NSE


Finding Scripts : 
>>> locate .nse | grep [port name]
>>> ls -la /usr/share/nmap/scripts/  | grep -e ‘[ port name ]’


What This Script Do??
>>> nmap --script-help [script name]


Vulnerability Scanning : 
>>> nmap --script vuln $IP

>>> mkdir /usr/share/nmap/scripts/vulnscan; cd /usr/share/nmap/scripts/vulnscan; git clone https://github.com/scipag/vulscan.git; nmap -sS -sV --script=/usr/share/nmap/scripts/vulnscan/vulscan.nse $IP

[ use all HTTP Scripts ]
>>> nmap -p 80 --script=http*vuln* $IP 										

Every nmap Script
>>> nmap -p 80 --script=all $IP 								[ A-Z Scripts on target , may take an hours ]




[ entire network for a directory traversal vulnerability ]
>>> nmap -p 80 --script=http-vuln-cve2010-2861 $IP/24

More For Websites


basic auth brute force:
nmap -d -vv -p 80 --script http-brute --script-args http-brute.path=/ www.example.org

Run all nmap scan scripts against found ports.


nmap -Pn -sV -O -pT:{TCP ports found},U:{UDP ports found} --script *vuln* $ip

PreviousFlaconSpy.py NextAutoRecon

Last updated 3 years ago