# Nmap Scripting Engine

## Introduction

* Nmap Scripting Engine (NSE) is another handy feature of Nmap. 
* It provides us with the possibility to create scripts in Lua for interaction with certain services.

## Categories

* There are a total of 14 categories into which these scripts can be divided

<table data-header-hidden><thead><tr><th width="143">Category</th><th>Description</th></tr></thead><tbody><tr><td><code>auth</code></td><td>Determination of authentication credentials.</td></tr><tr><td><code>broadcast</code></td><td>Scripts, which are used for host discovery by broadcasting and the discovered hosts, can be automatically added to the remaining scans.</td></tr><tr><td><code>brute</code></td><td>Executes scripts that try to log in to the respective service by brute-forcing with credentials.</td></tr><tr><td><code>default</code></td><td>Default scripts executed by using the <code>-sC</code> option.</td></tr><tr><td><code>discovery</code></td><td>Evaluation of accessible services.</td></tr><tr><td><code>dos</code></td><td>These scripts are used to check services for denial of service vulnerabilities and are used less as it harms the services.</td></tr><tr><td><code>exploit</code></td><td>This category of scripts tries to exploit known vulnerabilities for the scanned port.</td></tr><tr><td><code>external</code></td><td>Scripts that use external services for further processing.</td></tr><tr><td><code>fuzzer</code></td><td>This uses scripts to identify vulnerabilities and unexpected packet handling by sending different fields, which can take much time.</td></tr><tr><td><code>intrusive</code></td><td>Intrusive scripts that could negatively affect the target system.</td></tr><tr><td><code>malware</code></td><td>Checks if some malware infects the target system.</td></tr><tr><td><code>safe</code></td><td>Defensive scripts that do not perform intrusive and destructive access.</td></tr><tr><td><code>version</code></td><td>Extension for service detection.</td></tr><tr><td><code>vuln</code></td><td>Identification of specific vulnerabilities.</td></tr></tbody></table>

## Using Scripts

* There are several ways to use scripts
* Default Scripts: `sudo nmap <Target>  -sC`
* Specific Scripts Category: `sudo nmap <Target> --script <Category>`
  * Example: `sudo nmap 10.129.2.28 -p 80 -sV --script vuln`
* Defined Scripts: `sudo nmap <Target> --script <Script 1>, <Script 2>, ...`
* Nmap also gives us the ability to scan our target with the aggressive option (`-A`). This scans the target with multiple options as service detection (`-sV`), OS detection (`-O`), traceroute (`--traceroute`), and with the default NSE scripts (`-sC`).
* Aggressive Scan: `sudo nmap <Target> -A`
  * Example: `sudo nmap 10.129.2.28 -p 80 -A`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kayra.gitbook.io/hackerkayra/archive-backup-bin/certified-penetration-testing-specialist-cpts/reconnaissance-enumeration-and-attack-planning/network-enumeration-with-nmap/nmap-scripting-engine.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.