Nmap, who doesn’t know this tool? I’m sure you already know and use it. As a computer users, especially system administrator, performing these kinds of checks is crucial, because a lot more damage can be done by a worm or a hacker using this vulnerability than by a scanner. Well this time, I would like to share about Nmap features, the NSE scripts. For those who do not have Nmap , you can download and install it first by following commands below :

1. Download Nmap and place to /usr/local/src/ directory

wget http://nmap.org/dist/nmap-5.51.tar.bz2 -O /usr/local/src/nmap-5.51.tar.bz2

2. Go to /usr/local/src/ and extract Nmap package.

cd /usr/local/src/; bzip2 -cd nmap-5.51.tar.bz2 | tar xvf -

4. Go to Nmap extracted and configure without Zenmap ( we don’t need nmap GUI mode )

cd nmap-5.51; ./configure --without-zenmap

5. install

make && make install

Once the installation is done, let’s take a look at the /usr/local/share/nmap/scripts/ directory.

ls /usr/local/share/nmap/scripts/

What the puk is that?

Well I don’t know… let’s check 1 of these script..

nmap --script-help http-enum.nse

then, you get information about the script.

Now, I want to try checking the web server using an existing script nmap:

nmap --script "http*" crayon.gov -p 80

The command above will run Nmap with all scripts which beginning with “http” for crayon.gov server on port 80
(Note: we specify port 80 to avoid scanning all ports because we’re focus on http protocol which generally uses port 80. If the port is not specified, then Nmap will scan all well known port and we’ll wait a long time for it.)

Example output result scan :

Another uses example: Scan for MS08-067 Vulnerability, Conficker, regsvc DoS, and SMBv2 DoS With Nmap ( my previous post )

Note : you may add the –script-trace and –script-updatedb for debug and development mode.

Source :

http://google.com/

http://nmap.org/book/nse-usage.html