NMAP (Part 6): NSE Scripts

goay xuan hui
2 min readJan 23, 2021

This article is part of a series. Check out the full series: Part 1: Port Scanning Responses, Part 2: Basic Port Scanning Types, Part 3: Other Port Scanning Types, Part 4: Network Scanning, Part 5: Firewall Evasion Options and Part 6: NSE Scripts!

What is NSE scripts?

NSE scripts are written in the LUA programming language and can be used for:

  1. Scanning vulnerabilities
  2. Automate exploits for vulnerabilities

How to search for these scripts?

First option is to search on NMAP website: https://nmap.org/nsedoc/

Second option is to search on your Linux machine: /usr/share/nmap/scripts

goay@linux: /usr/share/nmap/scripts$ ls -l /usr/share/nmap/scripts/*ftp*

Installing new scripts…

Now, what if some scripts are missing in your Linux directory?

Run “sudo apt update && sudo apt install nmap”


Run “sudo wget -O /usr/share/nmap/scripts/<script-name>.nse https://svn.nmap.org/nmap/scripts/<script-name>.nse”

This must then be followed with “nmap — script-updatedb”

How to run these scripts?

  1. Run the most popular scripts:

nmap -sC

2. Run all the scripts within a category:

nmap --script discovery

nmap --script default, safe

References: https://securitytrails.com/blog/nmap-scripts-nse

3. Run scripts with wildcard:

nmap --script “ftp*”

nmap --script “ssh*”

4. Run specific scripts:

nmap --script=smb-enum-users, smb-enum-shares

5. Run scripts with arguments:

Some scripts require arguments, for example, for this http-put script (used to upload files using the PUT method), it will take two arguments:

The URL to upload the file to: http-put.url=’/dav/shell.php’

The file’s location on the disk: http-put.file=’./shell.php’

nmap -p 80 --script http-put --script-args http-put.url=’/dav/shell.php’, http-put.file=’./shell.php’

6. Get help menus:

nmap --script-help <script-name>



goay xuan hui

A food lover, a cyber security enthusiast, a musician and a traveller, so you will see a mix of different contents in my blog. ☺️