Nmap Scripts for Penetration Testing
How to Use Nmap Scripts for Penetration Testing
Nmap Scripts is a powerful tool for automating penetration testing, particularly for identifying vulnerabilities in hosts or targets.
Below you can find a cheat sheet of Nmap scripts.
HTTP scripts
- nmap -sV --script http-csrf scanme.nmap.org
- nmap -p80,443 --script http-apache-server-status scanme.nmap.org
- nmap -p80,443 --script http-methods scanme.nmap.org
- nmap -p80,443 --script http-errors scanme.nmap.org
- nmap -p80, 443 --script http-grep.nse 10.0.2.13
- nmap -p80,443 --script http-wordpress-enum.nse 10.0.2.254
- nmap -p80,443 --script dns-brute scanme.nmap.org
SMB scripts
- nmap -sT -p445 -iL iplist.txt --script smb-protocols
- nmap -n -sT -p445 -iL iplist.txt --script smb-security-mode
SSL scripts
- nmap -p80,443 --script ssl-enum-ciphers 10.0.2.7
- nmap -p80,443 --script ssl-cert 10.0.2.7 -v
Vuln scripts
- nmap -p80,443 --script vuln 10.0.2.13
- nmap -sV --script vulners 10.0.2.13
- nmap -sV --script vulners.nse 10.0.2.13
- nmap -sV --script=vulners -oX filename.xml 10.0.2.13 → nicer formatting
WAF scripts
Nmap tools for WAF detection:
Nmap script to detect WAF:
Note: NMAP is very bad at detecting WAF
A great resource to have a look at is this one: https://nmap.org/nsedoc/lib/nmap
That's a wrap!
Dive deeper into the power of Nmap scripts on the Nmap website itself.
Comments
Post a Comment