iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (2)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Using NSE scripts in nmap
  • chroniccommand
    Posts: 1,389
    [Intro]
    Nmap Scripting Language. NSE scripts. What are they? They're scripts written by coders for nmap. They're coded in the LUA language. They can be found at http://nmap.org/nsedoc/


    [Using them]
    Using NSE scripts is simple. NSE is built right into the nmap command line. For example, lets say we want to use the 'safe' script 'finger'. Which attempts to retrieve a list of usernames from the database. We can use a regular nmap scan and add the script on. For this particular script, we can use it like so:
    nmap -sV -sC <target>

    And we would get this type output

    PORT   STATE SERVICE
    79/tcp open  finger
    | finger:
    | Welcome to Linux version 2.6.31.12-0.2-default at linux-pb94.site !
    |  01:14am  up  18:54,  4 users,  load average: 0.14, 0.08, 0.01
    |
    | Login      Name                  Tty      Idle  Login Time   Where
    | Gutek      Ange Gutek           *:0          -     Wed 06:19 console
    | Gutek      Ange Gutek            pts/1   18:54     Wed 06:20
    | Gutek      Ange Gutek           *pts/0       -     Thu 00:41
    |_Gutek      Ange Gutek           *pts/4       3     Thu 01:06

    Now we have the user list.

    There are more sections on the nmap NSEdoc section. Such as malware, intrusive, auth etc. Lets say we want to use intrusive. Intrusive means system admins will be more alerted by these scripts. Lets say we want to use ftp-brute, which brute forces an ftp password.


    nmap -sV --script=ftp-brute <target>

    And we would get this output:

    PORT   STATE SERVICE REASON
    21/tcp open  ftp     syn-ack
    |  ftp-brute:
    |  |  anonymous: IEUser@
    |_ |_ test: password


    You can change to any script by changing the '--script=' on the command line.

    [more]
    So instead of be a bit of a skid and use other users NSE scripts, you can code your own if you'd like. LUA is a pretty portable language and looks pretty easy. More info can be found HERE or you can google how to code NSE scripts. They looks pretty easy if you know what you're doing.
  • _st4ck3D*
    Posts: 83
    As always well done written. Nice guide too. Thanks for the share.
  • Xin
    Posts: 3,251
    Nice guide chronic, i recently read about these in a nmap book i got
    Xin
  • Bursihido
    Posts: 406
    great guide chronic :)
Add a Comment