NMAP (Part 6): NSE Scripts
This article is part of a series. Check out the full series: Part 1: Port Scanning Responses, Part 2: Basic Port Scanning Types, Part 3: Other Port Scanning Types, Part 4: Network Scanning, Part 5: Firewall Evasion Options and Part 6: NSE Scripts!
What is NSE scripts?
NSE scripts are written in the LUA programming language and can be used for:
- Scanning vulnerabilities
- Automate exploits for vulnerabilities
How to search for these scripts?
First option is to search on NMAP website: https://nmap.org/nsedoc/
Second option is to search on your Linux machine: /usr/share/nmap/scripts
goay@linux: /usr/share/nmap/scripts$ ls -l /usr/share/nmap/scripts/*ftp*
Installing new scripts…
Now, what if some scripts are missing in your Linux directory?
Run “sudo apt update && sudo apt install nmap”
OR
Run “sudo wget -O /usr/share/nmap/scripts/<script-name>.nse https://svn.nmap.org/nmap/scripts/<script-name>.nse”
This must then be followed with “nmap — script-updatedb”
How to run these scripts?
- Run the most popular scripts:
nmap -sC 192.168.1.1
2. Run all the scripts within a category:
nmap --script discovery 192.168.1.1
nmap --script default, safe 192.168.1.4
3. Run scripts with wildcard:
nmap --script “ftp*” 192.168.1.1
nmap --script “ssh*” 192.168.1.1
4. Run specific scripts:
nmap --script=smb-enum-users, smb-enum-shares
5. Run scripts with arguments:
Some scripts require arguments, for example, for this http-put script (used to upload files using the PUT method), it will take two arguments:
The URL to upload the file to: http-put.url=’/dav/shell.php’
The file’s location on the disk: http-put.file=’./shell.php’
nmap -p 80 --script http-put --script-args http-put.url=’/dav/shell.php’, http-put.file=’./shell.php’
6. Get help menus:
nmap --script-help <script-name>
