NMAP as a VA tool !!

NMAP a great Penetration-testing tool, which was only used as a Port-Scanning and Enumeration tool, has now got some additional and more powerful features then it’s previous versions.

with the newly added “NSE” Nmap Scripting Engine which uses “Lua”

The NSE (”The Nmap Scripting Engine“) executes the script in parallel with the ongoing scan. Scripts are written in the embedded Lua programming language.

The NSE scripts can be found under:-

/usr/share/nmap/scripts/

There are currently the following categories:

auth, default, discovery, external, intrusive, malware, safe, version, and vuln.

the above categories can be used together as well, seperated by commas:

nmap -v –script=malware,vuln,discovery hostipaddress.com

Some common examples of using NMAP with NSE are as follows:-

to update the Scripts use the following:  nmap --script-updatedb

nmap -v -sC hostipaddress.com

nmap -v –script=all hostipaddress.com

nmap -v –script=default hostipaddress.com

nmap -v –script=malware hostipaddress.com

there can be many more options, depending upon what exactly you are trying to find out.

however, it will not be too late, to see NMAP as a Full-Blown Vulnerability Scanner, like or more powerfull than Nessus.

Need all your comments.

Thanks

Nitin Kushwaha

CHFI.CEH.SCSCA.CIW-SA.MCSE.MCSA.MCP.ITIL

Advertisements
Categories: Basics, Hot and Latest, IncidentResponse, Linux, Microsoft Windows, MyOwn, Personal, Techno, Uncategorized, Unix | Tags: | Leave a comment

Post navigation

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: