• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Nmap for Scriptors
 

Nmap for Scriptors

on

  • 1,593 views

null Mumbai Chapter October 2013 Meet

null Mumbai Chapter October 2013 Meet

Statistics

Views

Total Views
1,593
Views on SlideShare
1,274
Embed Views
319

Actions

Likes
2
Downloads
12
Comments
0

2 Embeds 319

http://null.co.in 313
http://staging.null.co.in 6

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Nmap for Scriptors Nmap for Scriptors Presentation Transcript

    • Nmap for Scriptors Sanoop Thomas @s4n7h0
    • Disclaimer • This is very small session to accommodate some coding concept (I agree it’s a bad try) • We will try to cover up some very important points required • A kick start session for security researchers to know how NSE can be build and use to create PoCs
    • Some Wrong Questions I’m sure many of you must be familiar with Nmap; but still for those who are new…. • How many of you used Nmap ? • What about –A option ? • What are Nmap scripts ?
    • Nmap Script Scan
    • Script Path • Windows – C:Program Files (x86)Nmapscripts • Linux – /usr/share/nmap/scripts • In Backtrack – /usr/local/share/nmap/scripts
    • Nmap Script Engine [NSE] • • • • • Network Discovery Version Detection Vulnerability Detection Malware Detection Exploitation
    • Anatomy of NSE require metadata categories portrule action
    • NSE Skelton description =[[ Just to show the Skelton of an NSE script ]] author = “Mr. X” categories = {"safe", "discovery"} require "shortport" portrule = shortport.port_or_service({80,8080,443},{"http"},{"tcp"}) action = function(host,port) return "Webserver found on port "..port.number end
    • require • Import libraries • require "shortport“ • local shortport = require "shortport"
    • metadata • Includes description of script, author name, license information, etc. • Not much relevant; but will help the user to know what your script does
    • categories • Defines the type of your script – auth, broadcast, brute, default, discovery, dos, exploit, external, fuzzer, intrusive, malware, safe, version, vuln • Because you can run scripts with categories
    • Scan Smartly • • • • • • nmap --script “http-*” nmap --script “http-* and ftp-*” nmap --script “not brute” nmap --script “vuln,safe” nmap --script “vuln or safe” nmap --script “(vuln or safe) and not http-*”
    • portrule • Script executions are conditional • portrule = shortport.http • portrule = shortport.port_or_service(21, “ftp”)
    • action • The actual code to execute based of the portrule • A combination of LUA code and NMAP library calls action = function(host, port) -- code to execute end
    • Some Practical Approach • It’s coding – Means – giving life to a code snippet – So, • You need to know how, what, why etc.
    • Tips for Scriptors • Specify the script directory (--datadir) • Use debugging mode when running script (-d) • Update the script database once you are done with final make (--script-updatedb) • Use script trace (--script-trace)
    • References • nmap.org/nsedoc/ • lua.org/docs.html
    • Any Questions ? Thanks Sanoop Thomas @s4n7h0