Analyzing hosts and networks with Nmap
Scripting Engine
For more detailed investigations, Nmap version 4.5 or later comes with the Nmap Scripting Engine (NSE). With NSE and the current crop of 430 NSE scripts implemented in Lua, you can elicit many additional details from individual hosts (Table 1).
Table 1
NSE Scripts
Name | Purpose |
---|---|
|
Bypass authentication |
|
Brute force attack |
|
Denial-of-service test |
|
Call shares and websites |
|
Attack server with unexpected input |
|
Check for known vulnerabilities |
To discover what the individual scripts actually do, run the
nmap --script-help "*"
command. If you replace the asterisk with a category or script name, you only receive information about the associated script(s).
To run one or more scripts against one or more hosts, you can use the
nmap --script <name>
command, where <name>
refers to a script, a whole category, a directory of scripts, or a regular expression. Some scripts require additional parameters, which you pass in to Nmap, as in --script-args <parameter>
. Using the
nmap - script http-enum <target>
command, for example, will attempt to identify all the interesting URLs that the target host offers (Figure 8).
On the other hand,
nmap -sV -O --script vuln <target>
lets you run all the scripts in the vuln
category against each host on the network. Scanning every host with a single command does not replace a thorough review, but it does discover some common vulnerabilities very quickly.
In addition to the NSE scripts included in the Nmap package, you will find more on the Nmap developer list [6] or on the pages of individual developers. You can copy the scripts to Nmap's script directory, if needed, and then bind them to the port scanner using the nmap --script-updatedb
command.
Conclusions
Nmap is a very powerful tool whose capabilities go far beyond those of a normal port scanner. The software already supports IPv6 and does not simply give you yes/no statements on whether ports are open; rather, it also determines exactly which services and operating systems are running on the computers under investigation.
Nmap scans both TCP and UDP ports and comes with a number of ping test methods that can work despite firewalls. Additional tricks, such as packages filled with random characters, can also help trick firewalls, IDS, and IPS systems. The Nmap Scripting Engine lets you automate many steps. If you frequently need to analyze networks, it pays to read the excellent and extensive Nmap documentation, which provides examples and a huge amount of background knowledge.
Before you start investigating a third-party host or network, be sure you obtain the consent of the operator; otherwise, they will feel they are being attacked, which can lead to unpleasant legal consequences. If you want to practice, do so on your home network – or use the scanme
host offered by Nmap [7].
Infos
- Nmap: http://nmap.org
- Nmap source code: http://nmap.org/download.html
- CIDR notation: http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation
- Nmap fingerprint submitter: http://insecure.org/cgi-bin/submit.cgi
- Screen: http://www.gnu.org/software/screen/
- Nmap developer list: http://seclists.org/nmap-dev/
- Nmap Scanme: http://scanme.nmap.org
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.
-
ZorinOS 17.1 Released, Includes Improved Windows App Support
If you need or desire to run Windows applications on Linux, there's one distribution intent on making that easier for you and its new release further improves that feature.
-
Linux Market Share Surpasses 4% for the First Time
Look out Windows and macOS, Linux is on the rise and has even topped ChromeOS to become the fourth most widely used OS around the globe.
-
KDE’s Plasma 6 Officially Available
KDE’s Plasma 6.0 "Megarelease" has happened, and it's brimming with new features, polish, and performance.
-
Latest Version of Tails Unleashed
Tails 6.0 is based on Debian 12 and includes GNOME 43.
-
KDE Announces New Slimbook V with Plenty of Power and KDE’s Plasma 6
If you're a fan of KDE Plasma, you'll be thrilled to hear they've announced a new Slimbook with an AMD CPU and the latest version of KDE Plasma desktop.
-
Monthly Sponsorship Includes Early Access to elementary OS 8
If you want to get a glimpse of what's in the pipeline for elementary OS 8, just set up a monthly sponsorship to help fund its continued existence.