Useful Nmap Scans

Here are some helpful nmap scans for SQL, SMTP, SMB, and FTP. These can give you ideas by helping to enumerate the target system. Just replace the 192.0.2.0/24 with the target address or range. If a single host is targeted, the option –open can be removed.

SQL
nmap -sV -Pn -vv –script=mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 192.0.2.0/24 -p 3306 –open

SMTP
nmap –script=smtp-commands,smtp-enum-users,smtp-vuln-cve2010-4344,smtp-vuln-cve2011-1720,smtp-vuln-cve2011-1764 -p 25 192.0.2.0/24 –open

SMB
nmap -p 139,445 –script smb-v* –script-args=unsafe=1 192.0.2.0/24 –open

FTP
nmap –script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum -p 21 192.0.2.0/24 –open

CVESearch

This was a new python script that I saw which works similarly to searchspoilt. Basically, it will search through all the CVEs for your search terms. If you are on a fresh install of Kali, you will need to install Pip for Python 3. This can be accomplished with:

Git clone https://github.com/highmeh/cvesearch.git
Sudo apt-get install python3-pip

Next, you will need to install the python module Untangle which will reach XML files and present a more human readable format. Run the following command to get Untangle:

Pip3 install requests untangle

Finally, update the database with:

 ./cvesearch.py -d

You can use either the CVE number with the -c argument or use -s and search by a keyword. Below, I searched for the version number of ISC Bind 9.8.1-P1 on a Vulnhub.

 

Source: https://github.com/highmeh/cvesearch