Nmap from Scratch | Part-6 | NSE ( Nmap Scripting Engine )

Initially, Nmap was just a port scanner, but on 10th December 2006, Nmap launched the NSE (Nmap scripting engine) which changed the entire thing about how people looked at Nmap, now it was not just a port scanner but a port scanner with so much more.

Nmap contains a total number of 589 scripts (Version 7.70), there are a lot of scripts that are useful but not all of them works perfectly, it’s like other tools a better for that particular task, so we’ll look at how we can use the powerful NSE and what scripts to use.

To see all the scripts, navigate to

According to Nmap manual

-sC performs a script scan using the default set of scripts. It is equivalent to --script=default. Some of the scripts in this category are considered intrusive and should not be run against a target network without permission.

So, kindly take permission before running this type of scan against a target .

SYNTAX:

For manually specifying script we use

Using this option we specify a script, and use other options like help to understand what the script is used for.

The best way to find out a script according to your need is to use the locate command, so let’s suppose if we want to search for all SSH scripts, we’ll write

Result:

We can see that we have total seven script for SSH, to understand what does a script do, we can write:

SYNTAX:

Example:

Result:

So let’s see it in action

Scanning the target for SSH

Result:

From the result we can conclude that port 22 is open, now let’s find what version of SSH the target host is running.

Result:

So the target system is running OpenSSH 6.6.1p1 we can look out for exploits for this version of SSH on the internet, but for now we’ll only use the script.

Brute forcing SSH login using NSE:

Nmap will try every possible username-password combination present in it’s word list to brute force the target.

In brief:

  • Scan the target and find out the services running
  • Look for exploits for the running service on the internet.
  • Try to exploit the target ( using any tool from plethora of different tools )
  • If the exploit fails, try another exploit
  • If it fails again , try again, until you successfully exploit the target.

Remember:

“The master has failed more times than the beginner has even tried.”

STEPHEN MCCRANIE

Few more script:

That’s it for this blog, try to play around the NSE scripts, you can even install new scripts from the internet using wget and don’t forget to update the NSE engine using

In next blog we’ll cover how to work upon the timing and performance of Nmap scans, till then keep practicing !

Infosec Enthusiast | Student