API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 23rd, 2018
651
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.41 KB | None | 0 0
raw download clone embed print report
  1. nmap -p- -sV -A --script=smb-enum-sessions.nse ip
  2. nmap -p 23 --script telnet-brute --script-args userdb=myusers.lst,passdb=mypwds.lst,telnet-brute.timeout=8s
  3. nmap -p 8009 <ip> --script ajp-auth
  4. nmap -p 2050 <host> --script domcon-cmd --script-args domcon-cmd.cmd="show server
  5. nmap --script domino-enum-users -p 1352
  6. nmap -sV -sC
  7. nmap --script http-auth [--script-args http-auth.path=/login] -p80
  8. nmap --script http-barracuda-dir-traversal --script-args http-max-cache-size=5000000 -p <port> <host>
  9. nmap --script=http-config-backup <target>
  10. nmap -p80 --script http-default-accounts host/ip
  11. nmap --script http-domino-enum-passwords -p 80 <host> --script-args http-domino-enum-passwords.username='patrik karlsson',http-domino-enum-passwords.password=secret
  12. nmap -sV --script http-method-tamper
  13. nmap -p80 --script http-method-tamper --script-args 'http-method-tamper.paths={/protected/db.php,/protected/index.php}' <target>
  14. nmap -sV --script=http-userdir-enum
  15. nmap -p 16992 --script http-vuln-cve2017-5689 <target>
  16. nmap -p80 --script http-wordpress-users
  17. nmap -sV --script http-wordpress-users --script-args limit=50 <target>
  18. nmap -p 9088 <host> --script informix-query --script-args informix-query.username=informix,informix-query.password=informix
  19. nmap -p 9088 <host> --script informix-tables --script-args informix-tables.username=informix,informix-tables.password=informix
  20. nmap -p 88 --script krb5-enum-users --script-args krb5-enum-users.realm='test'
  21. nmap -p 1433 <ip> --script ms-sql-dump-hashes
  22. nmap -p 445 --script ms-sql-empty-password --script-args mssql.instance-all <host>
  23. nmap -p 1433 --script ms-sql-empty-password <host>
  24. nmap -p 1433 --script ms-sql-hasdbaccess --script-args mssql.username=sa,mssql.password=sa <host>
  25. nmap -p 3306 <ip> --script mysql-dump-hashes --script-args='username=root,password=secret'
  26. nmap -sV --script=mysql-empty-password <target>
  27. nmap -p 3306 <ip> --script mysql-query --script-args='query="<query>"[,username=<username>,password=<password>]
  28. nmap -sV --script=mysql-users <target>
  29. nmap -sV --script=ncp-enum-users <target>
  30. nmap -p 12345 --script netbus-auth-bypass <target>
  31. nmap --script oracle-enum-users --script-args oracle-enum-users.sid=ORCL,userdb=orausers.txt -p 1521-1560 <host>
  32. nmap -sV --script=realvnc-auth-bypass <target>
  33. nmap --script=sip-enum-users -sU -p 5060 <targets>
  34. nmap --script=sip-enum-users -sU -p 5060 <targets> --script-args
  35. 'sip-enum-users.padding=4, sip-enum-users.minext=1000,
  36. sip-enum-users.maxext=9999'
  37. ##################################################################################################
  38. nmap --script smb-enum-users.nse -p445 <host>
  39. nmap --script smtp-enum-users.nse [--script-args smtp-enum-users.methods={EXPN,...},...] -p 25,465,587 <host>
  40. nmap -sU -p 161 --script=snmp-win32-users <target>
  41. nmap -p 22 --script ssh-auth-methods --script-args="ssh.user=<username>" <target>
  42. nmap -p 22 --script ssh-publickey-acceptance --script-args "ssh.usernames={'root', 'user'}, ssh.privatekeys={'./id_rsa1', './id_rsa2'}" <target>
  43.  
  44. nmap -p 22 --script ssh-publickey-acceptance --script-args 'ssh.usernames={"root", "user"}, publickeys={"./id_rsa1.pub", "./id_rsa2.pub"}' <target>
  45.  
  46. nmap -sV -sC <target>
  47. ##################################################################################################
  48. nmap --script broadcast-ataoe-discover -e <interface>
  49. nmap --script=broadcast-avahi-dos
  50. nmap --script broadcast-bjnp-discover
  51. nmap --script db2-discover
  52. sudo nmap --script broadcast-dhcp-discover
  53. nmap -6 --script broadcast-dhcp6-discover
  54. nmap --script=broadcast-dns-service-discovery
  55. nmap --script=broadcast-dropbox-listener
  56. nmap --script=broadcast-dropbox-listener --script-args=newtargets -Pn
  57. nmap --script=broadcast-eigrp-discovery <targets>
  58. nmap --script=broadcast-eigrp-discovery <targets> -e wlan0
  59. nmap --script broadcast-igmp-discovery
  60. nmap --script broadcast-igmp-discovery -e wlan0
  61. nmap --script broadcast-igmp-discovery --script-args 'broadcast-igmp-discovery.version=all, broadcast-igmp-discovery.timeout=3'
  62. nmap --script broadcast-listener
  63. nmap --script broadcast-listener -e eth0
  64. nmap --script broadcast-ms-sql-discover
  65. nmap --script broadcast-ms-sql-discover,ms-sql-info --script-args=newtargets
  66. nmap --script=broadcast-netbios-master-browser
  67. nmap --script broadcast-networker-discover
  68. nmap -sV --script=broadcast-novell-locate <target>
  69. nmap --script=broadcast-ospf2-discover
  70. nmap --script=broadcast-ospf2-discover -e wlan0
  71. nmap --script broadcast-pc-anywhere
  72. nmap --script broadcast-pc-duo
  73. nmap --script broadcast-pim-discovery
  74. nmap --script broadcast-pim-discovery -e eth1 --script-args 'broadcast-pim-discovery.timeout=10'
  75. nmap -e <interface> [--ttl <ttl>] [--data-length <payload_length>]
  76. --script broadcast-ping [--script-args [broadcast-ping.timeout=<ms>],[num-probes=<n>]]
  77.  
  78. nmap --script broadcast-pppoe-discover
  79. nmap --script broadcast-rip-discover
  80. nmap --script broadcast-ripng-discover
  81. nmap -e eth0 --script broadcast-sonicwall-discover
  82. nmap --script broadcast-sybase-asa-discover
  83. nmap --script broadcast-tellstick-discover
  84. nmap -sV --script=broadcast-upnp-info <target>
  85. nmap --script broadcast-versant-locate
  86. nmap --script broadcast-wake-on-lan --script-args broadcast-wake-on-lan.MAC='00:12:34:56:78:9A'
  87. nmap --script broadcast-wpad-discover
  88. sudo ./nmap --script broadcast-wsdd-discover
  89. nmap --script broadcast-xdmcp-discover
  90. nmap -e interface --script eap-info [--script-args="eap-info.identity=0-user,eap-info.scan={13,50}"] <target>
  91. nmap --script=ipv6-multicast-mld-list
  92. nmap --script knx-gateway-discover -e eth0
  93. nmap --script llmnr-resolve --script-args 'llmnr-resolve.hostname=examplename' -e wlan0
  94. nmap -e <interface> --script lltd-discovery
  95. nmap --script mrinfo
  96. nmap --script mrinfo -e eth1
  97. nmap --script mrinfo --script-args 'mrinfo.target=172.16.0.4'
  98. nmap --script mtrace --script-args 'mtrace.fromip=172.16.45.4'
  99. ./nmap -6 --script=targets-ipv6-multicast-echo.nse --script-args 'newtargets,interface=eth0' -sL
  100. ./nmap -6 --script=targets-ipv6-multicast-invalid-dst.nse --script-args 'newtargets,interface=eth0' -sP
  101. nmap -6 --script=targets-ipv6-multicast-mld.nse --script-args 'newtargets,interface=eth0'
  102. nmap -6 --script targets-ipv6-multicast-slaac --script-args 'newtargets,interface=eth0' -sP
  103. nmap -sL --script=targets-sniffer --script-args=newtargets,targets-sniffer.timeout=5s,targets-sniffer.iface=eth0
  104. ############################################################################################################################
  105. nmap -p 548 --script afp-brute <host>
  106. nmap -p 8009 <ip> --script ajp-brute
  107. nmap -sU --script backorifice-brute <host> --script-args backorifice-brute.ports=<ports>
  108. nmap -p 9160 <ip> --script=cassandra-brute
  109. nmap --script=cics-enum -p 23 <targets>
  110. nmap --script=cics-enum --script-args=idlist=default_cics.txt,
  111. cics-enum.command="exit;logon applid(cics42)",
  112. cics-enum.path="/home/dade/screenshots/",cics-enum.noSSL=true -p 23 <targets>
  113. nmap --script=cics-user-brute -p 23 <targets>
  114. nmap --script=cics-user-brute --script-args userdb=users.txt,
  115. cics-user-brute.commands="exit;logon applid(cics42)" -p 23 <targets>
  116. nmap --script=cics-user-enum -p 23 <targets>
  117. nmap --script=cics-user-enum --script-args userdb=users.txt,
  118. cics-user-enum.commands="exit;logon applid(cics42)" -p 23 <targets>
  119. nmap --script=citrix-brute-xml --script-args=userdb=<userdb>,passdb=<passdb>,ntdomain=<domain> -p 80,443,8080 <host>
  120. nmap -p 2401 --script cvs-brute <host>
  121. nmap -p 2401 --script cvs-brute-repository <host>
  122. nmap --script deluge-rpc-brute -p 58846 <host>
  123. nmap --script domcon-brute -p 2050 <host>
  124. nmap --script dpap-brute -p 8770 <host>
  125. nmap -p 50000 --script drda-brute <target>
  126. nmap --script ftp-brute -p 21 <host>
  127. nmap --script http-brute -p 80 <host>
  128. nmap --script http-form-brute -p 80 <host>
  129. nmap -p80 --script http-iis-short-name-brute <target>
  130. nmap -sV --script http-joomla-brute
  131. --script-args 'userdb=users.txt,passdb=passwds.txt,http-joomla-brute.hostname=domain.com,
  132. http-joomla-brute.threads=3,brute.firstonly=true' <target>
  133. nmap -sV --script http-joomla-brute <target>
  134. nmap --script http-proxy-brute -p 8080 <host>
  135. nmap -sV --script http-wordpress-brute <target>
  136. nmap -sV --script http-wordpress-brute
  137. --script-args 'userdb=users.txt,passdb=passwds.txt,http-wordpress-brute.hostname=domain.com,
  138. http-wordpress-brute.threads=3,brute.firstonly=true' <target>
  139. nmap -sU -p 4569 <ip> --script iax2-brute
  140. nmap -p 143,993 --script imap-brute <host>
  141. nmap -p 1599 --script impress-remote-discover <host>
  142. nmap --script informix-brute -p 9088 <host>
  143. nmap -sU --script ipmi-brute -p 623 <host>
  144. nmap --script irc-brute -p 6667 <ip>
  145. nmap --script irc-sasl-brute -p 6667 <ip>
  146. nmap -sV --script=iscsi-brute <target>
  147. nmap -p 389 --script ldap-brute --script-args ldap.base='"cn=users,dc=cqure,dc=net"' <host>
  148. nmap -p 11211 --script membase-brute
  149. nmap --script metasploit-msgrpc-brute -p 55553 <host>
  150. nmap --script metasploit-xmlrpc-brute -p 55553 <host>
  151. nmap -p8728 --script mikrotik-routeros-brute <target>
  152. nmap --script mmouse-brute -p 51010 <host>
  153. nmap -p 27017 <ip> --script mongodb-brute
  154. nmap -p 445 --script ms-sql-brute --script-args mssql.instance-all,userdb=customuser.txt,passdb=custompass.txt <host>
  155. nmap -p 1433 --script ms-sql-brute --script-args userdb=customuser.txt,passdb=custompass.txt <host>
  156. nmap --script=mysql-brute <target>
  157. nmap --script=mysql-enum <target>
  158. nmap --script nessus-brute -p 1241 <host>
  159. nmap -sV --script=nessus-xmlrpc-brute <target>
  160. nmap -p 12345 --script netbus-brute <target>
  161. nmap --script nexpose-brute -p 3780 <ip>
  162. nmap -sV --script=nje-node-brute <target>
  163. nmap --script=nje-node-brute --script-args=hostlist=nje_names.txt -p 175 <target>
  164. nmap -sV --script=nje-pass-brute --script-args=ohost='POTATO',rhost='CACTUS' <target>
  165. nmap --script=nje-pass-brute --script-args=ohost='POTATO',rhost='CACTUS',sleep=5 -p 175 <target>
  166. nmap -p 9929 --script nping-brute <target>
  167. nmap -p 9390 --script omp2-brute <target>
  168. nmap -sV --script=openvas-otp-brute <target>
  169. nmap --script oracle-brute -p 1521 --script-args oracle-brute.sid=ORCL <host>
  170. nmap --script oracle-brute-stealth -p 1521 --script-args oracle-brute-stealth.sid=ORCL <host>
  171. nmap --script=oracle-sid-brute --script-args=oraclesids=/path/to/sidfile -p 1521-1560 <host>
  172. nmap --script=oracle-sid-brute -p 1521-1560 <host>
  173. nmap --script=pcanywhere-brute <target>
  174. nmap -p 5432 --script pgsql-brute <host>
  175. nmap -sV --script=pop3-brute <target>
  176. nmap -p 6379 <ip> --script redis-brute
  177. nmap -p 512 --script rexec-brute <ip>
  178. nmap -p 513 --script rlogin-brute <ip>
  179. nmap -p 2002 <ip> --script rpcap-brute
  180. nmap -p 873 --script rsync-brute --script-args 'rsync-brute.module=www' <ip>
  181. nmap --script rtsp-url-brute -p 554 <ip>
  182. nmap -sU -p 5060 <target> --script=sip-brute
  183. nmap --script smb-brute.nse -p445 <host>
  184. nmap -p 25 --script smtp-brute <host>
  185. nmap -sU --script snmp-brute <target> [--script-args snmp-brute.communitiesdb=<wordlist> ]
  186. nmap --script socks-brute -p 1080 <host>
  187. nmap -p 22 --script ssh-brute --script-args userdb=users.lst,passdb=pass.lst \
  188. --script-args ssh-brute.timeout=4s <target>
  189. nmap --script svn-brute --script-args svn-brute.repo=/svn/ -p 3690 <host>
  190. nmap --script=tso-enum -p 23 <targets>
  191. nmap -sV -p 9923 10.32.70.10 --script tso-enum --script-args userdb=tso_users.txt,tso-enum.commands="logon applid(tso)"
  192. nmap -p 902 <ip> --script vmauthd-brute
  193. nmap --script vnc-brute -p 5900 <host>
  194. nmap -p 5222 --script xmpp-brute <host>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!