Nmap Scripting Engine
Introduction
Nmap Scripting Engine (NSE) is another handy feature of Nmap.
It provides us with the possibility to create scripts in Lua for interaction with certain services.
Categories
There are a total of 14 categories into which these scripts can be divided
| Determination of authentication credentials. |
| Scripts, which are used for host discovery by broadcasting and the discovered hosts, can be automatically added to the remaining scans. |
| Executes scripts that try to log in to the respective service by brute-forcing with credentials. |
| Default scripts executed by using the |
| Evaluation of accessible services. |
| These scripts are used to check services for denial of service vulnerabilities and are used less as it harms the services. |
| This category of scripts tries to exploit known vulnerabilities for the scanned port. |
| Scripts that use external services for further processing. |
| This uses scripts to identify vulnerabilities and unexpected packet handling by sending different fields, which can take much time. |
| Intrusive scripts that could negatively affect the target system. |
| Checks if some malware infects the target system. |
| Defensive scripts that do not perform intrusive and destructive access. |
| Extension for service detection. |
| Identification of specific vulnerabilities. |
Using Scripts
There are several ways to use scripts
Default Scripts:
sudo nmap <Target> -sCSpecific Scripts Category:
sudo nmap <Target> --script <Category>Example:
sudo nmap 10.129.2.28 -p 80 -sV --script vuln
Defined Scripts:
sudo nmap <Target> --script <Script 1>, <Script 2>, ...Nmap also gives us the ability to scan our target with the aggressive option (
-A). This scans the target with multiple options as service detection (-sV), OS detection (-O), traceroute (--traceroute), and with the default NSE scripts (-sC).Aggressive Scan:
sudo nmap <Target> -AExample:
sudo nmap 10.129.2.28 -p 80 -A
Last updated