Lesson 7: NMAP Scripting Engine

Use NSE scripts for vulnerability detection and advanced reconnaissance

1 / 4

Introduction to NMAP Scripting Engine (NSE)

The NMAP Scripting Engine (NSE) is one of NMAP's most powerful features, allowing users to run custom scripts for advanced network discovery, vulnerability detection, and exploitation.

What NSE Can Do

Security Testing:

• Vulnerability Detection: Find known security flaws
• Authentication Testing: Brute force and bypass attempts
• Configuration Analysis: Identify misconfigurations
• Malware Detection: Check for backdoors and trojans
• SSL/TLS Testing: Certificate and cipher analysis

Network Discovery:

• Service Enumeration: Detailed service information
• Database Discovery: Find and probe databases
• Web Application Testing: Directory discovery, forms
• Network Protocols: SNMP, SMB, LDAP enumeration
• Geolocation: IP-based location services

Basic NSE Usage

nmap --script default 192.168.1.100

Run default scripts (equivalent to -sC)

nmap -sC -sV 192.168.1.100

Combine default scripts with version detection

NSE Script Categories

safe

Scripts unlikely to crash services or consume excessive resources

intrusive

Scripts that may crash services or consume resources

vuln

Scripts that check for vulnerabilities

malware

Scripts that check for malware infections

discovery

Scripts for service and host discovery

version

Scripts for advanced version detection

auth

Scripts that deal with authentication

brute

Scripts that perform brute force attacks

default

Default scripts run with -sC