Nmap Scripts for Penetration Testing

 

How to Use Nmap Scripts for Penetration Testing

Nmap Scripts is a powerful tool for automating penetration testing, particularly for identifying vulnerabilities in hosts or targets.

Below you can find a cheat sheet of Nmap scripts.

HTTP scripts

  • nmap -sV --script http-csrf scanme.nmap.org
  • nmap -p80,443 --script http-apache-server-status scanme.nmap.org
  • nmap -p80,443 --script http-methods scanme.nmap.org
  • nmap -p80,443 --script http-errors scanme.nmap.org
  • nmap -p80, 443 --script http-grep.nse 10.0.2.13
  • nmap -p80,443 --script http-wordpress-enum.nse 10.0.2.254
  • nmap -p80,443 --script dns-brute scanme.nmap.org

SMB scripts

  • nmap -sT -p445 -iL iplist.txt --script smb-protocols
  • nmap -n -sT -p445 -iL iplist.txt --script smb-security-mode

SSL scripts

  • nmap -p80,443 --script ssl-enum-ciphers 10.0.2.7
  • nmap -p80,443 --script ssl-cert 10.0.2.7 -v

Vuln scripts

  • nmap -p80,443 --script vuln 10.0.2.13
  • nmap -sV --script vulners 10.0.2.13
  • nmap -sV --script vulners.nse 10.0.2.13
  • nmap -sV --script=vulners -oX filename.xml 10.0.2.13 → nicer formatting

WAF scripts

Nmap tools for WAF detection:


Nmap script to detect WAF:


Note: NMAP is very bad at detecting WAF


A great resource to have a look at is this one: https://nmap.org/nsedoc/lib/nmap


That's a wrap!

Dive deeper into the power of Nmap scripts on the Nmap website itself.


Comments

Popular Posts