As every coin has two side as a same way we know only the single side of Nmap which is port scanning.
While researching I found that a lot more other than port scanning and banner grabbing can be done with the use of Nmap.
We can use Nmap for web application pen-testing and exploitation too. Yeah it won't work as efficiently as of MSF.
This can replace the use of acunetix and other paid version scanner.
15. Script Output
PORT STATE SERVICE REASON
80/tcp open http syn-ack
| http-email-harvest:
| Spidering limited to: maxdepth=3; maxpagecount=20
| root@examplec.com
|_ postmaster@example.com
16.
17. Script Output
| ms-sql-info:
| Windows server name: WINXP
| 192.168.100.128PROD:
| Instance name: PROD
| Version:
| Named pipe: 192.168.100.128pipeMSSQL$PRODsqlquery
| Clustered: No | 192.168.100.128SQLFIREWALLED:
| Instance name: SQLFIREWALLED
| Version:
| name: Microsoft SQL Server 2008 RTM
| Product: Microsoft SQL Server 2008
| Service pack level: RTM
| TCP port: 4343
| Clustered: No
18.
19. Script Output
Host script results:
| smb-check-vulns:
| MS08-067: NOT VULNERABLE
| Conficker: Likely CLEAN
| regsvc DoS: regsvc DoS: NOT VULNERABLE
| SMBv2 DoS (CVE-2009-3103): NOT VULNERABLE
| MS06-025: NO SERVICE (the Ras RPC service is inactive)
|_ MS07-029: NO SERVICE (the Dns Server RPC service is inactive)
20.
21.
22.
23. Script Output
PORT STATE SERVICE REASON
80/tcp open http syn-ack
|http-stored-xss:
|Found the following stored XSS vulnerabilities:
|
| Payload: ghz>hzx
|Uploaded on: /guestbook.php
|Description: Unfiltered '>' (greater than sign). An indication of potential XSS
vulnerability.
| Payload: zxc'xcv
| Uploaded on: /guestbook.php
24.
25. Script Output
PORT STATE SERVICE REASON
80/tcp open http syn-ack
| http-dombased-xss:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=some-very-
random-page.com
| Found the following indications of potential DOM based XSS:
|
| Source: document.write("<OPTION
value=1>"+document.location.href.substring(document.location.href.indexOf("defaul
t=")
| Pages: http://some-very-random-page.com:80/, http://some-very- random-
page.com/foo.html
26.
27. PORT STATE SERVICE REASON
80/tcp open http syn-ack
| http-csrf:
|Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=some-very-
random-page.com
| Found the following CSRF vulnerabilities :
|
| Path: http://www.example.com/c/334/watches.html
| Form id: custom_price_filters
|_ Form action: /c/334/rologia-xeiros-watches.html
28.
29.
30. Script Output
PORT STATE SERVICE REASON
80/tcp open http syn-ack
| Testing page /post.html
|
| Successfully uploaded and executed payloads:
| Filename: 1.php, MIME: text/plain
|_ Filename: 1.php3, MIME: text/plain
31.
32. Script Output
PORT STATE SERVICE REASON
443/tcp open https syn-ack
| http-open-redirect:
|_
https://foobar.target.se:443/redirect.php?url=http%3A%2f%2fscanme.nmap.org
%2f