Enhance security audits with Nmap and NSE scripts

Nmap is one of the most critical network scanning and security assessment tools in a security admin’s arsenal. While many use it regularly to run basic scans, most admins are not familiar with the available Nmap Scripting Engine (NSE), which automates many useful functions and extends Nmap’s capabilities well beyond the basic singular commands.
One key use case is combining an Nmap scan with an NSE <a href=”https://www.techtarget.com/searchsecurity/definition/brute-force-cracking”>brute-force password attack</a> against detected SSH systems. Follow along for instructions and to learn more about Nmap’s extensibility in modern network assessment and penetration testing.
<section class=”section main-article-chapter” data-menu-title=”Background: Nmap and the Nmap Scripting Engine”>
<h2 class=”section-title”>Background: Nmap and the Nmap Scripting Engine</h2>
Learning to use Nmap effectively enables system, network and security admins to explore and audit their environments, proving compliance and validating configurations. Begin by learning Nmap basics before exploring the NSE.
<h3>What is Nmap?</h3>
Nmap is a revolutionary tool that has aided network admins and pen testers for decades. It scans network environments and generates reports on host discovery, <a href=”https://www.techtarget.com/searchsecurity/feature/How-to-use-Nmap-to-scan-for-open-ports”>open ports</a>, OSes, service enumeration and more.
Review the following basic Nmap examples to understand the command syntax.
Basic scan of a single host using the top 1000 ports:
<pre>nmap 192.168.2.200</pre>
Basic scan of an entire subnet:
<pre>nmap 192.168.2.0/24</pre>
Advanced and aggressive stealth and detection scan:
<pre>nmap -sS -sV -O -A -p- 192.168.2.200</pre>
Many admins generate a large amount of useful information with these simple scans, and some never use Nmap beyond these fundamental capabilities. However, Nmap includes far more functionality, including automation options.
<h3>What is the Nmap Scripting Engine?</h3>
NSE is a Lua-based framework built into Nmap to automate workflows and extend the tool’s functionality beyond standard discovery scans. It enables users to share scripts that turn Nmap into an even more helpful tool. The NSE is an <a target=”_blank” href=”https://nmap.org/book/man-nse.html” rel=”noopener”>official component of Nmap</a> and can be found at the primary Nmap homepage. It includes <a target=”_blank” href=”https://nmap.org/book/nse.html” rel=”noopener”>extensive documentation</a>.
Scripts are identified by one or more categories to help admins find them and understand their use. Category examples include the following:
<ul class=”default-list”>
<li>auth examines authentication credentials.</li>
<li>brute attempts brute-force authentication.</li>
<li>discovery queries additional resources to find more detailed target information.</li>
<li>fuzzer sends unexpected information to targets to test capabilities.</li>
<li>safe contains scripts not designed to disrupt services.</li>
<li>vuln checks for and reports known vulnerabilities without disrupting services.</li>
</ul>
The default category consists of a standard set of automated tasks. Explore its capabilities before running it on production systems. Check out the <a target=”_blank” href=”https://nmap.org/book/nse-usage.html#nse-categories” rel=”noopener”>full list of NSE script categories</a>.
Call these scripts by adding the -sC or –script options to standard Nmap commands

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Search Security Resources and Information from TechTarget

Read the original article:

Enhance security audits with Nmap and NSE scripts

Enhance security audits with Nmap and NSE scripts

Read the original article:

Like this:

Related

Read the original article:

Share this:

Like this:

Related

Post navigation