OSCP Notes
Search…
Nmap Scripts

Find Scripts

Find script related to a service your interested in, example here is ftp
1
locate .nse | grep [port name]
2
3
Example:
4
locate .nse | grep ftp
Copied!
1
locate nse | grep script
Copied!
Typically NSE scripts that scans for vulnerabilities are at
1
ls -l /usr/share/nmap/scripts/
Copied!

Help manual for scripts

What does a script do?
1
nmap --script-help [script name]
2
3
Example:
4
nmap --script-help ftp-anon
Copied!

Vulnerability Scanning

We can scan for vulnerability Scanning nmap scripts:
1
nmap --script vuln [ip target]
Copied!
1
nmap -p 80 --script=all [ip target]
2
# Scan a target using all NSE scripts. May take an hour to complete.
Copied!
1
nmap -p 80 --script=*vuln* [ip target]
2
# Scan a target using all NSE vuln scripts.
Copied!
1
nmap -p 80 --script=http*vuln* [ip target]
2
# Scan a target using all HTTP vulns NSE scripts.
Copied!
1
nmap -p 21 --script=ftp-anon [ip target]/24
2
# Scan entire network for FTP servers that allow anonymous access.
Copied!
1
nmap -p 80 --script=http-vuln-cve2010-2861 [ip target]/24
2
# Scan entire network for a directory traversal vulnerability. It can even retrieve admin's password hash.
Copied!
Last modified 1yr ago