- Enumerate the Drupal module and themes using a list of known modules and themes
nmap --script http-drupal-enum
- Enumerate Drupal users by exploiting Views
nmap --script http-drupal-enum-users
- Enumerate directories on a web server
- Try to exploit file uploads by changing the content type, embedding payload in the meta-data
nmap --script http-fileupload-exploiter
- Attempt a pasword brute-forcing against an http form-based authentication
nmap --script http-form-brute
- Try zone transfer against a DNS server
nmap --script dns-zone-transfer
- Enumerate DNS hostnames by brute-force guessing of common subdomains
- Enumerate usernames using the finger service
- Check for FTP anonymous login
- Launch a brute-force attack against FTP servers
- Check if server allows port scanning using FTP bounce method
- Check for the presence of ProFTPD 1.3.3c backdoor (Exploit-DB ID: 15662)
nmap --script ftp-proftpd-backdoor
- Check for the presence of vsFTPD 2.3.4 backdoor (CVE-2011-2523)
nmap --script ftp-vsftpd-backdoor
- Spider the web to find HTTP and/or form based authentication requiring pages
nmap --script http-auth-finder
- Test the server for Cross-Origin-Resource-Sharing
- Test the server for CSRF vulnerabilities
- Test for default credentials used by multiple web applications
nmap --script http-default-accounts
- Test for DOM-based XSS vulnerabilities
nmap --script http-dombased-xss