1, install terminator: ---------------------- $ --sudo add-apt-repository ppa:gnome-terminator $ sudo apt-get install terminator $ sudo apt-get remove terminator 2, Nikto Package Description: ---------------------- $ nikto Nikto គឺជាម៉ាស៊ីនស្កេនម៉ាស៊ីនមេវេបសាយបើកទូលាយ (GPL) ដែលធ្វើការតេស្តដ៏ទូលំទូលាយប្រឆាំងនឹងម៉ាស៊ីនមេវែបសម្រាប់ធាតុជាច្រើនរួមទាំងឯកសារ / កម្មវិធីដែលមានគ្រោះថ្នាក់ដល់ទៅជាង ៦៧០០ ។ 3, proxychins: ---------------------- $ proxychains firefox duckduckgo.com ProxyChains គឺជាកម្មវិធីរបស់យូនីកដែលភ្ជាប់មុខងារបណ្តាញដែលទាក់ទងនឹងបណ្តាញនៅក្នុងកម្មវិធីដែលបានភ្ជាប់តាមឌីណាមិចតាមរយៈឌី។ អេស។ ឌីដែលបានផ្ទុកជាមុនហើយបញ្ជូនបន្តការតភ្ជាប់តាមរយៈប្រូកស៊ី SOCKS4a / 5 ឬ HTTP ។ 4, ---------------------- $ msfconsole The msfconsole is probably the most popular interface to the Metasploit Framework (MSF). It provides an “all-in-one” centralized console and allows you efficient access to virtually all of the options available in the MSF. MSFconsole may seem intimidating at first, but once you learn the syntax of the commands you will learn to appreciate the power of utilizing this interface. root@kali:~# msfconsole -h Usage: msfconsole [options] Common options -E, --environment ENVIRONMENT The Rails environment. Will use RAIL_ENV environment variable if that is set. Defaults to production if neither option not RAILS_ENV environment variable is set. Database options -M, --migration-path DIRECTORY Specify a directory containing additional DB migrations -n, --no-database Disable database support -y, --yaml PATH Specify a YAML file containing database settings Framework options -c FILE Load the specified configuration file -v, --version Show version Module options --defer-module-loads Defer module loading unless explicitly asked. -m, --module-path DIRECTORY An additional module path Console options: -a, --ask Ask before exiting Metasploit or accept 'exit -y' -H, --history-file FILE Save command history to the specified file -L, --real-readline Use the system Readline library instead of RbReadline -o, --output FILE Output to the specified file -p, --plugin PLUGIN Load a plugin on startup -q, --quiet Do not print the banner on startup -r, --resource FILE Execute the specified resource file (- for stdin) -x, --execute-command COMMAND Execute the specified string as console commands (use ; for multiples) -h, --help Show this message 5, Install Nmap: --------------------------- $ sudo apt-get install nmap 1. Nmap Command to Scan for Open Ports ---------------------------------------- a, nmap subdomain.server.com​ b, nmap 192.168.0.1 c, nmap -F + " ip " -F = flag will list ports on the nmap-services files. Because the -F “Fast Scan” flag does not scan as many ports, it isn’t as thorough. nmap -F 192.168.56.1 Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-16 14:24 EDT Nmap scan report for 192.168.56.1 Host is up (0.00085s latency). Not shown: 95 filtered ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 1433/tcp open ms-sql-s 5357/tcp open wsdapi Nmap done: 1 IP address (1 host up) scanned in 1.66 seconds 2. Scan Multiple Hosts ---------------------------------------- a, nmap 192.168.0.1 192.168.0.2 192.168.0.3 (nmap + ip1 + ip2 + ip3) Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-16 14:29 EDT Nmap scan report for 192.168.0.1 Host is up (0.041s latency). All 1000 scanned ports on 192.168.0.1 are filtered Nmap scan report for 192.168.0.2 Host is up (0.016s latency). All 1000 scanned ports on 192.168.0.2 are filtered Nmap scan report for 192.168.0.3 Host is up (0.0018s latency). All 1000 scanned ports on 192.168.0.3 are filtered Nmap done: 3 IP addresses (3 hosts up) scanned in 32.19 seconds b, nmap 192.168.0.* Add multiple domains or multiple IP addresses in a row to scan multiple hosts at the same time. Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-16 14:33 EDT Failed to resolve "nmap". Stats: 0:01:13 elapsed; 0 hosts completed (0 up), 256 undergoing Ping Scan Parallel DNS resolution of 256 hosts. Timing: About 46.88% done; ETC: 14:35 (0:00:01 remaining) Stats: 0:01:15 elapsed; 0 hosts completed (0 up), 256 undergoing Ping Scan Parallel DNS resolution of 256 hosts. Timing: About 94.14% done; ETC: 14:35 (0:00:00 remaining) c, nmap 192.168.0.1,2,3 Use the * wildcard to scan an entire subnet at once. Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-16 14:36 EDT Nmap scan report for 192.168.0.1 Host is up (0.0014s latency). All 100 scanned ports on 192.168.0.1 are filtered Nmap scan report for 192.168.0.2 Host is up (0.0014s latency). All 100 scanned ports on 192.168.0.2 are filtered Nmap scan report for 192.168.0.3 Host is up (0.0014s latency). All 100 scanned ports on 192.168.0.3 are filtered Nmap done: 3 IP addresses (3 hosts up) scanned in 2.20 seconds d, nmap 192.168.0.1-4 Separate different address endings with commas rather than typing out the entire IP address. Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-16 14:36 EDT Nmap scan report for 192.168.0.1 Host is up (0.00046s latency). All 100 scanned ports on 192.168.0.1 are filtered Nmap scan report for 192.168.0.2 Host is up (0.00092s latency). All 100 scanned ports on 192.168.0.2 are filtered Nmap scan report for 192.168.0.3 Host is up (0.00092s latency). All 100 scanned ports on 192.168.0.3 are filtered Nmap scan report for 192.168.0.4 Host is up (0.00049s latency). All 100 scanned ports on 192.168.0.4 are filtered Nmap done: 4 IP addresses (4 hosts up) scanned in 2.47 seconds -------- My Script KALI, [17.09.20 16:41] 3. Excluding Hosts from Search: ------------------------------- + When scanning a network, you may want to select an entire group (such as a whole subnet) while excluding a single host. $ nmap 192.168.0.* --exclude 192.168.0.2 + You can exclude certain hosts from your search using the –exclude flag. $ nmap 192.168.0.* --excludefile /file.txt 4. Scan to Find out OS Information ------------------------------- + In addition to general information, Nmap can also provide operating system detection, - script scanning - traceroute and - version detection. $ nmap -A 192.168.0.1 + Using the -O flag on your Nmap command will reveal further operating system information of the mapped hosts. The -O flag enables OS detection. Additional tags include –osscan-limit and -osscan-guess. $ nmap -O 192.168.0.1 5. Scan to Detect Firewall Settings: ------------------------------- + Detecting firewall settings can be useful during penetration testing and vulnerability scans. $ nmap -sA 192.168.0.1 6. Find Information About Service Versions: ------------------------------- + At times, you may need to detect service and version information from open ports. This is useful for troubleshooting, scanning for vulnerabilities, or locating services that need to be updated. $ nmap -sV 192.168.0.1 7. Scan for Ports: ------------------------------- + Port scanning is one of the basic utilities that Nmap offers and consequently, there are a few ways that this command can be customized. $ nmap -p 443 192.168.0.1 + With the “-p” flag followed by a port, you can scan for information regarding a specific port on a host. $ nmap -p T:8888,443 192.168.0.1 + By adding a type of port before the port itself, you can scan for information regarding a specific type of connection. $ nmap -p 80,443 192.168.0.1 + You can scan for multiple ports with the -p flag by separating them with a comma. nmap -p 80-443 192.168.0.1 8. Complete a Scan in Stealth Mode: ------------------------------- + If it is necessary to complete a stealthy scan, use the Nmap command: $ nmap -sS 192.168.0.1 ------------------------------- ------------------------------- ------------------------------- ------------------------------- 1, Nmap Cheat Sheet ------------------------------- Nmap Target Selection Scan a single IP nmap 192.168.1.1 Scan a host nmap www.tkcustomcomputer.com Scan a range of IPs nmap 192.168.1.1-20 Scan a subnet nmap 192.168.1.0/24 Scan targets from a text file nmap -iL list-of-ips.txt These are all default scans, which will scan 1000 TCP ports. Host discovery will take place. 2, Nmap Port Selection ------------------------------- Scan a single Port nmap -p 22 192.168.1.1 Scan a range of ports nmap -p 1-100 192.168.1.1 Scan 100 most common ports (Fast) nmap -F 192.168.1.1 Scan all 65535 ports nmap -p- 192.168.1.1 3, Nmap Port Scan types ------------------------------- Scan using TCP connect nmap -sT 192.168.1.1 Scan using TCP SYN scan (default) nmap -sS 192.168.1.1 Scan UDP ports nmap -sU -p 123,161,162 192.168.1.1 Scan selected ports - ignore discovery nmap -Pn -F 192.168.1.1 4, Service and OS Detection ------------------------------- Detect OS and Services nmap -A 192.168.1.1 Standard service detection nmap -sV 192.168.1.1 More aggressive Service Detection nmap -sV --version-intensity 5 192.168.1.1 Lighter banner grabbing detection nmap -sV --version-intensity 0 192.168.1.1 5, Nmap Output Formats ------------------------------- Save default output to file nmap -oN outputfile.txt 192.168.1.1 Save results as XML nmap -oX outputfile.xml 192.168.1.1 Save results in a format for grep nmap -oG outputfile.txt 192.168.1.1 Save in all formats nmap -oA outputfile 192.168.1.1 My Script KALI, [17.09.20 16:41] 6, Digging deeper with NSE Scripts ------------------------------- Scan using default safe scripts nmap -sV -sC 192.168.1.1 Get help for a script nmap --script-help=ssl-heartbleed Scan using a specific NSE script nmap -sV -p 443 –script=ssl-heartbleed.nse 192.168.1.1 Scan with a set of scripts nmap -sV --script=smb* 192.168.1.1 7, A scan to search for DDOS reflection UDP services ------------------------------- Scan for UDP DDOS reflectors nmap –sU –A –PN –n –pU:19,53,123,161 –script=ntp-monlist,dns-recursion,snmp-sysdescr 192.168.1.0/24 8, HTTP Service Information ------------------------------- Gather page titles from HTTP services nmap --script=http-title 192.168.1.0/24 Get HTTP headers of web services nmap --script=http-headers 192.168.1.0/24 Find web apps from known paths nmap --script=http-enum 192.168.1.0/24 -------- -------- -------- -------- -------- -------- -------- -------- acarsd-info.nse hostmap-crtsh.nse ip-geolocation-geoplugin.nse rsa-vuln-roca.nse address-info.nse hostmap-robtex.nse ip-geolocation-ipinfodb.nse rsync-brute.nse afp-brute.nse http-adobe-coldfusion-apsa1301.nse ip-geolocation-map-bing.nse rsync-list-modules.nse afp-ls.nse http-affiliate-id.nse ip-geolocation-map-google.nse rtsp-methods.nse afp-path-vuln.nse http-apache-negotiation.nse ip-geolocation-map-kml.nse rtsp-url-brute.nse afp-serverinfo.nse http-apache-server-status.nse ip-geolocation-maxmind.nse rusers.nse afp-showmount.nse http-aspnet-debug.nse ip-https-discover.nse s7-info.nse ajp-auth.nse http-auth-finder.nse ipidseq.nse samba-vuln-cve-2012-1182.nse ajp-brute.nse http-auth.nse ipmi-brute.nse script.db ajp-headers.nse http-avaya-ipoffice-users.nse ipmi-cipher-zero.nse servicetags.nse ajp-methods.nse http-awstatstotals-exec.nse ipmi-version.nse shodan-api.nse ajp-request.nse http-axis2-dir-traversal.nse ipv6-multicast-mld-list.nse sip-brute.nse allseeingeye-info.nse http-backup-finder.nse ipv6-node-info.nse sip-call-spoof.nse amqp-info.nse http-barracuda-dir-traversal.nse ipv6-ra-flood.nse sip-enum-users.nse asn-query.nse http-bigip-cookie.nse irc-botnet-channels.nse sip-methods.nse auth-owners.nse http-brute.nse irc-brute.nse skypev2-version.nse auth-spoof.nse http-cakephp-version.nse irc-info.nse smb2-capabilities.nse backorifice-brute.nse http-chrono.nse irc-sasl-brute.nse smb2-security-mode.nse backorifice-info.nse http-cisco-anyconnect.nse irc-unrealircd-backdoor.nse smb2-time.nse bacnet-info.nse http-coldfusion-subzero.nse iscsi-brute.nse smb2-vuln-uptime.nse banner.nse http-comments-displayer.nse iscsi-info.nse smb-brute.nse bitcoin-getaddr.nse http-config-backup.nse isns-info.nse smb-double-pulsar-backdoor.nse bitcoin-info.nse http-cookie-flags.nse jdwp-exec.nse smb-enum-domains.nse bitcoinrpc-info.nse http-cors.nse jdwp-info.nse smb-enum-groups.nse bittorrent-discovery.nse http-cross-domain-policy.nse jdwp-inject.nse smb-enum-processes.nse bjnp-discover.nse http-csrf.nse jdwp-version.nse smb-enum-services.nse broadcast-ataoe-discover.nse http-date.nse knx-gateway-discover.nse smb-enum-sessions.nse broadcast-avahi-dos.nse http-default-accounts.nse knx-gateway-info.nse smb-enum-shares.nse broadcast-bjnp-discover.nse http-devframework.nse krb5-enum-users.nse smb-enum-users.nse broadcast-db2-discover.nse http-dlink-backdoor.nse ldap-brute.nse smb-flood.nse broadcast-dhcp6-discover.nse http-dombased-xss.nse ldap-novell-getpass.nse smb-ls.nse broadcast-dhcp-discover.nse http-domino-enum-passwords.nse ldap-rootdse.nse smb-mbenum.nse broadcast-dns-service-discovery.nse http-drupal-enum.nse ldap-search.nse smb-os-discovery.nse broadcast-dropbox-listener.nse http-drupal-enum-users.nse lexmark-config.nse smb-print-text.nse broadcast-eigrp-discovery.nse http-enum.nse llmnr-resolve.nse smb-protocols.nse broadcast-hid-discoveryd.nse http-errors.nse lltd-discovery.nse smb-psexec.nse broadcast-igmp-discovery.nse http-exif-spider.nse lu-enum.nse smb-security-mode.nse broadcast-jenkins-discover.nse http-favicon.nse maxdb-info.nse smb-server-stats.nse broadcast-listener.nse http-feed.nse mcafee-epo-agent.nse smb-system-info.nse broadcast-ms-sql-discover.nse http-fetch.nse membase-brute.nse smb-vuln-conficker.nse broadcast-netbios-master-browser.nse http-fileupload-exploiter.nse membase-http-info.nse smb-vuln-cve2009-3103.nse broadcast-networker-discover.nse http-form-brute.nse memcached-info.nse smb-vuln-cve-2017-7494.nse broadcast-novell-locate.nse http-form-fuzzer.nse metasploit-info.nse smb-vuln-ms06-025.nse broadcast-ospf2-discover.nse http-frontpage-login.nse metasploit-msgrpc-brute.nse smb-vuln-ms07-029.nse broadcast-pc-anywhere.nse http-generator.nse metasploit-xmlrpc-brute.nse smb-vuln-ms08-067.nse broadcast-pc-duo.nse http-git.nse mikrotik-routeros-brute.nse smb-vuln-ms10-054.nse broadcast-pim-discovery.nse http-gitweb-projects-enum.nse mmouse-brute.nse smb-vuln-ms10-061.nse broadcast-ping.nse http-google-malware.nse mmouse-exec.nse smb-vuln-ms17-010.nse broadcast-pppoe-discover.nse http-grep.nse modbus-discover.nse smb-vuln-regsvc-dos.nse broadcast-rip-discover.nse http-headers.nse mongodb-brute.nse smb-vuln-webexec.nse broadcast-ripng-discover.nse http-hp-ilo-info.nse mongodb-databases.nse smb-webexec-exploit.nse broadcast-sonicwall-discover.nse http-huawei-hg5xx-vuln.nse mongodb-info.nse smtp-brute.nse broadcast-sybase-asa-discover.nse http-icloud-findmyiphone.nse mqtt-subscribe.nse smtp-commands.nse broadcast-tellstick-discover.nse http-icloud-sendmsg.nse mrinfo.nse smtp-enum-users.nse broadcast-upnp-info.nse http-iis-short-name-brute.nse msrpc-enum.nse smtp-ntlm-info.nse broadcast-versant-locate.nse http-iis-webdav-vuln.nse ms-sql-brute.nse smtp-open-relay.nse broadcast-wake-on-lan.nse http-internal-ip-disclosure.nse ms-sql-config.nse smtp-strangeport.nse broadcast-wpad-discover.nse http-joomla-brute.nse ms-sql-dac.nse smtp-vuln-cve2010-4344.nse broadcast-wsdd-discover.nse http-jsonp-detection.nse ms-sql-dump-hashes.nse smtp-vuln-cve2011-1720.nse broadcast-xdmcp-discover.nse http-litespeed-sourcecode-download.nse ms-sql-empty-password.nse smtp-vuln-cve2011-1764.nse cassandra-brute.nse http-ls.nse ms-sql-hasdbaccess.nse sniffer-detect.nse cassandra-info.nse http-majordomo2-dir-traversal.nse ms-sql-info.nse snmp-brute.nse cccam-version.nse http-malware-host.nse ms-sql-ntlm-info.nse snmp-hh3c-logins.nse cics-enum.nse http-mcmp.nse ms-sql-query.nse snmp-info.nse cics-info.nse http-methods.nse ms-sql-tables.nse snmp-interfaces.nse cics-user-brute.nse http-method-tamper.nse ms-sql-xp-cmdshell.nse snmp-ios-config.nse cics-user-enum.nse http-mobileversion-checker.nse mtrace.nse snmp-netstat.nse citrix-brute-xml.nse http-ntlm-info.nse murmur-version.nse snmp-processes.nse citrix-enum-apps.nse http-open-proxy.nse mysql-audit.nse snmp-sysdescr.nse citrix-enum-apps-xml.nse http-open-redirect.nse mysql-brute.nse snmp-win32-services.nse citrix-enum-servers.nse http-passwd.nse mysql-databases.nse snmp-win32-shares.nse citrix-enum-servers-xml.nse http-phpmyadmin-dir-traversal.nse mysql-dump-hashes.nse snmp-win32-software.nse clamav-exec.nse http-phpself-xss.nse mysql-empty-password.nse snmp-win32-users.nse clock-skew.nse http-php-version.nse mysql-enum.nse socks-auth-info.nse coap-resources.nse http-proxy-brute.nse mysql-info.nse socks-brute.nse couchdb-databases.nse http-put.nse mysql-query.nse socks-open-proxy.nse couchdb-stats.nse http-qnap-nas-info.nse mysql-users.nse ssh2-enum-algos.nse creds-summary.nse http-referer-checker.nse mysql-variables.nse ssh-auth-methods.nse cups-info.nse http-rfi-spider.nse mysql-vuln-cve2012-2122.nse ssh-brute.nse cups-queue-info.nse http-robots.txt.nse nat-pmp-info.nse ssh-hostkey.nse cvs-brute.nse http-robtex-reverse-ip.nse nat-pmp-mapport.nse ssh-publickey-acceptance.nse cvs-brute-repository.nse http-robtex-shared-ns.nse nbd-info.nse ssh-run.nse daap-get-library.nse http-sap-netweaver-****.nse nbstat.nse sshv1.nse daytime.nse http-security-headers.nse ncp-enum-users.nse ssl-ccs-injection.nse db2-das-info.nse http-server-header.nse ncp-serverinfo.nse ssl-cert-intaddr.nse deluge-rpc-brute.nse http-shellshock.nse ndmp-fs-info.nse ssl-cert.nse dhcp-discover.nse http-sitemap-generator.nse ndmp-version.nse ssl-date.nse dict-info.nse http-slowloris-check.nse nessus-brute.nse ssl-dh-params.nse distcc-cve2004-2687.nse http-slowloris.nse nessus-xmlrpc-brute.nse ssl-enum-ciphers.nse dns-blacklist.nse http-sql-injection.nse netbus-auth-bypass.nse ssl-heartbleed.nse dns-brute.nse https-redirect.nse netbus-brute.nse ssl-known-key.nse dns-cache-snoop.nse http-stored-xss.nse netbus-info.nse ssl-poodle.nse dns-check-zone.nse http-svn-enum.nse netbus-version.nse sslv2-drown.nse dns-client-subnet-scan.nse http-svn-info.nse nexpose-brute.nse sslv2.nse dns-fuzz.nse http-title.nse nfs-ls.nse sstp-discover.nse dns-ip6-arpa-scan.nse http-tplink-dir-traversal.nse nfs-showmount.nse stun-info.nse dns-nsec3-enum.nse http-trace.nse nfs-statfs.nse stun-version.nse dns-nsec-enum.nse http-traceroute.nse nje-node-brute.nse stuxnet-detect.nse dns-nsid.nse http-trane-info.nse nje-pass-brute.nse supermicro-ipmi-conf.nse dns-random-srcport.nse http-unsafe-output-escaping.nse nntp-ntlm-info.nse svn-brute.nse dns-random-txid.nse http-useragent-tester.nse nping-brute.nse targets-asn.nse dns-recursion.nse http-userdir-enum.nse nrpe-enum.nse targets-ipv6-map4to6.nse dns-service-discovery.nse http-vhosts.nse ntp-info.nse targets-ipv6-multicast-echo.nse dns-srv-enum.nse http-virustotal.nse ntp-monlist.nse targets-ipv6-multicast-invalid-dst.nse dns-update.nse http-vlcstreamer-ls.nse omp2-brute.nse targets-ipv6-multicast-mld.nse dns-zeustracker.nse http-vmware-path-vuln.nse omp2-enum-targets.nse targets-ipv6-multicast-slaac.nse dns-zone-transfer.nse http-vuln-cve2006-3392.nse omron-info.nse targets-ipv6-wordlist.nse docker-version.nse http-vuln-cve2009-3960.nse openlookup-info.nse targets-sniffer.nse domcon-brute.nse http-vuln-cve2010-0738.nse openvas-otp-brute.nse targets-traceroute.nse domcon-cmd.nse http-vuln-cve2010-2861.nse openwebnet-discovery.nse targets-xml.nse domino-enum-users.nse http-vuln-cve2011-3192.nse oracle-brute.nse teamspeak2-version.nse dpap-brute.nse http-vuln-cve2011-3368.nse oracle-brute-stealth.nse telnet-brute.nse drda-brute.nse http-vuln-cve2012-1823.nse oracle-enum-users.nse telnet-encryption.nse drda-info.nse http-vuln-cve2013-0156.nse oracle-sid-brute.nse telnet-ntlm-info.nse duplicates.nse http-vuln-cve2013-6786.nse oracle-tns-version.nse tftp-enum.nse eap-info.nse http-vuln-cve2013-7091.nse ovs-agent-version.nse tls-alpn.nse enip-info.nse http-vuln-cve2014-2126.nse p2p-conficker.nse tls-nextprotoneg.nse epmd-info.nse http-vuln-cve2014-2127.nse path-mtu.nse tls-ticketbleed.nse eppc-enum-processes.nse http-vuln-cve2014-2128.nse pcanywhere-brute.nse tn3270-screen.nse fcrdns.nse http-vuln-cve2014-2129.nse pcworx-info.nse tor-consensus-checker.nse finger.nse http-vuln-cve2014-3704.nse pgsql-brute.nse traceroute-geolocation.nse fingerprint-strings.nse http-vuln-cve2014-8877.nse pjl-ready-message.nse tso-brute.nse firewalk.nse http-vuln-cve2015-1427.nse pop3-brute.nse tso-enum.nse firewall-bypass.nse http-vuln-cve2015-1635.nse pop3-capabilities.nse ubiquiti-discovery.nse flume-master-info.nse http-vuln-cve2017-1001000.nse pop3-ntlm-info.nse unittest.nse fox-info.nse http-vuln-cve2017-5638.nse pptp-version.nse unusual-port.nse freelancer-info.nse http-vuln-cve2017-5689.nse puppet-naivesigning.nse upnp-info.nse ftp-anon.nse http-vuln-cve2017-8917.nse qconn-exec.nse url-snarf.nse ftp-bounce.nse http-vuln-misfortune-cookie.nse qscan.nse ventrilo-info.nse ftp-brute.nse http-vuln-wnr1000-creds.nse quake1-info.nse versant-info.nse ftp-libopie.nse http-waf-detect.nse quake3-info.nse vmauthd-brute.nse ftp-proftpd-backdoor.nse http-waf-fingerprint.nse quake3-master-getservers.nse vmware-version.nse ftp-syst.nse http-webdav-scan.nse rdp-enum-encryption.nse vnc-brute.nse ftp-vsftpd-backdoor.nse http-wordpress-brute.nse rdp-ntlm-info.nse vnc-info.nse ftp-vuln-cve2010-4221.nse http-wordpress-enum.nse rdp-vuln-ms12-020.nse vnc-title.nse ganglia-info.nse http-wordpress-users.nse realvnc-auth-bypass.nse voldemort-info.nse giop-info.nse http-xssed.nse redis-brute.nse vtam-enum.nse gkrellm-info.nse iax2-brute.nse redis-info.nse vulners.nse gopher-ls.nse iax2-version.nse resolveall.nse vuze-dht-info.nse gpsd-info.nse icap-info.nse reverse-index.nse wdb-version.nse hadoop-datanode-info.nse iec-identify.nse rexec-brute.nse weblogic-t3-info.nse hadoop-jobtracker-info.nse ike-version.nse rfc868-time.nse whois-domain.nse hadoop-namenode-info.nse imap-brute.nse riak-http-info.nse whois-ip.nse hadoop-secondary-namenode-info.nse imap-capabilities.nse rlogin-brute.nse wsdd-discover.nse hadoop-tasktracker-info.nse imap-ntlm-info.nse rmi-dumpregistry.nse x11-access.nse hbase-master-info.nse impress-remote-discover.nse rmi-vuln-classloader.nse xdmcp-discover.nse hbase-region-info.nse informix-brute.nse rpcap-brute.nse xmlrpc-methods.nse hddtemp-info.nse informix-query.nse rpcap-info.nse xmpp-brute.nse hnap-info.nse informix-tables.nse rpc-grind.nse xmpp-info.nse hostmap-bfk.nse ip-forwarding.nse rpcinfo.nse