N m a p S c r ip t in g E n g in e  R u lin g t h e n e t w o r k w it h N m a p                 o n s t e r o id sHani Be...
S umma ryNmapNmap Scripting EngineWriting Nmap scripts
Nma pNetwork scannerOpen Source1997, by FyodorLatest version: 5.51 (stable), 5.61TEST5 (Dev)THE tool
Nma pHost discovey (Are there devices on these IPs? )-PE, -PS, -PA, -PU, -PP, -PR etc...
Nma pPort scanning-sS, -sT, -sU, -sA etc...
Nma pVersion detection-sVnmap-service-probes
Nma pOS detection-Onmap-os-db
S t ill, n o t f le x ib le      e no u g h...
N m a p S c r ip t in g E n g in e2006, by Diman Todorov (GSoC project)Extends Nmap capabilitiesScripts are written in Lua
N m a p S c r ip t in g E n g in e365 scripts/usr/share/nmap/scripts/95 libraries/usr/share/nmap/nselib/
N m a p S c r ip t in g E n g in eScript types: Prerule, Host, Service, PostruleScript categories: broadcast, brute, defau...
N m a p S c r ip t in g E n g in e
N m a p S c r ip t in g E n g in e
P ha s e s of a n Nma p              sc anScript pre-scanningTarget enumerationHost discoveryReverse-DNS resolutionPort sc...
E x e c u t in g S c r ip t s--script http-enum--script default,safe--script http-* --script-args user=foo
N m a p S c r ip t in g E n g in e
D e mo (broa dc a s t     s c r ip t s )
W r it in g N m a p s c r ip t sScripting languageFast and very lightUsed by other security projects(Wireshark, Snort, Mod...
W r it in g N m a p s c r ip t sMeta-informationdescription, categories, dependencies, author andlicense.
W r it in g N m a p s c r ip t sRulesPrerule, hostrule, portrule, postruleMay have more than one rule
W r it in g N m a p s c r ip t sactionCore of the scriptFunction executed when a rule returns true.
L e s s t a lk . . .
W r it in g N m a p s c r ip t sDrupal Views module Information LeakagePermits recovering list of usersadmin/views/ajax/au...
W r it in g N m a p s c r ip t sNot patchedDrupal.org is vulnerable :)For more information:http://www.madirish.net/node/465
L e t  s w r it e it
H e lp t h e p r o je c tTesting scriptsIdeas for new scriptsContribute scriptsnmap-dev@insecure.org
Th a n k yo u !   Hani Benhabiles   Twitter: @kroosec   Email: hani.benhabiles@owasp.org
Upcoming SlideShare
Loading in...5
×

BSides Algiers - Nmap Scripting Engine - Hani Benhabiles

651

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
651
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
48
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

BSides Algiers - Nmap Scripting Engine - Hani Benhabiles

  1. 1. N m a p S c r ip t in g E n g in e R u lin g t h e n e t w o r k w it h N m a p o n s t e r o id sHani BenhabilesPresident @ OWASP Algeria Student ChapterNmap-dev team (gsoc)Security enthusiastStudent @ ESI Twitter: @kroosec Email: hani.benhabiles@owasp.org
  2. 2. S umma ryNmapNmap Scripting EngineWriting Nmap scripts
  3. 3. Nma pNetwork scannerOpen Source1997, by FyodorLatest version: 5.51 (stable), 5.61TEST5 (Dev)THE tool
  4. 4. Nma pHost discovey (Are there devices on these IPs? )-PE, -PS, -PA, -PU, -PP, -PR etc...
  5. 5. Nma pPort scanning-sS, -sT, -sU, -sA etc...
  6. 6. Nma pVersion detection-sVnmap-service-probes
  7. 7. Nma pOS detection-Onmap-os-db
  8. 8. S t ill, n o t f le x ib le e no u g h...
  9. 9. N m a p S c r ip t in g E n g in e2006, by Diman Todorov (GSoC project)Extends Nmap capabilitiesScripts are written in Lua
  10. 10. N m a p S c r ip t in g E n g in e365 scripts/usr/share/nmap/scripts/95 libraries/usr/share/nmap/nselib/
  11. 11. N m a p S c r ip t in g E n g in eScript types: Prerule, Host, Service, PostruleScript categories: broadcast, brute, default (-A),discovery, dos, safe, version, vuln...http://nmap.org/nsedoc/
  12. 12. N m a p S c r ip t in g E n g in e
  13. 13. N m a p S c r ip t in g E n g in e
  14. 14. P ha s e s of a n Nma p sc anScript pre-scanningTarget enumerationHost discoveryReverse-DNS resolutionPort scanningVersion detectionOS detectionTracerouteScript scanningOutputScript post-scanning
  15. 15. E x e c u t in g S c r ip t s--script http-enum--script default,safe--script http-* --script-args user=foo
  16. 16. N m a p S c r ip t in g E n g in e
  17. 17. D e mo (broa dc a s t s c r ip t s )
  18. 18. W r it in g N m a p s c r ip t sScripting languageFast and very lightUsed by other security projects(Wireshark, Snort, ModSecurity...)Also used in game development: Crysis, WoW...yes, World of Warcraft :)
  19. 19. W r it in g N m a p s c r ip t sMeta-informationdescription, categories, dependencies, author andlicense.
  20. 20. W r it in g N m a p s c r ip t sRulesPrerule, hostrule, portrule, postruleMay have more than one rule
  21. 21. W r it in g N m a p s c r ip t sactionCore of the scriptFunction executed when a rule returns true.
  22. 22. L e s s t a lk . . .
  23. 23. W r it in g N m a p s c r ip t sDrupal Views module Information LeakagePermits recovering list of usersadmin/views/ajax/autocomplete/user/S returnsusernames that begin with SResults in JSON format
  24. 24. W r it in g N m a p s c r ip t sNot patchedDrupal.org is vulnerable :)For more information:http://www.madirish.net/node/465
  25. 25. L e t s w r it e it
  26. 26. H e lp t h e p r o je c tTesting scriptsIdeas for new scriptsContribute scriptsnmap-dev@insecure.org
  27. 27. Th a n k yo u ! Hani Benhabiles Twitter: @kroosec Email: hani.benhabiles@owasp.org
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×