From SecWiki

The purpose of this page is to collect all the interesting NSE scripts that for different reasons were not included in the official Nmap repository. Common reasons for not including scripts with Nmap are:

The script has dependencies that we can't include with Nmap for portability, license, or size reasons

License incompatability between Nmap and the script itself (acceptable licenses for included scripts)

Script not yet fully debugged or has some other technical problem preventing inclusion

Script function is too obscure or too far from Nmap's core functionality to warrant inclusion with Nmap

Script is still under consideration for inclusion. It may need more techincal review, or we may want to see how many people find it useful.

Scripts

(Please add new scripts to the top of this section)

ip-geolocation-ip2location.nse

This IP2Location Nmap script provides a fast lookup of country, region, city, latitude, longitude, ZIP code, time zone, ISP, domain name, connection type, IDD code, area code, weather station code, station name, mcc, mnc, mobile brand, elevation, and usage type from IP address by using IP2Location database with IP2Location Lua Package.

sql-slammer-infect.nse

This script attempts to infect a discovered MS SQL instances with the SQL Slammer worm. If vulnerable, the target machine will then attempt to propagate to other IP addresses. Obviously this one shouldonly be used in closed test environments, and very carefully at that.

Author: Daniel Miller

Link: https://gist.github.com/3124893

http-screenshot

The script captures a screen shot for every service that looks like http. It is useful for identifying rogue http services that the system administrator does not recognise by simply flicking through all the screen shots. It uses wkhtmltoimage from the wkhtmltopdf project to do the job. See the related blog post for details. The script was further improved by Paul Asadoorian in PaulDotCom Podcast Episode 295

Links: http://pauldotcom.com/2012/07/using-nmap-to-screenshot-web-s.html http://blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web-services.html

Authors: Ryan Linn, Paul Asadoorian

vulscan.nse

Identification of vulnerabilities (matches version info with osvdb database)

Link: http://seclists.org/nmap-dev/2010/q2/726

Update: http://seclists.org/nmap-dev/2015/q3/319

httprecon.nse

HTTP fingerprinting to determine web server implementation

Link: http://seclists.org/nmap-dev/2010/q2/436

bitcoin-enum-targets.nse

Enumerates Bitcoin peers

Link: http://seclists.org/nmap-dev/2011/q2/837

http-google-email.nse

http-google-email.nse - attempts to search for e-mails pertaining to a specific domain in Google's Web search engine(google.com) and Google Groups search engine(groups.google.com).

Link: http://seclists.org/nmap-dev/2011/q3/401

http-reverse-ip.nse

http-reverse-ip.nse - attempts to find domains that are hosted on a specific ip address using Bing's ip: operator.

Link: http://seclists.org/nmap-dev/2011/q3/401

nntp-options.nse

Retrieves the available commands and banners from a listening NNTP daemon.

Link: https://gist.github.com/1231055

http-polycom-soundpoint-info.nse

Attempts to retrieve the configuration settings from a Polycom SoundPoint VoIP phone.

Link: https://gist.github.com/1234193

http-vivotek-camera-info.nse

Attempts to retrieve the configuration settings from a Vivotek network camera.

Link: https://gist.github.com/1357401

minecraft-auth.nse

Checks a Minecraft server for "insecure mode".

Link: http://seclists.org/nmap-dev/2010/q4/729

vuze-find-nodes.nse

Request a list of nodes from a remote Vuze node.

Link: http://seclists.org/nmap-dev/2011/q4/375

http-asus-wl500-info.nse

Attempts to retrieve the configuration settings from an Asus WL500 series wireless router.

Link: https://gist.github.com/1669787

gpsd-ng-info.nse

Retrieves device and version information from a listening GPSD-NG daemon.

Link: https://gist.github.com/1670029

http-igd-info.nse

Attempts to retrieve device information from an Internet Gateway Device (IGD) UPnP configuration file.

Link: https://gist.github.com/1697234

http-carel-data-server-users.nse

Attempts to retrieve all valid usernames from the HTTP component of Carel Pl@ntVisor (CarelDataServer.exe).

Author: Brendan Coles

Link: https://gist.github.com/1723237

md5-reverse-lookup.nse

Queries the external reverse md5 database for a single, or a list of md5 hashes and prints the found ones.

Author: Aleksandar Nikolic

Link: http://seclists.org/nmap-dev/2012/q3/att-81/md5-reverse-lookup.nse

http-trendnet-tvip110w.nse

Finds Trendnet TV-IP110w webcams that allow unauthenticated access to their video feed.