Broadcast requests often reveal protocol and host details, and with some help from the Nmap Scripting Engine, we can gather valuable information from a network. NSE broadcast scripts perform tasks such as detecting dropbox listeners, sniffing to detect hosts, and discovering MS SQL and NCP servers, among many other things.
This recipe describes how to use the NSE broadcast scripts to collect interesting information from a network.
Open a terminal and enter the following command:
# nmap --script broadcast
Note that broadcast scripts can run without setting a specific target. All the NSE scripts that found information will be included in your scan results:
Pre-scan script results: | targets-ipv6-multicast-invalid-dst: | IP: fe80::a00:27ff:fe16:4f71 MAC: 08:00:27:16:4f:71 IFACE: wlan2 |_ Use --script-args=newtargets to add the results as targets | targets-ipv6-multicast-echo: | IP: fe80::a00:27ff:fe16:4f71 MAC...