Mastering the Nmap Scripting Engine will take you through the process of developing Lua scripts for the Nmap Scripting Engine (NSE). The Nmap Scripting Engine's capabilities are explored throughout 10 chapters. They cover the fundamental concepts, operations, and libraries to teach you how to extend Nmap scans with custom tasks.
The information I selected for this book attempts to answer one of the most common questions received on the Nmap development mailing list: "How do I start writing NSE scripts?" I have tried to explain each of the concepts with examples and specific task implementations. Expect to read a lot of code! The only way of truly learning something is by practicing, so don't just skim through the book; stop at each chapter and attempt to write new NSE scripts. I have also created a website (http://www.mastering-nse.com) where I will post news, additional content, and other surprises.
I hope you enjoy this book and that it helps you through the path of mastering the Nmap Scripting Engine.
Chapter 1, Introduction to the Nmap Scripting Engine, covers the fundamentals of the Nmap Scripting Engine and its applications.
Chapter 2, Lua Fundamentals, describes the fundamentals of Lua programming.
Chapter 3, NSE Data Files, covers NSE databases and teaches you how to fine-tune them to optimize results.
Chapter 4, Exploring the Nmap Scripting Engine API and Libraries, explores the Nmap Scripting Engine API and usage of the most important NSE libraries.
Chapter 5, Enhancing Version Detection, explains the Nmap version detection engine and NSE version scripts.
Chapter 6, Developing Brute-force Password-auditing Scripts, describes the process of implementing the Brute class to create robust brute-force password-auditing scripts.
Chapter 7, Formatting the Script Output, covers the different output modes in Nmap and NSE.
Chapter 8, Working with Network Sockets and Binary Data, teaches you all the topics related to network I/O operations and handling binary data.
Chapter 9, Parallelism, introduces the concepts of parallelism and collaborative multitasking in Lua and the Nmap Scripting Engine.
Chapter 10, Vulnerability Detection and Exploitation, covers vulnerability exploitation with the Nmap Scripting Engine.
Appendix A, Scan Phases, explains the different phases of an Nmap scan.
Appendix B, NSE Script Template, covers the required fields and structure of an NSE script.
Appendix C, Script Categories, demonstrates the available NSE categories.
Appendix D, Nmap Options Mind Map, illustrates all the available options in Nmap using a mind map.
Appendix E, References, includes all the references of this book and links for additional reading.
You will need a recent copy of Nmap (6.x) to follow the examples of this book. Refer to Chapter 1, Introduction to the Nmap Scripting Engine, for installation instructions.
For Chapter 2, Lua Fundamentals, you might also need a Lua interpreter installed on your system.
This book is aimed at anyone looking to master the Nmap Scripting Engine and the art of developing NSE scripts. It is perfect for network administrators, information security professionals, and even Internet enthusiasts who are familiar with Nmap but know that they are missing out on some of the amazing features of the Nmap Scripting Engine. This book will give readers the ability not only to work with the Nmap Scripting Engine but also to extend the capabilities of Nmap by developing custom NSE scripts.
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and explanations of their meanings.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "Go to the nmap directory that was just created by Subversion."
A block of code is set as follows:
Driver = {
new = function(self, host, port, options)
local o = {}
setmetatable(o, self)
self.__index = self
o.options = options
return o
endWhen we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
static const luaL_Reg libs[] = {
{NSE_PCRELIBNAME, luaopen_pcrelib},
{NSE_NMAPLIBNAME, luaopen_nmap},
{NSE_BINLIBNAME, luaopen_binlib},
{BITLIBNAME, luaopen_bit},
{TESTLIBNAME, luaopen_test},
{LFSLIBNAME, luaopen_lfs},
{LPEGLIBNAME, luaopen_lpeg},
#ifdef HAVE_OPENSSL
{OPENSSLLIBNAME, luaopen_openssl},
#endif
{NULL, NULL}
};Any command-line input or output is written as follows:
# $nmap --script brute --script-args brute.delay=3 <target>
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "If version detection is enabled, the table of results will contain the additional VERSION column."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
You can download the example code files from your account at http://www.packtpub.com for all the Packt Publishing books you have purchased. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.