NSE Libraries
Click on a library name for more detailed information.
Libraries
- afp
This library was written by Patrik Karlsson <patrik@cqure.net> to facilitatecommunication with the Apple AFP Service. It is not feature complete andstill missing several functions.
- ajp
A basic AJP 1.3 implementation based on documentation available from Apachemod_proxy_ajp;http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html
- amqp
The AMQP library provides some basic functionality for retrieving informationabout an AMQP server's properties.
- anyconnect
This library implements HTTP requests used by the Cisco AnyConnect VPN Client
- asn1
ASN.1 functions.
- base32
Base32 encoding and decoding. Follows RFC 4648.
- base64
Base64 encoding and decoding. Follows RFC 4648.
- bin
Pack and unpack binary data.
- bitcoin
This library implements a minimal subset of the BitCoin protocolIt currently supports the version handshake and processing Addr responses.
- bits
Bit manipulation library.
- bittorrent
Bittorrent and DHT protocol library which enables users to readinformation from a torrent file, decode bencoded (bittorrentencoded) buffers, find peers associated with a certain torrent andretrieve nodes discovered during the search for peers.
- bjnp
An implementation of the Canon BJNP protocol used to discover and queryCanon network printers and scanner devices.
- brute
The brute library is an attempt to create a common framework for performingpassword guessing against remote services.
- cassandra
Library methods for handling Cassandra Thrift communication as client
- citrixxml
This module was written by Patrik Karlsson and facilitates communicationwith the Citrix XML Service. It is not feature complete and is missing severalfunctions and parameters.
- coap
An implementation of CoAPhttps://tools.ietf.org/html/rfc7252
- comm
Common communication functions for network discovery tasks likebanner grabbing and data exchange.
- creds
The credential class stores found credentials in the Nmap registry
- cvs
A minimal CVS (Concurrent Versions System) pserver protocol implementation which currently only supports authentication.
- datafiles
Read and parse some of Nmap's data files:
nmap-protocols,nmap-rpc,nmap-services, andnmap-mac-prefixes.- datetime
Functions for dealing with dates and timestamps
- dhcp
Implement a Dynamic Host Configuration Protocol (DHCP) client.
- dhcp6
Minimalistic DHCP6 (Dynamic Host Configuration Protocol for IPv6)implementation supporting basic DHCP6 Solicit requests The libraryis structured around the following classes:
- DHCP6.Option - DHCP6 options encoders (for requests) and decoders (for responses)
- DHCP6.Request - DHCP6 request encoder and decoder
- DHCP6.Response - DHCP6 response encoder and decoder
- Helper - The helper class, primary script interface
- dicom
DICOM library
- dns
Simple DNS library supporting packet creation, encoding, decoding,and querying.
- dnsbl
A minimalistic DNS BlackList library implemented to facilitate queryingvarious DNSBL services. The current list of services has been implementedbased on the following compilations of services:
- dnssd
Library for supporting DNS Service Discovery
- drda
DRDA Library supporting a very limited subset of operations.
- eap
EAP (Extensible Authentication Protocol) library supporting alimited subset of features.
- eigrp
A library supporting parsing and generating a limited subset of the Cisco' EIGRP packets.
- formulas
Formula functions for various calculations.
- ftp
FTP functions.
- geoip
Consolidation of GeoIP functions.
- giop
GIOP Library supporting a very limited subset of operations
- gps
A smallish gps parsing module.Currently does GPRMC NMEA decoding
- http
Implements the HTTP client protocol in a standard form that Nmap scripts cantake advantage of.
- httpspider
A smallish httpspider library providing basic spidering capabilitiesIt consists of the following classes:
- iax2
A minimalistic Asterisk IAX2 (Inter-Asterisk eXchange v2) VoIP protocol implementation.The library implements the minimum needed to perform brute force password guessing.
- idna
Library methods for handling IDNA domains.
- iec61850mms
Implements decoders and encoders for IEC-61850-8-1 MMS queries
- ike
A very basic IKE library.
- imap
A library implementing a minor subset of the IMAP protocol, currently theCAPABILITY, LOGIN and AUTHENTICATE functions. The library was initiallywritten by Brandon Enright and later extended and converted to OO-form byPatrik Karlsson <patrik@cqure.net>
- informix
Informix Library supporting a very limited subset of Informix operations
- ipmi
A module implementing IPMI protocol (the code is a porting of the Metasploit ipmi scanner:https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/ipmi)
- ipOps
Utility functions for manipulating and comparing IP addresses.
- ipp
A small CUPS ipp (Internet Printing Protocol) library implementation
- irc
IRC functions.
- iscsi
An iSCSI library implementing written by Patrik Karlsson <patrik@cqure.net>The library currently supports target discovery and login.
- isns
A minimal Internet Storage Name Service (iSNS) implementation
- jdwp
JDWP (Java Debug Wire Protocol) library implementing a set of commands needed to use remote debugging port and inject java bytecode.
- json
Library methods for handling JSON data. It handles JSON encoding anddecoding according to RFC 4627.
- knx
Functions for communicating with Konnex (KNX) devices
- ldap
Library methods for handling LDAP.
- lfs
Returns a directory iterator listing the contents of the given path
- libssh2
Provides a binding for the libssh2 library.
- libssh2-utility
Utility functions for libssh2.
- listop
Functional-style list operations.
- lpeg
Parsing Expression Grammars for Lua
- lpeg-utility
Utility functions for LPeg.
- ls
Report file and directory listings.
- match
Buffered network I/O helper functions.
- membase
A smallish implementation of the Couchbase Membase TAP protocolBased on the scarce documentation from the Couchbase Wiki:
- mobileme
A MobileMe web service client that allows discovering Apple devicesusing the "find my iPhone" functionality.
- mongodb
Library methods for handling MongoDB, creating and parsing packets.
- mqtt
An implementation of MQTT 3.1.1https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html
- msrpc
By making heavy use of the
smblibrary, this library will call various MSRPC functions. The functions used here can be accessed over TCP ports 445 and 139, with an established session. A NULL session (the default) will work for some functions and operating systems (or configurations), but not for others.- msrpcperformance
This module is designed to parse the
PERF_DATA_BLOCKstructure, which isstored in the registry under HKEY_PERFORMANCE_DATA. By querying this structure, you canget a whole lot of information about what's going on.- msrpctypes
This module was written to marshall parameters for Microsoft RPC (MSRPC) calls. The values passed in and out are basedon structs defined by the protocol, and documented by Samba developers. For detailed breakdowns of the types, take alook at Samba 4.0's
.idlfiles.- mssql
MSSQL Library supporting a very limited subset of operations.
- multicast
Utility functions for sending MLD requests and parsing reports.
- mysql
Simple MySQL Library supporting a very limited subset of operations.
- natpmp
This library implements the basics of NAT-PMP as described in theNAT Port Mapping Protocol (NAT-PMP) draft: ohttp://tools.ietf.org/html/draft-cheshire-nat-pmp-03
- nbd
An implementation of the Network Block Device protocol.https://github.com/NetworkBlockDevice/nbd/blob/master/doc/proto.md
- ncp
A tiny implementation of the Netware Core Protocol (NCP).While NCP was originally a Netware only protocol it's now present onboth Linux and Windows platforms running Novell eDirectory.
- ndmp
A minimalistic NDMP (Network Data Management Protocol) library
- netbios
Creates and parses NetBIOS traffic. The primary use for this is to sendNetBIOS name requests.
- nmap
Interface with Nmap internals.
- nrpc
A minimalistic library to support Domino RPC
- nsedebug
Debugging functions for Nmap scripts.
- omp2
This library was written to ease interaction with OpenVAS Manager serversusing OMP (OpenVAS Management Protocol) version 2.
- oops
Useful error stack objects
- openssl
OpenSSL bindings.
- ospf
A limited OSPF (Open Shortest Path First routing protocol) library, currently supporting IPv4 and the followingOSPF message types: HELLO, DB_DESCRIPTION, LS_REQUEST, LS_UPDATE
- outlib
Helper functions for NSE script output
- packet
Facilities for manipulating raw packets.
- pgsql
PostgreSQL library supporting both version 2 and version 3 of the protocol.The library currently contains the bare minimum to perform authentication.Authentication is supported with or without SSL enabled and using theplain-text or MD5 authentication mechanisms.
- pop3
POP3 functions.
- pppoe
A minimalistic PPPoE (Point-to-point protocol over Ethernet)library, implementing basic support for PPPoEDiscovery and Configuration requests. The PPPoE protocol is ethernet basedand hence does not use any IPs or port numbers.
- proxy
Functions for proxy testing.
- punycode
Library methods for handling punycode strings.
- rand
Functions for generating random data
- rdp
A minimal RDP (Remote Desktop Protocol) library. Currently has functionality to determine encryptionand cipher support.
- re
Regular Expression functions
- redis
A minimalistic Redis (in-memory key-value data store) library.
- rmi
Library method for communicating over RMI (JRMP + java serialization)
- rpc
RPC Library supporting a very limited subset of operations.
- rpcap
This library implements the fundamentals needed to communicate with theWinPcap Remote Capture Daemon. It currently supports authenticating tothe service using either NULL-, or Password-based authentication.In addition it has the capabilities to list the interfaces that may beused for sniffing.
- rsync
A minimalist RSYNC (remote file sync) library
- rtsp
This Real Time Streaming Protocol (RTSP) library implements only a minimalsubset of the protocol needed by the current scripts.
- sasl
Simple Authentication and Security Layer (SASL).
- shortport
Functions for building short portrules.
- sip
A SIP library supporting a limited subset of SIP commands and methods
- slaxml
This is the NSE implementation of SLAXML.SLAXML is a pure-Lua SAX-like streaming XML parser. It is more robustthan many (simpler) pattern-based parsers that exist, properly supportingcode like
<expr test="5 > 7" />, CDATA nodes, comments,namespaces, and processing instructions.It is currently not a truly valid XML parser, however, as it allows certain XML that issyntactically-invalid (not well-formed) to be parsed without reporting an error.The streaming parser does a simple pass through the input and reports what it sees along the way.You can optionally ignore white-space only text nodes using thestripWhitespaceoption.The library contains the parser class and the parseDOM function.- smb
Implements functionality related to Server Message Block (SMB, an extensionof CIFS) traffic, which is a Windows protocol.
- smb2
Implements the Server Message Block (SMB) protocol version 2 and 3.
- smbauth
This module takes care of the authentication used in SMB (LM, NTLM, LMv2, NTLMv2).
- smtp
Simple Mail Transfer Protocol (SMTP) operations.
- snmp
SNMP library.
- socks
A smallish SOCKS version 5 proxy protocol implementation
- srvloc
A relatively small implementation of the Service Location Protocol.It was initially designed to support requests for discovering Novell NCPservers, but should work for any other service as well.
- ssh1
Functions for the SSH-1 protocol. This module also contains functions forformatting key fingerprints.
- ssh2
Functions for the SSH-2 protocol.
- sslcert
A library providing functions for collecting SSL certificates and storingthem in the host-based registry.
- sslv2
A library providing functions for doing SSLv2 communications
- stdnse
Standard Nmap Scripting Engine functions. This module contains various handyfunctions that are too small to justify modules of their own.
- strbuf
String buffer facilities.
- strict
Strict declared global library. Checks for undeclared global variablesduring runtime execution.
- stringaux
Auxiliary functions for string manipulation
- stun
A library that implements the basics of the STUN protocol (SessionTraversal Utilities for NAT) per RFC3489 and RFC5389. A protocoloverview is available athttp://en.wikipedia.org/wiki/STUN.
- tab
Arrange output into tables.
- tableaux
Auxiliary functions for table manipulation
- target
Utility functions to add new discovered targets to Nmap scan queue.
- tftp
Library implementing a minimal TFTP server
- tls
A library providing functions for doing TLS/SSL communications
- tn3270
TN3270 Emulator Library
- tns
TNS Library supporting a very limited subset of Oracle operations
- unicode
Library methods for handling unicode strings.
- unittest
Unit testing support for NSE libraries.
- unpwdb
Username/password database library.
- upnp
A UPNP library based on code from upnp-info initially written byThomas Buchanan. The code was factored out from upnp-info and partlyre-written by Patrik Karlsson <patrik@cqure.net> in order to supportmulticast requests.
- url
URI parsing, composition, and relative URL resolution.
- versant
A tiny library allowing some basic information enumeration fromVersant object database software (seehttp://en.wikipedia.org/wiki/Versant_Corporation). The code isentirely based on packet dumps captured when using the VersantManagement Center administration application.
- vnc
The VNC library provides some basic functionality needed in order tocommunicate with VNC servers, and derivatives such as Tight- or Ultra-VNC.
- vulns
Functions for vulnerability management.
- vuzedht
A Vuze DHT protocol implementation based on the following documentation:ohttp://wiki.vuze.com/w/Distributed_hash_table
- wsdd
A library that enables scripts to send Web Service Dynamic Discovery probesand perform some very basic decoding of responses. The library is in no waya full WSDD implementation it's rather the result of some packet capturesand some creative coding.
- xdmcp
Implementation of the XDMCP (X Display Manager Control Protocol) based on: xhttp://www.xfree86.org/current/xdmcp.pdf
- xmpp
A XMPP (Jabber) library, implementing a minimal subset of the protocolenough to do authentication brute-force.
- zlib
Zlib compression and decompression library