# Nmap Scripting Engine ## Introduction Nmap Scripting Engine (NSE) is one of the most powerful and flexible features of nmap which allows users to write and execute scripts to automate a wide variety of networking tasks during the scanning process. The scripts run in parallel to nmap scan and is used for various purposes like network discovery, brute forcing, vulnerability detection and exploitation, etc. ## Scripts categories * **safe**: doesn't affect the target * **intrusive**: not safe, likely to affect the target * **vuln**: scans for vulnerability * **exploit**: attempts to exploit a vulnerability * **auth:** attempts to bypass authentication for running services (eg. logging into an FTP server anonymously) * **brute**: attempts to brute force credentials for running services * **discovery**: attempts to query running services for further information about the network (eg. query on SNMP services) * **dos**: checks for DoS or performs DoS attacks * **malware**: checks for signs of malware infection * **fuzzer**: launch fuzzing attacks * **default:** Default scripts, same as `-sC` * **broadcast**: discover hosts by sending broadcast messages * **external: c**hecks using a third-party service, such as Geoplugin and Virustotal * **version: r**etrieves service versions ## Usage Use an appropriate script of the given category automatically: `--script=vuln` `--script=safe` Use a specific script: `--script=http-fileupload-exploiter` Getting information about a particular script: ```bash nmap --script-help [script_name] ``` ## Example Using `http-put` script to upload files using the PUT method: ```bash nmap -p 80 --script http-put --script-args http-put.url='/dav/shell.php',http-put.file='/shell.php' ``` {% hint style="info" %} For specifying arguments along with the nmap script, they should be separated with comma and connected to the corresponding script with periods as: \[script\_name].\[argument]=\[value] {% endhint %} ## Searching for NSE scripts ### Looking for NSE scripts related to particular name ```bash grep "ftp" /usr/share/nmap/scripts/script.db ``` Alternatively, ```bash ls -l /usr/share/nmap/scripts/*ftp* ``` ### Looking for NSE scripts related to particular NSE category ```bash grep "safe" /usr/share/nmap/scripts/script.db ``` ## Updating and installing NSE script manually For installation: ```bash sudo wget -O /usr/share/nmap/scripts/[script_name].nse https://svn.nmap.org/nmap/scripts/[script_name].nse ``` For update: (scans the script directory and updates the internal database that Nmap uses) ```bash nmap --script-updatedb ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://hacktools.aprasanna.com.np/nmap/nmap-scripting-engine.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.