Nmap auth-spoof NSE Script
This page contains detailed information about how to use the auth-spoof NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/auth-spoof.nse
Script categories: malware, safe
Target service / protocol: auth
Target network port(s): 113
List of CVEs: -
Script Description
The auth-spoof.nse script checks for an identd (auth) server which is spoofing its replies.
Tests whether an identd (auth) server responds with an answer before we even send the query. This sort of identd spoofing can be a sign of malware infection, though it can also be used for legitimate privacy reasons.
Auth-spoof NSE Script Arguments
The auth-spoof.nse script does not have any arguments.
Auth-spoof NSE Script Example Usage
Here's an example of how to use the auth-spoof.nse script:
nmap --script=auth-spoof <target>
Auth-spoof NSE Script Example Output
Here's a sample output from the auth-spoof.nse script:
PORT STATE SERVICE REASON
113/tcp open auth syn-ack
|_auth-spoof: Spoofed reply: 0, 0 : USERID : UNIX : OGJdvM
Auth-spoof NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.
Author
- Diman Todorov
References
- https://nmap.org/nsedoc/scripts/auth-spoof.html
- https://github.com/nmap/nmap/tree/master/scripts/auth-spoof.nse
See Also
Related NSE scripts to the auth-spoof.nse script:
Visit Nmap NSE Library for more scripts.
Version
This page has been created based on Nmap version 7.92.
