Running Nmap scripts is easy—and some, the "default" category, will even run on their own as a part of a normal scan. Some scripts are designed to simply give additional information about a target, while others will go so far as to actively exploit it (the "exploit" category) or even take it offline (the "DoS" category).
The first step to run an Nmap script that's part of the actually NSEDoc repository is to verify that the script is stored locally. Unlike the Nmap tool itself, the Nmap script repository is frequently updated—so it's in your best interest to always verify that you have the most updated version. You can update the NSE scripts by running Nmap with the flag --script-updatedb
, which updates the script database.
Once the script database is updated, you can select scripts by using the --script
tag. You can either select specific scripts for a given purpose, or you can select broad categories of scripts. Fortunately, the Nmap developers allow categories of scripts...