Professional Documents
Culture Documents
068 072 - Nmap Script PDF
068 072 - Nmap Script PDF
SCAN TIME
N
map is the tool of choice for pen- functions into custom scripts. Fyodor, expressions – a useful option for pen tes-
etration testing [1]. Experts use the Nmap project leader, placed the de- ters who want to check existing vulnera-
Nmap to search out security velopment of this scripting engine in the bilities by launching exploits. However,
holes and scan for open network services. capable hands of Diman Todorov. The the developers point out that Nmap is
But what happens when you find a prob- result is the Nmap Scripting Engine not looking to compete with the
lem? Many administrators prefer to follow (NSE) [2], which has been an integral Metasploit framework [3].
up the discovery with additional tests. For part of Nmap since version 4.21. NSE provides an easy means for build-
instance, if Nmap finds an http service, NSE extends the core functionality of ing automated solutions around Nmap.
why not query to determine the web the Nmap scanner, providing detailed in- The NSE option works well for small to
server version? formation on services such as NFS, SMB, mid-sized networks. Tools such as Nes-
Thus far, administrators have written or RPC. You can also use NSE to search sus [4], GFI LANguard [5], or ISS Inter-
their own scripts to parse Nmap output for active systems using domain look- net Scanner [6] might be better suited
files – a slow and time-consuming pro- ups, Whois searches, or other source for large-scale scanning operations. You
cess. The Nmap project recently decided network discovery techniques. To can download the NSE source code from
it was time to introduce a scripting en- discover backdoors, NSE checks any the project server [1] or check out your
gine so that users could automate Nmap version strings it detects against regular distributor’s repository for a binary.
socket:connectU
("whois.ripe.net", 43)
20 socket:connect(“whois.ripe. 43
To do so, enable the Lua shortport net”, 43) 44 return “IP belongs to: “ .. value
extension by calling require "shortport". 21 socket:send(host.ip .. “\n”) 45 end
The beef of the script follows the
22
header details for the action=function