NMAP Scripts for Finding Vulnerabilities - Part 1

DNS Server Recursive Query Cache Poisoning Weakness

nmap -sU -p 53 --script dns-cache-snoop.nse --script-args dns-cache-snoop.mode=nonrecursive IP

DNS Server Spoofed Request Amplification DDoS

nmap -sU -p 53 --script=dns-recursion

Internet Key Exchange (IKE) Aggressive Mode with Pre-Shared Key

If you have not done OSCP certification,What are you doing?Avail Below OSCP prep course with 90% Discount (Only in $10/ RS 760) & start preparing yourselves enhancing yours skills to next level


nmap -sU -p 500 --script ike-version IP

SSL 64-bit Block Size Cipher Suites Supported (SWEET32)

nmap -sV --script ssl-enum-ciphers -p 443 IP

SMB Signing Disabled

nmap --script smb-security-mode.nse IP

SSH Weak Algorithms Supported

nmap --script ssh2-enum-algos IP

Network Time Protocol Daemon (ntpd) monlist Command Enabled DoS

nmap -sU -pU:123 -Pn -n --script=ntp-monlist IP

Terminal Services Doesn't Use Network Level Authentication (NLA) Only

nmap -p 3389 --script rdp-enum-encryption IP

Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness

nmap -sV --script=rdp-ms12-020 -p 3389

Samba Badlock Vulnerability

nmap --script=samba-vuln-cve-2012-1182 -p 139 -sV IP

OpenSSL 0.9.8 ,CIPHERS & TLS/SSL Protocol check

nmap -sV -p -Pn 443 --script ssl-enum-cipher IP

More is Yet to Come..Stay Tuned.