Nmap scripts eine Seite
Version vom 15. Mai 2025, 16:09 Uhr von Thomas.will (Diskussion | Beiträge) (→Welche Authentifizierungsmethoden werden unterstützt)
Locate the scripts
- locate nse | grep scripts
Finding Vulnerability Scanning Scripts
- locate *vuln*.nse
oder besser
- cd /usr/share/nmap/scripts
- ls
help
- ssh-hostkey
- nmap --script-help=ssh-hostkey
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-01 05:06 CET ssh-hostkey Categories: safe default discovery https://nmap.org/nsedoc/scripts/ssh-hostkey.html Shows SSH hostkeys. Shows the target SSH server's key fingerprint and (with high enough verbosity level) the public key itself. It records the discovered host keys in <code>nmap.registry</code> for use by other scripts. Output can be controlled with the <code>ssh_hostkey</code> script argument. You may also compare the retrieved key with the keys in your known-hosts file using the <code>known-hosts</code> argument. The script also includes a postrule that check for duplicate hosts using the gathered keys.
- nfs-showmount
- nmap --script-help=nfs-showmount.nse
Starting Nmap 7.60 ( https://nmap.org ) at 2017-11-13 07:26 CET nfs-showmount Categories: discovery safe https://nmap.org/nsedoc/scripts/nfs-showmount.html Shows NFS exports, like the <code>showmount -e</code> command.
ssh misc
Fingerprint der Hostkeys
- nmap --script ssh-hostkey 192.168.34.1
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:03 CET Nmap scan report for 192.168.34.1 Host is up (0.00016s latency). Not shown: 994 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open ssh | ssh-hostkey: | 3072 2dc39f82ece37728cbc7b16c4acc6e2e (RSA) | 256 7bbe487966c2e675dba74b535bbf34a1 (ECDSA) |_ 256 20efafc3c2991472086ba11c0c8f6cda (ED25519) 25/tcp open smtp 53/tcp open domain 80/tcp open http 143/tcp open imap 993/tcp open imaps Nmap done: 1 IP address (1 host up) scanned in 0.35 seconds
Welche Authentifizierungsmethoden werden unterstützt
- nmap --script ssh-auth-methods 192.168.34.1
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:08 CET Nmap scan report for 192.168.34.1 Host is up (0.0010s latency). Not shown: 994 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open ssh | ssh-auth-methods: | Supported authentication methods: | publickey |_ password 25/tcp open smtp 53/tcp open domain 80/tcp open http 143/tcp open imap 993/tcp open imaps Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds
Welche Cipher-Suits werden unterstützt
- nmap --script ssh2-enum-algos 192.168.34.1
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:09 CET Nmap scan report for 192.168.34.1 Host is up (0.00015s latency). Not shown: 994 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open ssh | ssh2-enum-algos: | kex_algorithms: (9) | curve25519-sha256 | curve25519-sha256@libssh.org | ecdh-sha2-nistp256 | ecdh-sha2-nistp384 | ecdh-sha2-nistp521 | diffie-hellman-group-exchange-sha256 | diffie-hellman-group16-sha512 | diffie-hellman-group18-sha512 | diffie-hellman-group14-sha256 | server_host_key_algorithms: (5) | rsa-sha2-512 | rsa-sha2-256 | ssh-rsa | ecdsa-sha2-nistp256 | ssh-ed25519 | encryption_algorithms: (6) | chacha20-poly1305@openssh.com | aes128-ctr | aes192-ctr | aes256-ctr | aes128-gcm@openssh.com | aes256-gcm@openssh.com | mac_algorithms: (10) | umac-64-etm@openssh.com | umac-128-etm@openssh.com | hmac-sha2-256-etm@openssh.com | hmac-sha2-512-etm@openssh.com | hmac-sha1-etm@openssh.com | umac-64@openssh.com | umac-128@openssh.com | hmac-sha2-256 | hmac-sha2-512 | hmac-sha1 | compression_algorithms: (2) | none |_ zlib@openssh.com 25/tcp open smtp 53/tcp open domain 80/tcp open http 143/tcp open imap 993/tcp open imaps Nmap done: 1 IP address (1 host up) scanned in 0.42 seconds
ssh Bruteforce
- nmap --script ssh-brute 192.168.34.1
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:13 CET NSE: [ssh-brute] Trying username/password pair: root:root NSE: [ssh-brute] Trying username/password pair: admin:admin NSE: [ssh-brute] Trying username/password pair: administrator:administrator NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin ...
ssl misc
smtp misc
proxy misc
http misc
wordpress-version misc
Alle Schwachstellen
- nmap -sV --script vulners 10.0.10.104
NFS Check
- nmap -sV --script=nfs-showmount.nse 10.82.10.40
SMB Check
- nmap -p 445 --script smb-os-discovery 10.82.10.40
Traceroute Geolocation
- nmap --traceroute --script traceroute-geolocation.nse -p 80 www.facebook.com
FTP Bannergrabbing
- nmap -sV -p 21 --script=banner 10.3.4.12
Update the Script Database
- nmap --script-updatedb
links
- https://hackertarget.com/7-nmap-nse-scripts-recon/
- http://resources.infosecinstitute.com/nmap-scripting-example/#gref
- https://null-byte.wonderhowto.com/how-to/hack-like-pro-using-nmap-scripting-engine-nse-for-reconnaissance-0158681/
- https://pentestlab.blog/2012/03/08/nmap-scripting-engine-basic-usage-2/