Your SlideShare is downloading. ×
0
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Nmap for Scriptors
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Nmap for Scriptors

2,105

Published on

null Mumbai Chapter October 2013 Meet

null Mumbai Chapter October 2013 Meet

Published in: Education, Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,105
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
38
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Nmap for Scriptors Sanoop Thomas @s4n7h0
  • 2. Disclaimer • This is very small session to accommodate some coding concept (I agree it’s a bad try) • We will try to cover up some very important points required • A kick start session for security researchers to know how NSE can be build and use to create PoCs
  • 3. Some Wrong Questions I’m sure many of you must be familiar with Nmap; but still for those who are new…. • How many of you used Nmap ? • What about –A option ? • What are Nmap scripts ?
  • 4. Nmap Script Scan
  • 5. Script Path • Windows – C:Program Files (x86)Nmapscripts • Linux – /usr/share/nmap/scripts • In Backtrack – /usr/local/share/nmap/scripts
  • 6. Nmap Script Engine [NSE] • • • • • Network Discovery Version Detection Vulnerability Detection Malware Detection Exploitation
  • 7. Anatomy of NSE require metadata categories portrule action
  • 8. NSE Skelton description =[[ Just to show the Skelton of an NSE script ]] author = “Mr. X” categories = {"safe", "discovery"} require "shortport" portrule = shortport.port_or_service({80,8080,443},{"http"},{"tcp"}) action = function(host,port) return "Webserver found on port "..port.number end
  • 9. require • Import libraries • require "shortport“ • local shortport = require "shortport"
  • 10. metadata • Includes description of script, author name, license information, etc. • Not much relevant; but will help the user to know what your script does
  • 11. categories • Defines the type of your script – auth, broadcast, brute, default, discovery, dos, exploit, external, fuzzer, intrusive, malware, safe, version, vuln • Because you can run scripts with categories
  • 12. Scan Smartly • • • • • • nmap --script “http-*” nmap --script “http-* and ftp-*” nmap --script “not brute” nmap --script “vuln,safe” nmap --script “vuln or safe” nmap --script “(vuln or safe) and not http-*”
  • 13. portrule • Script executions are conditional • portrule = shortport.http • portrule = shortport.port_or_service(21, “ftp”)
  • 14. action • The actual code to execute based of the portrule • A combination of LUA code and NMAP library calls action = function(host, port) -- code to execute end
  • 15. Some Practical Approach • It’s coding – Means – giving life to a code snippet – So, • You need to know how, what, why etc.
  • 16. Tips for Scriptors • Specify the script directory (--datadir) • Use debugging mode when running script (-d) • Update the script database once you are done with final make (--script-updatedb) • Use script trace (--script-trace)
  • 17. References • nmap.org/nsedoc/ • lua.org/docs.html
  • 18. Any Questions ? Thanks Sanoop Thomas @s4n7h0

×