Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- nmap -p- -sV -A --script=smb-enum-sessions.nse ip
- nmap -p 23 --script telnet-brute --script-args userdb=myusers.lst,passdb=mypwds.lst,telnet-brute.timeout=8s
- nmap -p 8009 <ip> --script ajp-auth
- nmap -p 2050 <host> --script domcon-cmd --script-args domcon-cmd.cmd="show server
- nmap --script domino-enum-users -p 1352
- nmap -sV -sC
- nmap --script http-auth [--script-args http-auth.path=/login] -p80
- nmap --script http-barracuda-dir-traversal --script-args http-max-cache-size=5000000 -p <port> <host>
- nmap --script=http-config-backup <target>
- nmap -p80 --script http-default-accounts host/ip
- nmap --script http-domino-enum-passwords -p 80 <host> --script-args http-domino-enum-passwords.username='patrik karlsson',http-domino-enum-passwords.password=secret
- nmap -sV --script http-method-tamper
- nmap -p80 --script http-method-tamper --script-args 'http-method-tamper.paths={/protected/db.php,/protected/index.php}' <target>
- nmap -sV --script=http-userdir-enum
- nmap -p 16992 --script http-vuln-cve2017-5689 <target>
- nmap -p80 --script http-wordpress-users
- nmap -sV --script http-wordpress-users --script-args limit=50 <target>
- nmap -p 9088 <host> --script informix-query --script-args informix-query.username=informix,informix-query.password=informix
- nmap -p 9088 <host> --script informix-tables --script-args informix-tables.username=informix,informix-tables.password=informix
- nmap -p 88 --script krb5-enum-users --script-args krb5-enum-users.realm='test'
- nmap -p 1433 <ip> --script ms-sql-dump-hashes
- nmap -p 445 --script ms-sql-empty-password --script-args mssql.instance-all <host>
- nmap -p 1433 --script ms-sql-empty-password <host>
- nmap -p 1433 --script ms-sql-hasdbaccess --script-args mssql.username=sa,mssql.password=sa <host>
- nmap -p 3306 <ip> --script mysql-dump-hashes --script-args='username=root,password=secret'
- nmap -sV --script=mysql-empty-password <target>
- nmap -p 3306 <ip> --script mysql-query --script-args='query="<query>"[,username=<username>,password=<password>]
- nmap -sV --script=mysql-users <target>
- nmap -sV --script=ncp-enum-users <target>
- nmap -p 12345 --script netbus-auth-bypass <target>
- nmap --script oracle-enum-users --script-args oracle-enum-users.sid=ORCL,userdb=orausers.txt -p 1521-1560 <host>
- nmap -sV --script=realvnc-auth-bypass <target>
- nmap --script=sip-enum-users -sU -p 5060 <targets>
- nmap --script=sip-enum-users -sU -p 5060 <targets> --script-args
- 'sip-enum-users.padding=4, sip-enum-users.minext=1000,
- sip-enum-users.maxext=9999'
- ##################################################################################################
- nmap --script smb-enum-users.nse -p445 <host>
- nmap --script smtp-enum-users.nse [--script-args smtp-enum-users.methods={EXPN,...},...] -p 25,465,587 <host>
- nmap -sU -p 161 --script=snmp-win32-users <target>
- nmap -p 22 --script ssh-auth-methods --script-args="ssh.user=<username>" <target>
- nmap -p 22 --script ssh-publickey-acceptance --script-args "ssh.usernames={'root', 'user'}, ssh.privatekeys={'./id_rsa1', './id_rsa2'}" <target>
- nmap -p 22 --script ssh-publickey-acceptance --script-args 'ssh.usernames={"root", "user"}, publickeys={"./id_rsa1.pub", "./id_rsa2.pub"}' <target>
- nmap -sV -sC <target>
- ##################################################################################################
- nmap --script broadcast-ataoe-discover -e <interface>
- nmap --script=broadcast-avahi-dos
- nmap --script broadcast-bjnp-discover
- nmap --script db2-discover
- sudo nmap --script broadcast-dhcp-discover
- nmap -6 --script broadcast-dhcp6-discover
- nmap --script=broadcast-dns-service-discovery
- nmap --script=broadcast-dropbox-listener
- nmap --script=broadcast-dropbox-listener --script-args=newtargets -Pn
- nmap --script=broadcast-eigrp-discovery <targets>
- nmap --script=broadcast-eigrp-discovery <targets> -e wlan0
- nmap --script broadcast-igmp-discovery
- nmap --script broadcast-igmp-discovery -e wlan0
- nmap --script broadcast-igmp-discovery --script-args 'broadcast-igmp-discovery.version=all, broadcast-igmp-discovery.timeout=3'
- nmap --script broadcast-listener
- nmap --script broadcast-listener -e eth0
- nmap --script broadcast-ms-sql-discover
- nmap --script broadcast-ms-sql-discover,ms-sql-info --script-args=newtargets
- nmap --script=broadcast-netbios-master-browser
- nmap --script broadcast-networker-discover
- nmap -sV --script=broadcast-novell-locate <target>
- nmap --script=broadcast-ospf2-discover
- nmap --script=broadcast-ospf2-discover -e wlan0
- nmap --script broadcast-pc-anywhere
- nmap --script broadcast-pc-duo
- nmap --script broadcast-pim-discovery
- nmap --script broadcast-pim-discovery -e eth1 --script-args 'broadcast-pim-discovery.timeout=10'
- nmap -e <interface> [--ttl <ttl>] [--data-length <payload_length>]
- --script broadcast-ping [--script-args [broadcast-ping.timeout=<ms>],[num-probes=<n>]]
- nmap --script broadcast-pppoe-discover
- nmap --script broadcast-rip-discover
- nmap --script broadcast-ripng-discover
- nmap -e eth0 --script broadcast-sonicwall-discover
- nmap --script broadcast-sybase-asa-discover
- nmap --script broadcast-tellstick-discover
- nmap -sV --script=broadcast-upnp-info <target>
- nmap --script broadcast-versant-locate
- nmap --script broadcast-wake-on-lan --script-args broadcast-wake-on-lan.MAC='00:12:34:56:78:9A'
- nmap --script broadcast-wpad-discover
- sudo ./nmap --script broadcast-wsdd-discover
- nmap --script broadcast-xdmcp-discover
- nmap -e interface --script eap-info [--script-args="eap-info.identity=0-user,eap-info.scan={13,50}"] <target>
- nmap --script=ipv6-multicast-mld-list
- nmap --script knx-gateway-discover -e eth0
- nmap --script llmnr-resolve --script-args 'llmnr-resolve.hostname=examplename' -e wlan0
- nmap -e <interface> --script lltd-discovery
- nmap --script mrinfo
- nmap --script mrinfo -e eth1
- nmap --script mrinfo --script-args 'mrinfo.target=172.16.0.4'
- nmap --script mtrace --script-args 'mtrace.fromip=172.16.45.4'
- ./nmap -6 --script=targets-ipv6-multicast-echo.nse --script-args 'newtargets,interface=eth0' -sL
- ./nmap -6 --script=targets-ipv6-multicast-invalid-dst.nse --script-args 'newtargets,interface=eth0' -sP
- nmap -6 --script=targets-ipv6-multicast-mld.nse --script-args 'newtargets,interface=eth0'
- nmap -6 --script targets-ipv6-multicast-slaac --script-args 'newtargets,interface=eth0' -sP
- nmap -sL --script=targets-sniffer --script-args=newtargets,targets-sniffer.timeout=5s,targets-sniffer.iface=eth0
- ############################################################################################################################
- nmap -p 548 --script afp-brute <host>
- nmap -p 8009 <ip> --script ajp-brute
- nmap -sU --script backorifice-brute <host> --script-args backorifice-brute.ports=<ports>
- nmap -p 9160 <ip> --script=cassandra-brute
- nmap --script=cics-enum -p 23 <targets>
- nmap --script=cics-enum --script-args=idlist=default_cics.txt,
- cics-enum.command="exit;logon applid(cics42)",
- cics-enum.path="/home/dade/screenshots/",cics-enum.noSSL=true -p 23 <targets>
- nmap --script=cics-user-brute -p 23 <targets>
- nmap --script=cics-user-brute --script-args userdb=users.txt,
- cics-user-brute.commands="exit;logon applid(cics42)" -p 23 <targets>
- nmap --script=cics-user-enum -p 23 <targets>
- nmap --script=cics-user-enum --script-args userdb=users.txt,
- cics-user-enum.commands="exit;logon applid(cics42)" -p 23 <targets>
- nmap --script=citrix-brute-xml --script-args=userdb=<userdb>,passdb=<passdb>,ntdomain=<domain> -p 80,443,8080 <host>
- nmap -p 2401 --script cvs-brute <host>
- nmap -p 2401 --script cvs-brute-repository <host>
- nmap --script deluge-rpc-brute -p 58846 <host>
- nmap --script domcon-brute -p 2050 <host>
- nmap --script dpap-brute -p 8770 <host>
- nmap -p 50000 --script drda-brute <target>
- nmap --script ftp-brute -p 21 <host>
- nmap --script http-brute -p 80 <host>
- nmap --script http-form-brute -p 80 <host>
- nmap -p80 --script http-iis-short-name-brute <target>
- nmap -sV --script http-joomla-brute
- --script-args 'userdb=users.txt,passdb=passwds.txt,http-joomla-brute.hostname=domain.com,
- http-joomla-brute.threads=3,brute.firstonly=true' <target>
- nmap -sV --script http-joomla-brute <target>
- nmap --script http-proxy-brute -p 8080 <host>
- nmap -sV --script http-wordpress-brute <target>
- nmap -sV --script http-wordpress-brute
- --script-args 'userdb=users.txt,passdb=passwds.txt,http-wordpress-brute.hostname=domain.com,
- http-wordpress-brute.threads=3,brute.firstonly=true' <target>
- nmap -sU -p 4569 <ip> --script iax2-brute
- nmap -p 143,993 --script imap-brute <host>
- nmap -p 1599 --script impress-remote-discover <host>
- nmap --script informix-brute -p 9088 <host>
- nmap -sU --script ipmi-brute -p 623 <host>
- nmap --script irc-brute -p 6667 <ip>
- nmap --script irc-sasl-brute -p 6667 <ip>
- nmap -sV --script=iscsi-brute <target>
- nmap -p 389 --script ldap-brute --script-args ldap.base='"cn=users,dc=cqure,dc=net"' <host>
- nmap -p 11211 --script membase-brute
- nmap --script metasploit-msgrpc-brute -p 55553 <host>
- nmap --script metasploit-xmlrpc-brute -p 55553 <host>
- nmap -p8728 --script mikrotik-routeros-brute <target>
- nmap --script mmouse-brute -p 51010 <host>
- nmap -p 27017 <ip> --script mongodb-brute
- nmap -p 445 --script ms-sql-brute --script-args mssql.instance-all,userdb=customuser.txt,passdb=custompass.txt <host>
- nmap -p 1433 --script ms-sql-brute --script-args userdb=customuser.txt,passdb=custompass.txt <host>
- nmap --script=mysql-brute <target>
- nmap --script=mysql-enum <target>
- nmap --script nessus-brute -p 1241 <host>
- nmap -sV --script=nessus-xmlrpc-brute <target>
- nmap -p 12345 --script netbus-brute <target>
- nmap --script nexpose-brute -p 3780 <ip>
- nmap -sV --script=nje-node-brute <target>
- nmap --script=nje-node-brute --script-args=hostlist=nje_names.txt -p 175 <target>
- nmap -sV --script=nje-pass-brute --script-args=ohost='POTATO',rhost='CACTUS' <target>
- nmap --script=nje-pass-brute --script-args=ohost='POTATO',rhost='CACTUS',sleep=5 -p 175 <target>
- nmap -p 9929 --script nping-brute <target>
- nmap -p 9390 --script omp2-brute <target>
- nmap -sV --script=openvas-otp-brute <target>
- nmap --script oracle-brute -p 1521 --script-args oracle-brute.sid=ORCL <host>
- nmap --script oracle-brute-stealth -p 1521 --script-args oracle-brute-stealth.sid=ORCL <host>
- nmap --script=oracle-sid-brute --script-args=oraclesids=/path/to/sidfile -p 1521-1560 <host>
- nmap --script=oracle-sid-brute -p 1521-1560 <host>
- nmap --script=pcanywhere-brute <target>
- nmap -p 5432 --script pgsql-brute <host>
- nmap -sV --script=pop3-brute <target>
- nmap -p 6379 <ip> --script redis-brute
- nmap -p 512 --script rexec-brute <ip>
- nmap -p 513 --script rlogin-brute <ip>
- nmap -p 2002 <ip> --script rpcap-brute
- nmap -p 873 --script rsync-brute --script-args 'rsync-brute.module=www' <ip>
- nmap --script rtsp-url-brute -p 554 <ip>
- nmap -sU -p 5060 <target> --script=sip-brute
- nmap --script smb-brute.nse -p445 <host>
- nmap -p 25 --script smtp-brute <host>
- nmap -sU --script snmp-brute <target> [--script-args snmp-brute.communitiesdb=<wordlist> ]
- nmap --script socks-brute -p 1080 <host>
- nmap -p 22 --script ssh-brute --script-args userdb=users.lst,passdb=pass.lst \
- --script-args ssh-brute.timeout=4s <target>
- nmap --script svn-brute --script-args svn-brute.repo=/svn/ -p 3690 <host>
- nmap --script=tso-enum -p 23 <targets>
- nmap -sV -p 9923 10.32.70.10 --script tso-enum --script-args userdb=tso_users.txt,tso-enum.commands="logon applid(tso)"
- nmap -p 902 <ip> --script vmauthd-brute
- nmap --script vnc-brute -p 5900 <host>
- nmap -p 5222 --script xmpp-brute <host>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement