Nmap Scripting

Did you know that Nmap has a scripting language and can do things such as enumerating details on WordPress sites like usernames and installed plugins, check for vulnerabilities or do brute forcing? On the Security Weekly podcast episode 457 they brought up Nmap scripting and the fact that a ton of scripts come included with Nmap. I had no clue. On OSX the scripts directory for Nmap is located here /usr/local/share/nmap/scripts If you use another OS just do a search for *.nse and you will find the scripts directory.

Nmap script usage:

nmap --script <script name> <target>

Example of a script that enumerates visible folders and files on a web server:

nmap --script http-enum google.com

 

http://wiki.securityweekly.com/wiki/index.php/Episode457

https://nmap.org/book/nse-usage.html

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s