They are used to perform DNS enumeration, DHCP discovery and recursion, HTTP index page finding, finding software versions, HTTP TRACE, IP forwarding checks, IRC info, NFS mounting, etc.
Safe Scan nmap – script safe Ī safe script is a group of less intrusive NSE scripts which makes low noise while using them against the remote system. This category of Nmap scripts is used to perform banner grabbing, cics information, Citrix enumeration, DNS zone check, HTTP user-agent testing, icap information, MS SQL configuration, SMB enumeration, etc. The external script is a group of scripts which runs multiple individual Nmap scripts at once and checks the access and status of services running on the target by using external testing services which includes DNS discovery, HTTP Cross-Domain policy, XSSed database searches, CVSS checks for known vulnerabilities, TOR node checks, SMTP open relay checks, Shodan searches, Geo-location of IP address, and etc.ĭiscovery Scan nmap – script discovery ĭiscovery scripts are ideal when you need to have as much information as possible of your remote target. They are used to expose the necessary information related to the operating system like the workgroup name, the NetBIOS names, FTP bounce check, FTP anonymous login checks, SSH checks, DNS discovery and recursion, clock skew, HTTP methods, rpcinfo, VNC info, SSL check, etc.
Part 5: Nmap on Windows 10 NSE Scripts Overview Command Option -script default Default Scan -script external Scan by External Sources -script discovery Discovery Scan -script safe Safe Scan -script vuln Common Vulnerability Scan -script auth Authentication Scan -script broadcast Broadcast Scan -script exploit Exploit Scan Default Scan nmap – script default Ī default script is a group of scripts which runs a bunch of individual analysis scripts at once. The basic syntax for executing an NSE script is: nmap – script In Linux and Unix, the default storage location is the /usr/share/nmap/scripts subdirectory while in Windows, the default location is C:\Program Files\Nmap\scripts. You can even download a third-party custom made script which can run with Nmap. These Nmap scripts are written in the LUA programming language and named with the extension.
Now that you know how to work with Advanced Nmap commands as shown in the article of Advanced Nmap Commands we now can go ahead and tackle the next topic.