x64.moe

About NSE scripts

November 01, 2019

What is NSE

Network Script Engine(NSE) can be able to write for automation network scan.

About NSE

NSE is written by Lua. In Linux, Script locate /usr/local/share/nmap/scripts, and library locate /usr/local/share/nmap/nselib.

How to enable NSE

Add -sC option run default category NSE option.

--script option run the specified directory or script is executed by NSE.

Tutorial

Run nmap with NSE

$ nmap -sC example.com

Result

# nmap -sC example.com
Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-01 12:20 EDT
Nmap scan report for example.com (93.184.216.34)
Host is up (0.033s latency).
Other addresses for example.com (not scanned): 2606:2800:220:1:248:1893:25c8:1946
Not shown: 996 filtered ports
PORT     STATE  SERVICE
80/tcp   open   http
|_http-title: Example Domain
443/tcp  open   https
|_http-title: Example Domain
| ssl-cert: Subject: commonName=www.example.org/organizationName=Internet Corporation for Assigned Names and Numbers/stateOrProvinceName=California/countryName=US
| Subject Alternative Name: DNS:www.example.org, DNS:example.com, DNS:example.edu, DNS:example.net, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net
| Not valid before: 2018-11-28T00:00:00
|_Not valid after:  2020-12-02T12:00:00
|_ssl-date: TLS randomness does not represent time
| tls-alpn: 
|   h2
|_  http/1.1
| tls-nextprotoneg: 
|   h2
|   http/1.1
|_  http/1.0
1119/tcp closed bnetgame
1935/tcp closed rtmp

Nmap done: 1 IP address (1 host up) scanned in 14.74 seconds

Run nmap with NSE espesially vuln script

$ nmap -sC --script=vuln example.com

Result

Nmap scan report for example.com (93.184.216.34)
Host is up (0.028s latency).
Other addresses for example.com (not scanned): 2606:2800:220:1:248:1893:25c8:1946
Not shown: 996 filtered ports
PORT     STATE  SERVICE
80/tcp   open   http
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
443/tcp  open   https
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_sslv2-drown: 
1119/tcp closed bnetgame
1935/tcp closed rtmp

If you need run all NSE scripts, run the bellow command.

nmap --script all example.com

FAMASoon

Written by FAMASoon. Twitter/GitHub