Discovery NSE Scripts - Nikola's Digital Garden

#readwise # Discovery NSE Scripts ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/static/images/article3.5c705a01b476.png) ## Metadata - Author: [[nmap.org]] - Full Title: Discovery NSE Scripts - URL: https://nmap.org/nsedoc/categories/discovery.html ## Summary The Nmap documentation provides information about various scripts that gather data from different types of servers. These scripts can retrieve details such as server versions, IP addresses, and hardware types. They also support querying protocols for devices and services like BACNet, Bitcoin, and HTTP. Overall, these scripts help discover and enumerate device information across networks. ## Highlights For a description of this category, see [discovery NSE category in the Nmap documentation](https://nmap.org/book/nse-usage.html#nse-category-discovery). ([View Highlight](https://read.readwise.io/read/01jp4kwrcs0n0svejwvy1ymnsb)) --- [banner](https://nmap.org/nsedoc/categories/discovery.html/../scripts/banner.html) A simple banner grabber which connects to an open TCP port and prints out anything sent by the listening service within five seconds. ([View Highlight](https://read.readwise.io/read/01jp4kj3bre4tdz0ky58wgk8xt)) --- [dhcp-discover](https://nmap.org/nsedoc/categories/discovery.html/../scripts/dhcp-discover.html) Sends a DHCPINFORM request to a host on UDP port 67 to obtain all the local configuration parameters without allocating a new address. ([View Highlight](https://read.readwise.io/read/01jp4kpaqs5szkhrd1vsehd9js)) --- [dns-service-discovery](https://nmap.org/nsedoc/categories/discovery.html/../scripts/dns-service-discovery.html) Attempts to discover target hosts' services using the DNS Service Discovery protocol. ([View Highlight](https://read.readwise.io/read/01jp4kpw2jc8ccvaygdrav4djx)) --- [http-wordpress-enum](https://nmap.org/nsedoc/categories/discovery.html/../scripts/http-wordpress-enum.html) Enumerates themes and plugins of Wordpress installations. The script can also detect outdated plugins by comparing version numbers with information pulled from api.wordpress.org. ([View Highlight](https://read.readwise.io/read/01jp4kqs7p6kr7ebgrd5q33pf4)) --- [mqtt-subscribe](https://nmap.org/nsedoc/categories/discovery.html/../scripts/mqtt-subscribe.html) Dumps message traffic from MQTT brokers. ([View Highlight](https://read.readwise.io/read/01jp4kv47vwf95w6ksf2ez5c69)) --- [nat-pmp-info](https://nmap.org/nsedoc/categories/discovery.html/../scripts/nat-pmp-info.html) Gets the routers WAN IP using the NAT Port Mapping Protocol (NAT-PMP). The NAT-PMP protocol is supported by a broad range of routers including: - Apple AirPort Express - Apple AirPort Extreme - Apple Time Capsule - DD-WRT - OpenWrt v8.09 or higher, with MiniUPnP daemon - pfSense v2.0 - Tarifa (firmware) (Linksys WRT54G/GL/GS) - Tomato Firmware v1.24 or higher. (Linksys WRT54G/GL/GS and many more) - Peplink Balance ([View Highlight](https://read.readwise.io/read/01jp4krxpbrf7aw63xyeydh8xr)) --- [nat-pmp-mapport](https://nmap.org/nsedoc/categories/discovery.html/../scripts/nat-pmp-mapport.html) Maps a WAN port on the router to a local port on the client using the NAT Port Mapping Protocol (NAT-PMP). It supports the following operations: • map - maps a new external port on the router to an internal port of the requesting IP • unmap - unmaps a previously mapped port for the requesting IP • unmapall - unmaps all previously mapped ports for the requesting IP ([View Highlight](https://read.readwise.io/read/01jp4ks1fca3ghqmm9dvxsd2bf)) --- [upnp-info](https://nmap.org/nsedoc/categories/discovery.html/../scripts/upnp-info.html) Attempts to extract system information from the UPnP service. ([View Highlight](https://read.readwise.io/read/01jp4kt70v3s1a55c0ajjtp00m)) ---