• Div0 Blog Editor

10th Day of Christmas: nmap Scripting Engine (NSE)

On the 10th Day of Christmas, Div0 gave to me ... nmap Scripting Engine (NSE), msfvenom, searchsploit, urlcrazy, recon-ng, Zone Transfer Tool, Using Online Digest Databases, Hash Identification, Password Mutation Using JTR, and Custom Word List Generator (CeWL).

nmap Scripting Engine (NSE) features many scripts that can be used in a network penetration test. It allows users to write and automate networking tasks. It is written with the following features in mind (http://nmap.org/book/nse.html#nse-intro):

  • Network Discovery

  • More Sophisticated Version Detection

  • Vulnerability Detection

  • Backdoor Detection

  • Vulnerability Exploitation

A list of available scripts can be found on the nmap documentation: http://nmap.org/nsedoc/.

NSE In Action

Performing network recon on my test machine (IP address:

To obtain all the local configuration parameters via UDP port 67:

nmap -sU -p 67 --script dhcp-discover.nse

To check if various crawling utilities are allowed by the target machine:

nmap -p80 --script http-useragent-tester.nse

Shared by Tan Jun Hao.

6 views0 comments