Nmap Scripting Engine
Introduction: Nmap Scripting Engine (NSE) is a powerful feature of Nmap that allows users to extend the functionality of the tool by running scripts to perform a wide range of tasks during the scanning process. NSE scripts provide additional capabilities, including service version detection, vulnerability scanning, and more.
Usage:
-sC
: Equivalent to running default scripts--script=<script(s)>
: Specify individual scripts or script categories to run--script-args=<args>
: Pass arguments to scripts
Common NSE Script Categories:
Discovery:
discovery
category includes scripts for discovering additional information about hosts.
Vulnerability Detection:
vuln
category includes scripts for identifying potential vulnerabilities on scanned hosts.
Service Version Detection:
version
category scripts help in identifying service versions running on open ports.
Examples:
Run default scripts against a target:
nmap -sC example.com
Run specific script categories:
nmap --script=default,vuln example.com
Run individual scripts with arguments:
nmap --script=http-title --script-args="path=/index.html" example.com
Custom Script Development:
Users can create (or download new) custom NSE scripts to address specific needs.
on kali, list of NSEs are found under
kali@kali:~$ ll /usr/share/nmap/scripts
total 4960
-rw-r--r-- 1 root root 3901 Nov 1 22:10 acarsd-info.nse
-rw-r--r-- 1 root root 8749 Nov 1 22:10 address-info.nse
-rw-r--r-- 1 root root 3345 Nov 1 22:10 afp-brute.nse
-rw-r--r-- 1 root root 6463 Nov 1 22:10 afp-ls.nse
-rw-r--r-- 1 root root 7001 Nov 1 22:10 afp-path-vuln.nse
-rw-r--r-- 1 root root 5600 Nov 1 22:10 afp-serverinfo.nse
-rw-r--r-- 1 root root 2621 Nov 1 22:10 afp-showmount.nse
-rw-r--r-- 1 root root 2262 Nov 1 22:10 ajp-auth.nse
-rw-r--r-- 1 root root 2983 Nov 1 22:10 ajp-brute.nse
-rw-r--r-- 1 root root 1329 Nov 1 22:10 ajp-headers.nse
-rw-r--r-- 1 root root 2590 Nov 1 22:10 ajp-methods.nse
-rw-r--r-- 1 root root 3051 Nov 1 22:10 ajp-request.nse
-rw-r--r-- 1 root root 6719 Nov 1 22:10 allseeingeye-info.nse
-rw-r--r-- 1 root root 1678 Nov 1 22:10 amqp-info.nse
...
You need to update the script DB by executing
kali@kali:~$ sudo nmap --script-updatedb
[sudo] password for kali:
Starting Nmap 7.92 ( https://nmap.org )
NSE: Updating rule database.
NSE: Script Database updated successfully.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.54 seconds
http-enum
helps in fingerprinting the webserver
kali@kali:~$ sudo nmap -p80 --script=http-enum example.com
NSE enhances Nmap's capabilities by providing a flexible and extensible framework for automating tasks during network reconnaissance and security assessments. Always use NSE responsibly and consider the impact of scripts on the target network.
Last updated