Book Image

Mastering the Nmap Scripting Engine

By : Paulino Calderon
Book Image

Mastering the Nmap Scripting Engine

By: Paulino Calderon

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Mastering the Nmap Scripting Engine
Paulino Calderon
Feb, 2015 | 244 pages
No titles found
Table of Contents (23 chapters)
Mastering the Nmap Scripting Engine
Mastering the Nmap Scripting Engine
Credits
Credits
About the Author
About the Author
Acknowledgments
Acknowledgments
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to the Nmap Scripting Engine
Introduction to the Nmap Scripting Engine
Installing Nmap
Running NSE scripts
Script categories
Scan phases and NSE
Applications of NSE scripts
Setting up a development environment
Adding new scripts
Summary
2
Lua Fundamentals
Lua Fundamentals
Quick notes about Lua
Flow control structures
Data types
String handling
Common data structures
I/O operations
Coroutines
Metatables and metamethods
Summary
3
NSE Data Files
NSE Data Files
Locating your data directory
Data directory search order
Username and password lists used in brute-force attacks
Web application auditing data files
DBMS-auditing data files
Java Debug Wire Protocol data files
Other NSE data files
Other Nmap data files
Summary
4
Exploring the Nmap Scripting Engine API and Libraries
Exploring the Nmap Scripting Engine API and Libraries
Understanding the structure of an NSE script
Exploring environment variables
Accessing the Nmap API
The NSE registry
Writing NSE libraries
Exploring other popular NSE libraries
Summary
5
Enhancing Version Detection
Enhancing Version Detection
Understanding version detection mode in NSE
Writing your own version detection scripts
Examples of version detection scripts
Summary
6
Developing Brute-force Password-auditing Scripts
Developing Brute-force Password-auditing Scripts
Working with the brute NSE library
Reading usernames and password lists with the unpwdb NSE library
Managing user credentials found during scans
Writing an NSE script to launch password-auditing attacks against the MikroTik RouterOS API
Summary
7
Formatting the Script Output
Formatting the Script Output
Output formats and Nmap Scripting Engine
XML structured output
Printing verbosity messages
Including debugging information
The weakness of the grepable format
NSE script output in the HTML report
Summary
8
Working with Network Sockets and Binary Data
Working with Network Sockets and Binary Data
Working with NSE sockets
Understanding advanced network I/O
Manipulating raw packets
Raw packet handling and NSE sockets
Summary
9
Parallelism
Parallelism
Parallelism options in Nmap
Parallelism mechanisms in Lua
Parallelism mechanisms in NSE
Consuming TCP connections with NSE
Summary
10
Vulnerability Detection and Exploitation
Vulnerability Detection and Exploitation
Vulnerability scanning
Reporting vulnerabilities
Summary
Scan Phases
Scan Phases
NSE Script Template
NSE Script Template
Other templates online
Script Categories
Script Categories
Nmap Options Mind Map
Nmap Options Mind Map
References
References
Index
Index

Appendix A. Scan Phases

Scans performed with Nmap are divided into phases, and some of them may be skipped using different Nmap options. The scan phases of Nmap are:

  • Script pre-scanning: The pre-scanning phase is executed only when you use the -sC or --script options; it attempts to retrieve additional host information via a collection of NSE scripts.

  • Target enumeration: In this phase, Nmap parses the target (or targets) and resolves them into IP addresses.

  • Host discovery: This is the phase where Nmap determines whether the target (or targets) is online and in the network by performing the specified host discovery technique (or techniques). The -Pn option can be used to skip this phase.

  • Reverse DNS resolution: In this phase, Nmap performs a reverse DNS lookup to obtain a hostname for each target. The -R argument can be used to force DNS resolution, and -n can be used to skip it.

  • Port scanning: During this phase, Nmap determines the state of the ports. It can be skipped using the -sn argument.

  • Version detection: This phase is in charge of advanced version detection for the ports found open. It is executed only when the -sV argument is set.

  • OS detection: In this phase, Nmap attempts to determine the operating system of the target. It is executed only when the -O option is present.

  • Trace route: In this phase, Nmap performs a trace route to the targets. This phase runs only when the --traceroute option is set.

  • Script scanning: In this phase, NSE scripts run depending on their execution rules.

  • Output: In this phase, Nmap formats all of the gathered information and returns it to the user in the specified format.

  • Script post-scanning: In this phase, NSE scripts with post-scan execution rules are evaluated and given a chance to run. If there are no post-scan NSE scripts in the default category, this phase will be skipped, unless specified with the --script argument.

Previous Section
End of Chapter
Next Chapter