Div0 Blog Editor
Jan 2, 20151 min
On the 10th Day of Christmas, Div0 gave to me ... nmap Scripting Engine (NSE), msfvenom, searchsploit, urlcrazy, recon-ng, Zone Transfer Tool, Using Online Digest Databases, Hash Identification, Password Mutation Using JTR, and Custom Word List Generator (CeWL).
nmap Scripting Engine (NSE) features many scripts that can be used in a network penetration test. It allows users to write and automate networking tasks. It is written with the following features in mind (http://nmap.org/book/nse.html#nse-intro):
Network Discovery
More Sophisticated Version Detection
Vulnerability Detection
Backdoor Detection
Vulnerability Exploitation
A list of available scripts can be found on the nmap documentation: http://nmap.org/nsedoc/.
Performing network recon on my test machine (IP address: 192.168.2.1).
To obtain all the local configuration parameters via UDP port 67:
nmap -sU -p 67 --script dhcp-discover.nse 192.168.2.1
To check if various crawling utilities are allowed by the target machine:
nmap -p80 --script http-useragent-tester.nse 192.168.2.1
Shared by Tan Jun Hao.