Updated: Scanning for Microsoft FTP with Nmap

Hi all,

I wrote a blog last week about scanning for Microsoft FTP with Nmap. In some situations the script I linked to wouldn't work, so I gave it an overhaul and it should work nicely now.

I renamed the script to ftp-capabilities.nse. You can get the new version from svn with the usual commands:

$ svn co --username guest --password '' svn://svn.insecure.org/nmap
$ cd nmap
$ ./configure && make
# make install
$ nmap -d -p21 --script=ftp-capabilities 

Or you can download the current version (as of September 17, 2009) at http://www.skullsecurity.org/blogdata/ftp-capabilities.nse (note that that version won't be updated).

The output will simply tell you whether or not it's Windows FTP, and whether or not MKDIR is permitted. It doesn't tell you "vulnerable" or "not vulnerable", because it isn't actually checking for an exploit. Of course, if you let anonymous call MKDIR, you probably have other issues. :)

Happy scanning!
Ron

One thought on “Updated: Scanning for Microsoft FTP with Nmap

  1. Reply

    BlAck.Eagle

    hello,can you tell me about it "smb-pwdump"?where can i get the smb-pwdump script

Leave a Reply

Your email address will not be published.