Nmap scripts
Locate the scripts
- locate nse | grep scripts
Finding Vulnerability Scanning Scripts
- locate *vuln*.nse
oder besser
- cd /usr/share/nmap/scripts
- ls
Hilfe
- nmap --script-help=ssh-hostkey
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-01 05:06 CET ssh-hostkey Categories: safe default discovery https://nmap.org/nsedoc/scripts/ssh-hostkey.html Shows SSH hostkeys. Shows the target SSH server's key fingerprint and (with high enough verbosity level) the public key itself. It records the discovered host keys in <code>nmap.registry</code> for use by other scripts. Output can be controlled with the <code>ssh_hostkey</code> script argument. You may also compare the retrieved key with the keys in your known-hosts file using the <code>known-hosts</code> argument. The script also includes a postrule that check for duplicate hosts using the gathered keys.
ssh misc
ssl misc
smtp misc
proxy misc
http misc
wordpress-version misc
Alle Schwachstellen
- nmap -sV --script vulners 10.0.10.104
Finde Offene Proxys
- nmap --script "http-open-proxy" -p 3128 10.82.10.40
Host is up (0.0033s latency). rDNS record for 10.82.10.40: squid.linux.lab PORT STATE SERVICE 3128/tcp open squid-http | http-open-proxy: Potentially OPEN proxy. |_Methods supported: GET HEAD CONNECTION
Help with a script
- nmap --script-help=nfs-showmount.nse
Starting Nmap 7.60 ( https://nmap.org ) at 2017-11-13 07:26 CET nfs-showmount Categories: discovery safe https://nmap.org/nsedoc/scripts/nfs-showmount.html Shows NFS exports, like the <code>showmount -e</code> command.
NFS Check
- nmap -sV --script=nfs-showmount.nse 10.82.10.40
SMB Check
- nmap -p 445 --script smb-os-discovery 10.82.10.40
Traceroute Geolocation
- nmap --traceroute --script traceroute-geolocation.nse -p 80 www.facebook.com
FTP Bannergrabbing
- nmap -sV -p 21 --script=banner 10.3.4.12
Update the Script Database
- nmap --script-updatedb
links
- https://hackertarget.com/7-nmap-nse-scripts-recon/
- http://resources.infosecinstitute.com/nmap-scripting-example/#gref
- https://null-byte.wonderhowto.com/how-to/hack-like-pro-using-nmap-scripting-engine-nse-for-reconnaissance-0158681/
- https://pentestlab.blog/2012/03/08/nmap-scripting-engine-basic-usage-2/