Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering the Nmap Scripting Engine
  • Table Of Contents Toc
Mastering the Nmap Scripting Engine

Mastering the Nmap Scripting Engine

By : Paulino Calderon
5 (1)
Buy this Book
close
close
Mastering the Nmap Scripting Engine

Mastering the Nmap Scripting Engine

5 (1)
By: Paulino Calderon
Buy this Book

Overview of this book

If you want to learn to write your own scripts for the Nmap Scripting Engine, this is the book for you. It is perfect for network administrators, information security professionals, and even Internet enthusiasts who are familiar with Nmap.
Table of Contents (23 chapters)
close
close
close
Mastering the Nmap Scripting Engine
Icon
Mastering the Nmap Scripting Engine
Credits
Icon
Credits
About the Author
Icon
About the Author
Acknowledgments
Icon
Acknowledgments
About the Reviewers
Icon
About the Reviewers
www.PacktPub.com
Icon
www.PacktPub.com
Preface
Icon
Preface
Lock Free Chapter
1
Introduction to the Nmap Scripting Engine
Icon
Introduction to the Nmap Scripting Engine
Icon
Installing Nmap
Icon
Running NSE scripts
Icon
Script categories
Icon
Scan phases and NSE
Icon
Applications of NSE scripts
Icon
Setting up a development environment
Icon
Adding new scripts
Icon
Summary
2
Lua Fundamentals
Icon
Lua Fundamentals
Icon
Quick notes about Lua
Icon
Flow control structures
Icon
Data types
Icon
String handling
Icon
Common data structures
Icon
I/O operations
Icon
Coroutines
Icon
Metatables and metamethods
Icon
Summary
3
NSE Data Files
chevron up
Icon
NSE Data Files
Icon
Locating your data directory
Icon
Data directory search order
Icon
Username and password lists used in brute-force attacks
Icon
Web application auditing data files
Icon
DBMS-auditing data files
Icon
Java Debug Wire Protocol data files
Icon
Other NSE data files
Icon
Other Nmap data files
Icon
Summary
4
Exploring the Nmap Scripting Engine API and Libraries
Icon
Exploring the Nmap Scripting Engine API and Libraries
Icon
Understanding the structure of an NSE script
Icon
Exploring environment variables
Icon
Accessing the Nmap API
Icon
The NSE registry
Icon
Writing NSE libraries
Icon
Exploring other popular NSE libraries
Icon
Summary
5
Enhancing Version Detection
Icon
Enhancing Version Detection
Icon
Understanding version detection mode in NSE
Icon
Writing your own version detection scripts
Icon
Examples of version detection scripts
Icon
Summary
6
Developing Brute-force Password-auditing Scripts
Icon
Developing Brute-force Password-auditing Scripts
Icon
Working with the brute NSE library
Icon
Reading usernames and password lists with the unpwdb NSE library
Icon
Managing user credentials found during scans
Icon
Writing an NSE script to launch password-auditing attacks against the MikroTik RouterOS API
Icon
Summary
7
Formatting the Script Output
Icon
Formatting the Script Output
Icon
Output formats and Nmap Scripting Engine
Icon
XML structured output
Icon
Printing verbosity messages
Icon
Including debugging information
Icon
The weakness of the grepable format
Icon
NSE script output in the HTML report
Icon
Summary
8
Working with Network Sockets and Binary Data
Icon
Working with Network Sockets and Binary Data
Icon
Working with NSE sockets
Icon
Understanding advanced network I/O
Icon
Manipulating raw packets
Icon
Raw packet handling and NSE sockets
Icon
Summary
9
Parallelism
Icon
Parallelism
Icon
Parallelism options in Nmap
Icon
Parallelism mechanisms in Lua
Icon
Parallelism mechanisms in NSE
Icon
Consuming TCP connections with NSE
Icon
Summary
10
Vulnerability Detection and Exploitation
Icon
Vulnerability Detection and Exploitation
Icon
Vulnerability scanning
Icon
Reporting vulnerabilities
Icon
Summary
1
Scan Phases
Icon
Scan Phases
2
NSE Script Template
Icon
NSE Script Template
Icon
Other templates online
3
Script Categories
Icon
Script Categories
4
Nmap Options Mind Map
Icon
Nmap Options Mind Map
5
References
Icon
References
6
Index
Icon
Index

Web application auditing data files

NSE is well-known for its web scanning capabilities, and some of the scripts also require data files to increase their flexibility. Again, as a general recommendation, you should go through them to ensure that they apply to your locale. Let's review what data files are available for web security auditing.

http-fingerprints.lua

This is the most important file related to web scanning in NSE. It contains the fingerprints used by the http-enum script. The http-enum script is the web enumeration script that looks for common application paths and forgotten configuration files; it even detects some web vulnerabilities.

The fingerprints are actually Lua tables. An entry looks somewhat similar to the following:

table.insert(fingerprints, { 
category='cms', 
probes={ 
{path='/changelog.txt'}, 
{path='/tinymce/changelog.txt'}, 
}, 
matches={ 
{match='Version (.-) ', output='Version \\1'}, 
{output='Interesting, a changelog.'} 
} 
})

You may select the location of a different...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Mastering the Nmap Scripting Engine
End of Section 3
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon