Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering the Nmap Scripting Engine
  • Table Of Contents Toc
Mastering the Nmap Scripting Engine

Mastering the Nmap Scripting Engine

By : Paulino Calderon
5 (1)
Buy this Book
close
close
Mastering the Nmap Scripting Engine

Mastering the Nmap Scripting Engine

5 (1)
By: Paulino Calderon
Buy this Book

Overview of this book

If you want to learn to write your own scripts for the Nmap Scripting Engine, this is the book for you. It is perfect for network administrators, information security professionals, and even Internet enthusiasts who are familiar with Nmap.
Table of Contents (23 chapters)
close
close
close
Mastering the Nmap Scripting Engine
Icon
Mastering the Nmap Scripting Engine
Credits
Icon
Credits
About the Author
Icon
About the Author
Acknowledgments
Icon
Acknowledgments
About the Reviewers
Icon
About the Reviewers
www.PacktPub.com
Icon
www.PacktPub.com
Preface
Icon
Preface
Lock Free Chapter
1
Introduction to the Nmap Scripting Engine
chevron up
Icon
Introduction to the Nmap Scripting Engine
Icon
Installing Nmap
Icon
Running NSE scripts
Icon
Script categories
Icon
Scan phases and NSE
Icon
Applications of NSE scripts
Icon
Setting up a development environment
Icon
Adding new scripts
Icon
Summary
2
Lua Fundamentals
Icon
Lua Fundamentals
Icon
Quick notes about Lua
Icon
Flow control structures
Icon
Data types
Icon
String handling
Icon
Common data structures
Icon
I/O operations
Icon
Coroutines
Icon
Metatables and metamethods
Icon
Summary
3
NSE Data Files
Icon
NSE Data Files
Icon
Locating your data directory
Icon
Data directory search order
Icon
Username and password lists used in brute-force attacks
Icon
Web application auditing data files
Icon
DBMS-auditing data files
Icon
Java Debug Wire Protocol data files
Icon
Other NSE data files
Icon
Other Nmap data files
Icon
Summary
4
Exploring the Nmap Scripting Engine API and Libraries
Icon
Exploring the Nmap Scripting Engine API and Libraries
Icon
Understanding the structure of an NSE script
Icon
Exploring environment variables
Icon
Accessing the Nmap API
Icon
The NSE registry
Icon
Writing NSE libraries
Icon
Exploring other popular NSE libraries
Icon
Summary
5
Enhancing Version Detection
Icon
Enhancing Version Detection
Icon
Understanding version detection mode in NSE
Icon
Writing your own version detection scripts
Icon
Examples of version detection scripts
Icon
Summary
6
Developing Brute-force Password-auditing Scripts
Icon
Developing Brute-force Password-auditing Scripts
Icon
Working with the brute NSE library
Icon
Reading usernames and password lists with the unpwdb NSE library
Icon
Managing user credentials found during scans
Icon
Writing an NSE script to launch password-auditing attacks against the MikroTik RouterOS API
Icon
Summary
7
Formatting the Script Output
Icon
Formatting the Script Output
Icon
Output formats and Nmap Scripting Engine
Icon
XML structured output
Icon
Printing verbosity messages
Icon
Including debugging information
Icon
The weakness of the grepable format
Icon
NSE script output in the HTML report
Icon
Summary
8
Working with Network Sockets and Binary Data
Icon
Working with Network Sockets and Binary Data
Icon
Working with NSE sockets
Icon
Understanding advanced network I/O
Icon
Manipulating raw packets
Icon
Raw packet handling and NSE sockets
Icon
Summary
9
Parallelism
Icon
Parallelism
Icon
Parallelism options in Nmap
Icon
Parallelism mechanisms in Lua
Icon
Parallelism mechanisms in NSE
Icon
Consuming TCP connections with NSE
Icon
Summary
10
Vulnerability Detection and Exploitation
Icon
Vulnerability Detection and Exploitation
Icon
Vulnerability scanning
Icon
Reporting vulnerabilities
Icon
Summary
1
Scan Phases
Icon
Scan Phases
2
NSE Script Template
Icon
NSE Script Template
Icon
Other templates online
3
Script Categories
Icon
Script Categories
4
Nmap Options Mind Map
Icon
Nmap Options Mind Map
5
References
Icon
References
6
Index
Icon
Index

Running NSE scripts

NSE was designed with flexibility in mind, and supports several features to control the execution of NSE scripts. In this chapter, we will learn not only that NSE scripts can be executed during different scan phases but also that they can be selected with a high level of granularity, depending on host conditions. In combination with robust libraries and plenty of configuration options, NSE offers a level of flexibility that is hard to match in other tools and frameworks.

We can begin testing NSE against the host, scanme.nmap.org. This server is managed by the Nmap project and allows users to scan it as long as the scans are not too intrusive. Let's begin by running a scan with version detection and NSE enabled against our test target—scanme.nmap.org:

#nmap –sV –sC -O scanme.nmap.org

You should see something similar to this:

The previous command ran a SYN scan with OS detection (-O), service detection (-sV), and most importantly with NSE on (-sC). The -sC option enables the NSE and runs any script in the default category. This set of scripts is considered safe as it won't perform any operations that could interfere with a service running on the target host. However, note that some of the scripts perform actions that can raise alarms in intrusion detection systems (IDS) and intrusion prevention systems (IPS).

Note

An unprivileged scan can't access raw sockets, which generally results in a slower scan. However, the SYN scan is the default type of scan executed when Nmap runs in privileged mode.

The safe category contains scripts such as these:

  • banner: This prints the response of a TCP connection to an open port

  • broadcast-ping: This discovers hosts with broadcast pings

  • dns-recursion: This detects DNS servers that allow recursion that may be used in DNS amplification attacks

  • upnp-info: This extracts information from the upnp service

  • firewalk: This attempts to discover firewalls using an IP TTL expiration technique

The previously mentioned scripts are only a few compared to the current total of almost 500. That's a whole lot more of information that can be collected by simply using NSE.

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Mastering the Nmap Scripting Engine
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon