Nmap Scripting Engine
Introduction
Nmap Scripting Engine (NSE) is another handy feature of Nmap.
It provides us with the possibility to create scripts in Lua for interaction with certain services.
Categories
There are a total of 14 categories into which these scripts can be divided
auth
Determination of authentication credentials.
broadcast
Scripts, which are used for host discovery by broadcasting and the discovered hosts, can be automatically added to the remaining scans.
brute
Executes scripts that try to log in to the respective service by brute-forcing with credentials.
default
Default scripts executed by using the -sC option.
discovery
Evaluation of accessible services.
dos
These scripts are used to check services for denial of service vulnerabilities and are used less as it harms the services.
exploit
This category of scripts tries to exploit known vulnerabilities for the scanned port.
external
Scripts that use external services for further processing.
fuzzer
This uses scripts to identify vulnerabilities and unexpected packet handling by sending different fields, which can take much time.
intrusive
Intrusive scripts that could negatively affect the target system.
malware
Checks if some malware infects the target system.
safe
Defensive scripts that do not perform intrusive and destructive access.
version
Extension for service detection.
vuln
Identification of specific vulnerabilities.
Using Scripts
There are several ways to use scripts
Default Scripts:
sudo nmap <Target> -sCSpecific Scripts Category:
sudo nmap <Target> --script <Category>Example:
sudo nmap 10.129.2.28 -p 80 -sV --script vuln
Defined Scripts:
sudo nmap <Target> --script <Script 1>, <Script 2>, ...Nmap also gives us the ability to scan our target with the aggressive option (
-A). This scans the target with multiple options as service detection (-sV), OS detection (-O), traceroute (--traceroute), and with the default NSE scripts (-sC).Aggressive Scan:
sudo nmap <Target> -AExample:
sudo nmap 10.129.2.28 -p 80 -A
Last updated