book

Mastering the Nmap Scripting Engine

Name: Mastering the Nmap Scripting Engine
Author: Paulino Calderon
ISBN: 9781782168317

by Paulino Calderon

February 2015

Beginner to intermediate

244 pages

4h 37m

English

Packt Publishing

Read now

Unlock full access

Mastering the Nmap Scripting Engine
Table of Contents
Mastering the Nmap Scripting Engine
Credits
About the Author
Acknowledgments
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holders
Preface
What this book covers
What you need for this book

Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example codeErrataPiracyQuestions
1. Introduction to the Nmap Scripting Engine
Installing NmapBuilding Nmap from source codeKeeping Nmap up to date
Running NSE scripts
Script categories
NSE script selectionSelecting by script name or categorySelecting by filename or folderAdvanced script selection with expressionsNSE script argumentsLoading script arguments from a fileForcing the execution of NSE scriptsDebugging NSE scripts
Scan phases and NSE
NSE script rules
Applications of NSE scripts
Information-gatheringCollecting UPNP informationFinding all hostnames resolving to the same IP addressAdvanced host discoveryDiscovering hosts with broadcast pingsListening to your LAN to discover targetsPassword auditingBrute-forcing MySQL passwordsBrute-forcing SMTP passwordsVulnerability scanningDetecting insecure MySQL server configurationsDetecting web servers vulnerable to slow denial-of-service attacksDetecting SSL servers vulnerable to CVE-2014-3566
Setting up a development environment
Halcyon IDE
Adding new scripts
Summary
2. Lua Fundamentals
Quick notes about LuaCommentsDummy assignmentsIndexesSemanticsCoercionSafe languageBooleans
Flow control structures
Conditional statements – if-then, else, and elseifLoops – whileLoops – repeatLoops – for
Data types
String handling
Character classesMagic charactersPatternsCapturesRepetition operatorsConcatenationFinding substringsString repetitionString lengthFormatting stringsSplitting and joining strings
Common data structures
TablesArraysLinked listsSetsQueuesCustom data structureshttp-enum databasehttp-default-accounts
I/O operations
ModesOpening a fileReading a fileWriting a fileClosing a file
Coroutines
Creating a coroutineExecuting a coroutineDetermining the running coroutineGetting the status of a coroutineYielding a coroutine
Metatables and metamethods
Arithmetic metamethodsRelational metamethods
Summary
3. NSE Data Files
Locating your data directory
Data directory search order
Username and password lists used in brute-force attacks
Username dictionariesPassword dictionaries
Web application auditing data files
http-fingerprints.luahttp-sql-errors.lsthttp-web-files-extensions.lsthttp-devframework-fingerprints.luahttp-folders.txtvhosts-default.lstwp-plugins.lst
DBMS-auditing data files
mysql-cis.auditoracle-default-accounts.lstoracle-sids
Java Debug Wire Protocol data files
JDWPExecCmd.javaJDWPSystemInfo.class
Other NSE data files
mygroupnames.dbrtsp-urls.txtsnmpcommunities.lstssl-ciphersssl-fingerprintsike-fingerprints.luatftplist.txt
Other Nmap data files
Summary
4. Exploring the Nmap Scripting Engine API and Libraries
Understanding the structure of an NSE scriptOther NSE script fieldsAuthorLicenseDependenciesA sample NSE script
Exploring environment variables
Accessing the Nmap API
NSE argumentsHost tablePort tableException handling in NSE scripts
The NSE registry
Writing NSE libraries
Extending the functionality of an NSE libraryNSE modules in C/C++
Exploring other popular NSE libraries
stdnseopenssltargetshortportcredsvulnshttp
Summary
5. Enhancing Version Detection
Understanding version detection mode in NSEPhases of version detectionAdjusting the rarity level of a version scanUpdating the version probes databaseTaking a closer look at the file formatExcluding scanned ports from version detectionUsing fallbacks to match other version probesGetting to know post-processorsNmap Scripting EngineSSL
Writing your own version detection scripts
Defining the category of a version detection scriptDefining the portrule of a version detection scriptUpdating the port version informationSetting the match confidence level
Examples of version detection scripts
NSE script – modbus-discoverNSE script – ventrilo-infoNSE script – rpc-grind
Summary
6. Developing Brute-force Password-auditing Scripts
Working with the brute NSE librarySelecting a brute modeImplementing the Driver classPassing library and user optionsReturning valid accounts via Account objectsHandling execution errors gracefully with the Error class
Reading usernames and password lists with the unpwdb NSE library
Managing user credentials found during scans
Writing an NSE script to launch password-auditing attacks against the MikroTik RouterOS API
Summary
7. Formatting the Script Output
Output formats and Nmap Scripting Engine
XML structured output
Implementing structured output in your scripts
Printing verbosity messages
Including debugging information
The weakness of the grepable format
NSE script output in the HTML report
Summary
8. Working with Network Sockets and Binary Data
Working with NSE socketsCreating an NSE socketConnecting to a host using NSE socketsSending data using NSE socketsReceiving data using NSE socketsClosing NSE socketsExample script – sending a payload stored in a file over a NSE socket
Understanding advanced network I/O
Opening a socket for raw packet captureReceiving raw packetsSending packets to/from IP and Ethernet layers
Manipulating raw packets
Packing and unpacking binary dataBuilding Ethernet frames
Raw packet handling and NSE sockets
Summary
9. Parallelism
Parallelism options in NmapScanning multiple hosts simultaneouslyIncreasing the number of probes sentTiming templates
Parallelism mechanisms in Lua
CoroutinesWorking with coroutines
Parallelism mechanisms in NSE
NSE threadsCondition variablesMutexes
Consuming TCP connections with NSE
Summary
10. Vulnerability Detection and Exploitation
Vulnerability scanningThe exploit NSE categoryExploiting RealVNCDetecting vulnerable Windows systemsExploiting the infamous heartbleed vulnerabilityExploiting shellshock in web applications
Reporting vulnerabilities
Using the vulns library in your NSE scripts
Summary
A. Scan Phases
B. NSE Script Template
Other templates online
C. Script Categories
D. Nmap Options Mind Map
E. References
Index

Content preview from Mastering the Nmap Scripting Engine

Username and password lists used in brute-force attacks

The brute library and all the NSE scripts depending on it use two separate databases to retrieve usernames and passwords when performing brute-force password-auditing attacks. The dictionaries distributed with Nmap are somewhat small since it wouldn't be practical to include and distribute large files. It is up to the users to either replace the dictionaries or provide different dictionaries via the library arguments, given that the default username and password dictionaries are only 72 KB and 46 KB in size, respectively.

Keep in mind that the effectiveness of all your brute-force attacks depends on how good your dictionaries are.

Username dictionaries

Usernames are stored in your Nmap data ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Mastering VMware vSphere 6.7 - Second Edition

Publisher Resources

ISBN: 9781782168317

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Mastering the Nmap Scripting Engine

by Paulino Calderon

Username and password lists used in brute-force attacks

Username dictionaries

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.