nse
nse copied to clipboard
aerissecure
Nmap NSE scripts
One decent option would be to embed the images in the nmap xml output, but output an HTML file that could parse that xml and display the images. I dont'...
Nessus has this plugin (https://www.tenable.com/plugins/index.php?view=single&id=34324) that doesn't always fire. It would be nice to have a plugin for nmap to double check. FTP has a few different modes. There is...
The basic process for evading cloud WAFs is: 1. Determine if the host is behind a cloud WAF (Cloudflare (server: cloudflare), Incapsula (x-cdn: Incapsula), Securi, Fastly, AWS WAF/V2, etc.). Usually...
`smb-os-discovery`: similar to nessus `samba_unsupported.nasl` / `smb_nativelanman.nasl` Samba version string is contained in the lanmanager variable: https://github.com/nmap/nmap/blob/0855eb4c0c38b6e9a455a005faad7bf197315362/nselib/smb.lua#L1219 Also available in result param in start_session. This should be available in lanmanager...
ssh-hostkey uses the fetch_host_key This function includes a kexchange that we could probably reuse to get the prime size https://github.com/nmap/nmap/blob/a7638f57c88cb1b5da949147729fca76a0f332c5/nselib/ssh2.lua#L224-L249 We should be able to grab the modulus/prime size from...
In order to validate this issue, you have to retrive all intermediate certificates as well. Unfortunately, the Nmap [sslcert library](https://nmap.org/nsedoc/lib/sslcert.html) only supports retrieving the final cert. Here is my bash...
ntp-info detects this. If ntp-info is successful and output table contains more than "receive time stamp" (i.e. contains additional fields such as version, peer, system, etc.), mode 6 was used.
This doesn't seem to be done anywhere. Since grpc isn't really a web protocol (though it runs over http2), this seems like a good fit for nmap. I'm not sure...