Skip to content

Files

92 lines (61 loc) · 1.5 KB

nmap.md

File metadata and controls

92 lines (61 loc) · 1.5 KB

Scanning for vulnerabilities with nmap

  • Enumerate directories on a web server
nmap --script http-enum
  • Try to exploit file uploads by changing the content type, embedding payload in the meta-data
nmap --script http-fileupload-exploiter
  • Attempt a pasword brute-forcing against an http form-based authentication
nmap --script http-form-brute
  • Try zone transfer against a DNS server
nmap --script dns-zone-transfer
  • Enumerate DNS hostnames by brute-force guessing of common subdomains
nmap --script dns-brute
  • Enumerate usernames using the finger service
nmap --script finger
  • Check for FTP anonymous login
nmap --script ftp anon
  • Launch a brute-force attack against FTP servers
nmap --script ftp-brute
  • Check if server allows port scanning using FTP bounce method
nmap --script ftp-bounce
  • Check for the presence of vsFTPD 2.3.4 backdoor (CVE-2011-2523)
nmap --script ftp-vsftpd-backdoor
  • Spider the web to find HTTP and/or form based authentication requiring pages
nmap --script http-auth-finder
  • Test the server for Cross-Origin-Resource-Sharing
nmap --script http-cors
  • Test the server for CSRF vulnerabilities
nmap --script http-csrf
  • Test for default credentials used by multiple web applications
nmap --script http-default-accounts
  • Test for DOM-based XSS vulnerabilities
nmap --script http-dombased-xss