Nmap Scripting Engine

Introduction

Nmap Scripting Engine (NSE) is one of the most powerful and flexible features of nmap which allows users to write and execute scripts to automate a wide variety of networking tasks during the scanning process. The scripts run in parallel to nmap scan and is used for various purposes like network discovery, brute forcing, vulnerability detection and exploitation, etc.

Scripts categories

• safe: doesn't affect the target

• intrusive: not safe, likely to affect the target

• vuln: scans for vulnerability

• exploit: attempts to exploit a vulnerability

• auth: attempts to bypass authentication for running services (eg. logging into an FTP server anonymously)

• brute: attempts to brute force credentials for running services

• discovery: attempts to query running services for further information about the network (eg. query on SNMP services)

• dos: checks for DoS or performs DoS attacks

• malware: checks for signs of malware infection

• fuzzer: launch fuzzing attacks

• default: Default scripts, same as -sC

• broadcast: discover hosts by sending broadcast messages

• external: checks using a third-party service, such as Geoplugin and Virustotal

• version: retrieves service versions

Usage

Use an appropriate script of the given category automatically:

--script=vuln

--script=safe

Use a specific script:

--script=http-fileupload-exploiter

Getting information about a particular script:

Example

Using http-put script to upload files using the PUT method:

Searching for NSE scripts

Looking for NSE scripts related to particular name

Alternatively,

Looking for NSE scripts related to particular NSE category

Updating and installing NSE script manually

For installation:

For update:

(scans the script directory and updates the internal database that Nmap uses)