⏩NMAP Scripts

Find Scripts

Find script related to a service your interested in, example here is ftp

locate .nse | grep [port name]

Example: 
locate .nse | grep ftp

ls /usr/share/nmap/scripts | grep smb

Typically NSE scripts that scans for vulnerabilities are at

ls -l /usr/share/nmap/scripts/

• you can use this scripts with --script=<ScriptName> ,

• it also support wildcard entries

grep Exploits /usr/share/nmap/scripts/*.nse

Help manual for scripts

What does a script do?

nmap --script-help [script name]

Example:
nmap --script-help ftp-anon

Vulnerability Scanning

We can scan for vulnerability Scanning nmap scripts:

Scan With All Scripts

Scan a target using all NSE scripts. May take an hour to complete.

Scan with particular Script

Scan entire network with script

Website Cloning:

We'll use -E to change the file extension to match the MIME type of the downloaded file. We'll convert all the links in the document to point to local alternatives with -k and use -K to save the original file with a .orig extension. Next, we'll use -p to download all the files necessary for viewing the specific page. The -e robots=off will ignore robots.txt directives which might otherwise hinder our download. We'll download all files from external hosts with -H, limited to files on the Mysite.us domain with -DMysite.us. Finally, we will use -nd save all files in a flat directory structure in our current working directory.