⏩NMAP Scripts
Find Scripts
Find script related to a service your interested in, example here is ftp
locate .nse | grep [port name]
Example:
locate .nse | grep ftpls /usr/share/nmap/scripts | grep smbTypically NSE scripts that scans for vulnerabilities are at
ls -l /usr/share/nmap/scripts/you can use this scripts with
--script=<ScriptName>,it also support wildcard entries
grep Exploits /usr/share/nmap/scripts/*.nseHelp manual for scripts
What does a script do?
nmap --script-help [script name]
Example:
nmap --script-help ftp-anonVulnerability Scanning
We can scan for vulnerability Scanning nmap scripts:
nmap --script vuln [ip target]Scan With All Scripts
Scan a target using all NSE scripts. May take an hour to complete.
nmap -p 80 --script=all [ip target]nmap -p 80 --script=*vuln* [ip target]
# Scan a target using all NSE vuln scripts.nmap -p 80 --script=http*vuln* [ip target]
# Scan a target using all HTTP vulns NSE scripts.Scan with particular Script
nmap -p 21 --script=ftp-anon [ip target]/24
# Scan entire network for FTP servers that allow anonymous access.Scan entire network with script
nmap -p 80 --script=http-vuln-cve2010-2861 [ip target]/24
# Scan entire network for a directory traversal vulnerability. It can even retrieve admin's password hash.Website Cloning:
We'll use -E to change the file extension to match the MIME type of the downloaded file. We'll convert all the links in the document to point to local alternatives with -k and use -K to save the original file with a .orig extension. Next, we'll use -p to download all the files necessary for viewing the specific page. The -e robots=off will ignore robots.txt directives which might otherwise hinder our download. We'll download all files from external hosts with -H, limited to files on the Mysite.us domain with -DMysite.us. Finally, we will use -nd save all files in a flat directory structure in our current working directory.
wget -E -k -K -p -e robots=off -H -Dmysite.us -nd "https://mywebsite.us/signin#/login"Last updated