Network Enumeration with Nmap - Nmap Scripting Engine

#readwise # Network Enumeration with Nmap - Nmap Scripting Engine ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/static/images/article3.5c705a01b476.png) ## Metadata - Author: [[Hack The Box]] - Full Title: Network Enumeration with Nmap - Nmap Scripting Engine - URL: https://academy.hackthebox.com/module/19/section/108 ## Summary The Nmap Scripting Engine (NSE) allows users to create Lua scripts for interacting with services. There are 14 script categories, including those for authentication, discovery, and vulnerability assessment. Users can run default scripts or specify particular scripts for targeted scans. NSE helps identify system information and vulnerabilities, making it a valuable tool for network scanning. ## Highlights Nmap Scripting Engine (`NSE`) is another handy feature of `Nmap`. It provides us with the possibility to create scripts in Lua for interaction with certain services. There are a total of 14 categories into which these scripts can be divided. ^6rw6xu | Category | Description | | ----------- | --------------------------------------------------------------------------------------------------------------------------------------- | | `auth` | Determination of authentication credentials. | | `broadcast` | Scripts, which are used for host discovery by broadcasting and the discovered hosts, can be automatically added to the remaining scans. | | `brute` | Executes scripts that try to log in to the respective service by brute-forcing with credentials. | | `default` | Default scripts executed by using the `-sC` option. | | `discovery` | Evaluation of accessible services. | | `dos` | These scripts are used to check services for denial of service vulnerabilities and are used less as it harms the services. | | `exploit` | This category of scripts tries to exploit known vulnerabilities for the scanned port. | | `external` | Scripts that use external services for further processing. | | `fuzzer` | This uses scripts to identify vulnerabilities and unexpected packet handling by sending different fields, which can take much time. | | `intrusive` | Intrusive scripts that could negatively affect the target system. | | `malware` | Checks if some malware infects the target system. | | `safe` | Defensive scripts that do not perform intrusive and destructive access. | | `version` | Extension for service detection. | | `vuln` | Identification of specific vulnerabilities. | ^al4fe0 ([View Highlight](https://read.readwise.io/read/01jp4j8na9hxgny296y65y8qm9)) --- Default Scripts ```sh sudo nmap <target> -sC ``` ^7s27cb Specific Scripts Category ```sh sudo nmap <target> --script <category> ``` ^hi1ywi Defined Scripts ```sh sudo nmap <target> --script <script-name>,<script-name>,... ``` ^r7r9lz ([View Highlight](https://read.readwise.io/read/01jp4jce6kv5fx609y6gqwj84h)) --- `Nmap` also gives us the ability to scan our target with the aggressive option (`-A`). This scans the target with multiple options as service detection (`-sV`), OS detection (`-O`), traceroute (`--traceroute`), and with the default NSE scripts (`-sC`). ([View Highlight](https://read.readwise.io/read/01jp4jg3r53tk53bpycrbxrj7m)) ^34dbdn --- More information about NSE scripts and the corresponding categories we can find at: [https://nmap.org/nsedoc/index.html](https://nmap.org/nsedoc/index.html) ([View Highlight](https://read.readwise.io/read/01jp4jmdnvwpmvrqy3ak6wtpsr)) ---