script:
nmap -p 1433 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-1433[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "1433"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-ntlm-info -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-ntlm-info -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "9":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ms-sql-query
Script types: hostrule, portrule
Categories: discovery, safe
Download: http://nmap.org/svn/scripts/ms-sql-query.nse
User Summary
Runs a query against Microsoft SQL Server (ms-sql).
SQL Server credentials required: Yes (use ms-sql-brute, ms-sql-empty-password and/or mssql.username & mssql.password) Run criteria:
Host script: Will run if the mssql.instance-all, mssql.instance-name
or mssql.instance-port script arguments are used (see mssql.lua).
Port script: Will run against any services identified as SQL Servers, but only
if the mssql.instance-all, mssql.instance-name and mssql.instance-port script arguments are NOT used.
NOTE: Communication with instances via named pipes depends on the smb library. To communicate with (and possibly to discover) instances
via named pipes, the host must have at least one SMB port (e.g. TCP 445) that was scanned and found to be open. Additionally, named pipe
onnections may require Windows authentication to connect to the Windows host (via SMB) in addition to the authentication required to connect
to the SQL Server instances itself. See the documentation and arguments for the smb library for more information.
NOTE: By default, the ms-sql-* scripts may attempt to connect to and communicate with ports that were not included in the port list for the
Nmap scan. This can be disabled using the mssql.scanned-ports-only script argument.
Script Arguments
mssql.database
Database to connect to (default: tempdb)
ms-sql-query.query
The query to run against the server. (default: SELECT @@version version)
mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only,
mssql.timeout, mssql.username
See the documentation for the mssql library.
randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap -p 1433 --script ms-sql-query --script-args mssql.username=sa,mssql.password=sa,ms-sql-query.query="SELECT * FROM master..syslogins" <host>
Default Option Used in script:
nmap -p 1433 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-1433[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "1433"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-query -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-query -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "10":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ms-sql-tables
Script types: hostrule, portrule
Categories: discovery, safe
Download: http://nmap.org/svn/scripts/ms-sql-tables.nse
User Summary
Queries Microsoft SQL Server (ms-sql) for a list of tables per database.
SQL Server credentials required: Yes (use ms-sql-brute, ms-sql-empty-password and/or mssql.username & mssql.password) Run criteria:
Host script: Will run if the mssql.instance-all, mssql.instance-name
or mssql.instance-port script arguments are used (see mssql.lua).
Port script: Will run against any services identified as SQL Servers, but only
if the mssql.instance-all, mssql.instance-name and mssql.instance-port script arguments are NOT used.
The sysdatabase table should be accessible by more or less everyone.
Once we have a list of databases we iterate over it and attempt to extract table names. In order for this to succeed we need to
have either sysadmin privileges or an account with access to the db. So, each database we successfully enumerate tables from we mark as finished, then iterate over known user accounts until either we have exhausted the users or found all tables in all the databases.
System databases are excluded.
NOTE: Communication with instances via named pipes depends on the smb library. To communicate with (and possibly to discover) instances
via named pipes, the host must have at least one SMB port (e.g. TCP 445) that was scanned and found to be open. Additionally, named pipe
connections may require Windows authentication to connect to the Windows host (via SMB) in addition to the authentication required to connect
to the SQL Server instances itself. See the documentation and arguments for the smb library for more information.
NOTE: By default, the ms-sql-* scripts may attempt to connect to and communicate with ports that were not included in the port list for
the Nmap scan. This can be disabled using the mssql.scanned-ports-only script argument.
Script Arguments
ms-sql-tables.keywords
If set shows only tables or columns matching the keywords
ms-sql-tables.maxdb
Limits the amount of databases that are processed and returned (default 5). If set to zero or less all databases are processed.
ms-sql-tables.maxtables
Limits the amount of tables returned (default 5). If set to zero or less all tables are returned.
mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only,
mssql.timeout, mssql.username
See the documentation for the mssql library.
randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap -p 1433 --script ms-sql-tables --script-args mssql.username=sa,mssql.password=sa <host>
Default Option Used in script:
nmap -p 1433 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-1433[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "1433"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-tables -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-tables -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "11":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File ms-sql-xp-cmdshell
Script types: hostrule, portrule
Categories: intrusive
Download: http://nmap.org/svn/scripts/ms-sql-xp-cmdshell.nse
User Summary
Attempts to run a command using the command shell of Microsoft SQL Server (ms-sql).
SQL Server credentials required: Yes (use ms-sql-brute, ms-sql-empty-password and/or mssql.username & mssql.password) Run criteria:
Host script: Will run if the mssql.instance-all, mssql.instance-name
or mssql.instance-port script arguments are used (see mssql.lua).
Port script: Will run against any services identified as SQL Servers, but only
if the mssql.instance-all, mssql.instance-name and mssql.instance-port script arguments are NOT used.
The script needs an account with the sysadmin server role to work.
When run, the script iterates over the credentials and attempts to run the command until either all credentials are exhausted or
until the command is executed.
NOTE: Communication with instances via named pipes depends on the smb library. To communicate with (and possibly to discover) instances
via named pipes, the host must have at least one SMB port (e.g. TCP 445) that was scanned and found to be open. Additionally, named pipe
connections may require Windows authentication to connect to the Windows host (via SMB) in addition to the authentication required to
connect to the SQL Server instances itself. See the documentation and arguments for the smb library for more information.
NOTE: By default, the ms-sql-* scripts may attempt to connect to and communicate with ports that were not included in the port list
for the Nmap scan. This can be disabled using the mssql.scanned-ports-only script argument.
Script Arguments
ms-sql-xp-cmdshell.cmd
The OS command to run (default: ipconfig /all).
mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only,
mssql.timeout, mssql.username
See the documentation for the mssql library.
randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap -p 445 --script ms-sql-discover,ms-sql-empty-password,ms-sql-xp-cmdshell <host>
nmap -p 1433 --script ms-sql-xp-cmdshell --script-args mssql.username=sa,mssql.password=sa,ms-sql-xp-cmdshell.cmd="net user test test /add" <host>
Default Option Used in script:
nmap -p 445,1433 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-445,1433[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "445,1433"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-xp-cmdshell -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script ms-sql-xp-cmdshell -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
mssql(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def bjnp(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for identd (auth) server
[1] bjnp-discover
[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File bjnp-discover
Script types: portrule
Categories: safe, discovery
Download: http://nmap.org/svn/scripts/bjnp-discover.nse
User Summary
Retrieves printer or scanner information from a remote device supporting the BJNP protocol.
The protocol is known to be supported by network based Canon devices.
Example:
sudo nmap -sU -p 8611,8612 --script bjnp-discover <ip>
Default Option Used in tool:
nmap --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default port-8611,8612 [Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "8611,8612"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sU -p --script bjnp-discover-p ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
bjnp(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script bjnp-discover -p ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
bjnp(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def bacnet(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for BACNet Devices
\t[1] bacnet-info \n\t[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File bacnet-info
Script types: portrule
Categories: discovery, version
Download: http://nmap.org/svn/scripts/bacnet-info.nse
User Summary
Discovers and enumerates BACNet Devices collects device information based off standard requests.
In some cases, devices may not strictly follow the specifications, or may comply with older versions of the specifications,
and will result in a BACNET error response. Presence of this error positively identifies the device as a BACNet device,
but no enumeration is possible.
Note: Requests and responses are via UDP 47808, ensure scanner will receive UDP 47808 source and destination responses.
http://digitalbond.com
Example Usage
nmap --script bacnet-info -sU -p 47808 <host>\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default port-47808[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "47808"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script bacnet-info -p ' + default_port +
' ' + arg + ' ' + host_ip + ' ' + output,
shell=True)
bacnet(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap --script bacnet-info -p ' + custom_port +
' ' + arg + ' ' + host_ip + ' ' + output,
shell=True)
bacnet(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
def icap(host_ip, desc):
import sys
import os
import subprocess
from ANSE import exit_msg
desc = desc
host_ip = host_ip
os.system('clear')
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
+Choose your NSE script for ICAP service:
[1] icap-info
[0] back\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
option = input("Enter your NSE script no:")
os.system('clear')
if option == "1":
print("""\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m\033[94m
File icap-info
Script types: portrule
Categories: safe, discovery
Download: http://nmap.org/svn/scripts/icap-info.nse
User Summary
Tests a list of known ICAP service names and prints information about any it detects. The Internet Content Adaptation Protocol (ICAP) is used to extend transparent proxy servers and is generally used for content filtering and antivirus scanning.
Example Usage
nmap -p 1344 <ip> --script icap-info
Default Option Used in script:
nmap -sV -p 1344 --script [script name] [arg] [host_ip] -oN [file_name]\033[0m\033[37m
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m"""
)
port_select = input("Set Default option-port-1344[Y/N]:")
if port_select == "Y" or port_select == "y":
default_port = "1344"
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script icap-info -p ' + ' ' +
default_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
icap(host_ip, desc)
elif port_select == "N" or port_select == "n":
custom_port = input("Enter your Custom port:")
arg = input("Enter argument if you need or press just enter:")
file_name = input("Enter your file name to save:")
output = "-oN" + ' ' + "output/" + host_ip + "-" + file_name + ".txt"
subprocess.call('nmap -sV --script icap-info -p ' + ' ' +
custom_port + ' ' + arg + ' ' + host_ip + ' ' +
output,
shell=True)
icap(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)
elif option == "0":
from ANSE import service_scan
service_scan(host_ip, desc)
else:
os.system('clear')
print(desc)
sys.exit(exit_msg)