SlideShare a Scribd company logo
1 of 27
N m a p S c r ip t in g E n g in e
  R u lin g t h e n e t w o r k w it h N m a p
                 o n s t e r o id s

Hani Benhabiles
President @ OWASP Algeria Student Chapter
Nmap-dev team (gsoc)
Security enthusiast
Student @ ESI




                     Twitter: @kroosec
                     Email: hani.benhabiles@owasp.org
S umma ry

Nmap

Nmap Scripting Engine

Writing Nmap scripts
Nma p

Network scanner

Open Source

1997, by Fyodor

Latest version: 5.51 (stable), 5.61TEST5 (Dev)

THE tool
Nma p
Host discovey (Are there devices on these IPs? )
-PE, -PS, -PA, -PU, -PP, -PR etc...
Nma p
Port scanning
-sS, -sT, -sU, -sA etc...
Nma p
Version detection
-sV
nmap-service-probes
Nma p
OS detection
-O
nmap-os-db
S t ill, n o t f le x ib le
      e no u g h...
N m a p S c r ip t in g E n g in e


2006, by Diman Todorov (GSoC project)

Extends Nmap capabilities

Scripts are written in Lua
N m a p S c r ip t in g E n g in e

365 scripts

/usr/share/nmap/scripts/

95 libraries

/usr/share/nmap/nselib/
N m a p S c r ip t in g E n g in e

Script types: Prerule, Host, Service, Postrule

Script categories: broadcast, brute, default (-A),
discovery, dos, safe, version, vuln...

http://nmap.org/nsedoc/
N m a p S c r ip t in g E n g in e
N m a p S c r ip t in g E n g in e
P ha s e s of a n Nma p
              sc an

Script pre-scanning
Target enumeration
Host discovery
Reverse-DNS resolution
Port scanning
Version detection
OS detection
Traceroute
Script scanning
Output
Script post-scanning
E x e c u t in g S c r ip t s

--script http-enum

--script default,safe

--script http-* --script-args user=foo
N m a p S c r ip t in g E n g in e
D e mo (broa dc a s t
     s c r ip t s )
W r it in g N m a p s c r ip t s

Scripting language

Fast and very light

Used by other security projects
(Wireshark, Snort, ModSecurity...)

Also used in game development: Crysis, WoW...
yes, World of Warcraft :)
W r it in g N m a p s c r ip t s

Meta-information

description, categories, dependencies, author and
license.
W r it in g N m a p s c r ip t s

Rules

Prerule, hostrule, portrule, postrule

May have more than one rule
W r it in g N m a p s c r ip t s

action

Core of the script

Function executed when a rule returns true.
L e s s t a lk . . .
W r it in g N m a p s c r ip t s

Drupal Views module Information Leakage

Permits recovering list of users

admin/views/ajax/autocomplete/user/S returns
usernames that begin with S

Results in JSON format
W r it in g N m a p s c r ip t s

Not patched

Drupal.org is vulnerable :)

For more information:
http://www.madirish.net/node/465
L e t ' s w r it e it
H e lp t h e p r o je c t

Testing scripts

Ideas for new scripts

Contribute scripts

nmap-dev@insecure.org
Th a n k yo u !


   Hani Benhabiles
   Twitter: @kroosec
   Email: hani.benhabiles@owasp.org

More Related Content

What's hot

Defending Your Network
Defending Your NetworkDefending Your Network
Defending Your NetworkAdam Getchell
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
 
securing_syslog_onFreeBSD
securing_syslog_onFreeBSDsecuring_syslog_onFreeBSD
securing_syslog_onFreeBSDwebuploader
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Positive Hack Days
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploitTiago Henriques
 
Assume Compromise
Assume CompromiseAssume Compromise
Assume CompromiseZach Grace
 
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...sanghwan ahn
 
Penetration Testing Resource Guide
Penetration Testing Resource Guide Penetration Testing Resource Guide
Penetration Testing Resource Guide Bishop Fox
 
Introduction GStreamer
Introduction GStreamerIntroduction GStreamer
Introduction GStreamerShih-Yuan Lee
 
Introduction to Gstreamer
Introduction to GstreamerIntroduction to Gstreamer
Introduction to GstreamerRand Graham
 

What's hot (20)

Buffer overflow null
Buffer overflow nullBuffer overflow null
Buffer overflow null
 
Defending Your Network
Defending Your NetworkDefending Your Network
Defending Your Network
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
 
securing_syslog_onFreeBSD
securing_syslog_onFreeBSDsecuring_syslog_onFreeBSD
securing_syslog_onFreeBSD
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
 
NMap
NMapNMap
NMap
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploit
 
Assume Compromise
Assume CompromiseAssume Compromise
Assume Compromise
 
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
 
Penetration Testing Resource Guide
Penetration Testing Resource Guide Penetration Testing Resource Guide
Penetration Testing Resource Guide
 
NMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit GautamNMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit Gautam
 
Buffer Overflow Attacks
Buffer Overflow AttacksBuffer Overflow Attacks
Buffer Overflow Attacks
 
Nmap
NmapNmap
Nmap
 
Violent python
Violent pythonViolent python
Violent python
 
Introduction GStreamer
Introduction GStreamerIntroduction GStreamer
Introduction GStreamer
 
Introduction to Gstreamer
Introduction to GstreamerIntroduction to Gstreamer
Introduction to Gstreamer
 

Viewers also liked

Cryptography basics
Cryptography basicsCryptography basics
Cryptography basicsShellmates
 
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security IXatierlike Lee
 
Ch 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP AnalysisCh 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP AnalysisYoram Orzach
 
Ch 07 -- The Expert System
Ch 07 -- The Expert SystemCh 07 -- The Expert System
Ch 07 -- The Expert SystemYoram Orzach
 
Wireshark course, Ch 05: Advanced statistics tools
Wireshark course, Ch 05: Advanced statistics toolsWireshark course, Ch 05: Advanced statistics tools
Wireshark course, Ch 05: Advanced statistics toolsYoram Orzach
 
Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersYoram Orzach
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkAl Imran, CISA
 
Ch 08 -- Ethernet & LAN Switching Troubleshooting
Ch 08 -- Ethernet & LAN Switching TroubleshootingCh 08 -- Ethernet & LAN Switching Troubleshooting
Ch 08 -- Ethernet & LAN Switching TroubleshootingYoram Orzach
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)Denny K
 
Wireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkWireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkYoram Orzach
 
Ch 06 -- Bandwidth Delay and Jitter Issues
Ch 06 -- Bandwidth Delay and Jitter IssuesCh 06 -- Bandwidth Delay and Jitter Issues
Ch 06 -- Bandwidth Delay and Jitter IssuesYoram Orzach
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wiresharkBasaveswar Kureti
 
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Ravi Rajput
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 

Viewers also liked (20)

Cryptography basics
Cryptography basicsCryptography basics
Cryptography basics
 
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
 
Ch 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP AnalysisCh 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP Analysis
 
Ch 07 -- The Expert System
Ch 07 -- The Expert SystemCh 07 -- The Expert System
Ch 07 -- The Expert System
 
Wireshark course, Ch 05: Advanced statistics tools
Wireshark course, Ch 05: Advanced statistics toolsWireshark course, Ch 05: Advanced statistics tools
Wireshark course, Ch 05: Advanced statistics tools
 
Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filters
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wireshark
 
Ch 08 -- Ethernet & LAN Switching Troubleshooting
Ch 08 -- Ethernet & LAN Switching TroubleshootingCh 08 -- Ethernet & LAN Switching Troubleshooting
Ch 08 -- Ethernet & LAN Switching Troubleshooting
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
 
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
 
Wireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkWireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wireshark
 
Ch 06 -- Bandwidth Delay and Jitter Issues
Ch 06 -- Bandwidth Delay and Jitter IssuesCh 06 -- Bandwidth Delay and Jitter Issues
Ch 06 -- Bandwidth Delay and Jitter Issues
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 
Wireshark
WiresharkWireshark
Wireshark
 
Footprinting tools for security auditors
Footprinting tools for security auditorsFootprinting tools for security auditors
Footprinting tools for security auditors
 
Wireshark
WiresharkWireshark
Wireshark
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wireshark
 
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
 
Wireshark
WiresharkWireshark
Wireshark
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
 

Similar to BSides Algiers - Nmap Scripting Engine - Hani Benhabiles

Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersYury Chemerkin
 
Simplest-Ownage-Human-Observed… - Routers
 Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - RoutersLogicaltrust pl
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Be Mean to Your Code
Be Mean to Your CodeBe Mean to Your Code
Be Mean to Your CodeJames Wickett
 
Nmap | Network Mapping | Null Bhopal Chapter
Nmap | Network Mapping | Null Bhopal ChapterNmap | Network Mapping | Null Bhopal Chapter
Nmap | Network Mapping | Null Bhopal ChapterYugansh Holani
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Harsh Desai
 
Metasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesMetasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesTrowalts
 
Performance Profiling in Rust
Performance Profiling in RustPerformance Profiling in Rust
Performance Profiling in RustInfluxData
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Nikhil Raj
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawRedspin, Inc.
 
Radare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto JosephRadare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto JosephAnthony Jose
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Aleksandr Yampolskiy
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linuxmariuszantal
 

Similar to BSides Algiers - Nmap Scripting Engine - Hani Benhabiles (20)

Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
 
Simplest-Ownage-Human-Observed… - Routers
 Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
Be Mean to Your Code
Be Mean to Your CodeBe Mean to Your Code
Be Mean to Your Code
 
Nmap | Network Mapping | Null Bhopal Chapter
Nmap | Network Mapping | Null Bhopal ChapterNmap | Network Mapping | Null Bhopal Chapter
Nmap | Network Mapping | Null Bhopal Chapter
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
 
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basics
 
Metasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesMetasploit: Pwnage and Ponies
Metasploit: Pwnage and Ponies
 
Performance Profiling in Rust
Performance Profiling in RustPerformance Profiling in Rust
Performance Profiling in Rust
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019
 
The Art of Grey-Box Attack
The Art of Grey-Box AttackThe Art of Grey-Box Attack
The Art of Grey-Box Attack
 
System hijacking using rat
System hijacking using ratSystem hijacking using rat
System hijacking using rat
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
 
Radare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto JosephRadare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto Joseph
 
Nikto
NiktoNikto
Nikto
 
Comprehensive guide for compromising network devices.
Comprehensive guide for compromising network devices.Comprehensive guide for compromising network devices.
Comprehensive guide for compromising network devices.
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linux
 

More from Shellmates

Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15Shellmates
 
Atelier Python 2eme partie par Achraf Kacimi El Hassani
Atelier Python 2eme partie par Achraf Kacimi El HassaniAtelier Python 2eme partie par Achraf Kacimi El Hassani
Atelier Python 2eme partie par Achraf Kacimi El HassaniShellmates
 
JavaScript 1.0 by Zakaria Smahi
JavaScript 1.0 by Zakaria SmahiJavaScript 1.0 by Zakaria Smahi
JavaScript 1.0 by Zakaria SmahiShellmates
 
Introduction à Python - Achraf Kacimi El Hassani
Introduction à Python - Achraf Kacimi El HassaniIntroduction à Python - Achraf Kacimi El Hassani
Introduction à Python - Achraf Kacimi El HassaniShellmates
 
BSides Algiers - Stuxnet - Sofiane Talmat
BSides Algiers - Stuxnet - Sofiane TalmatBSides Algiers - Stuxnet - Sofiane Talmat
BSides Algiers - Stuxnet - Sofiane TalmatShellmates
 
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniBSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniShellmates
 
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama ElhamerBSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama ElhamerShellmates
 
BSides Algiers - Reversing Win32 applications - Yacine Hebbal
BSides Algiers - Reversing Win32 applications - Yacine HebbalBSides Algiers - Reversing Win32 applications - Yacine Hebbal
BSides Algiers - Reversing Win32 applications - Yacine HebbalShellmates
 
BSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis RemliBSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis RemliShellmates
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerShellmates
 
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil BelakhdarBSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil BelakhdarShellmates
 
BSides Algiers - Certification Electronique - Lilia Ounini
BSides Algiers - Certification Electronique - Lilia OuniniBSides Algiers - Certification Electronique - Lilia Ounini
BSides Algiers - Certification Electronique - Lilia OuniniShellmates
 
BSides algiers - Malware History - Sofiane Talmat
BSides algiers -  Malware History - Sofiane TalmatBSides algiers -  Malware History - Sofiane Talmat
BSides algiers - Malware History - Sofiane TalmatShellmates
 

More from Shellmates (14)

HTML basics
HTML basics HTML basics
HTML basics
 
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
 
Atelier Python 2eme partie par Achraf Kacimi El Hassani
Atelier Python 2eme partie par Achraf Kacimi El HassaniAtelier Python 2eme partie par Achraf Kacimi El Hassani
Atelier Python 2eme partie par Achraf Kacimi El Hassani
 
JavaScript 1.0 by Zakaria Smahi
JavaScript 1.0 by Zakaria SmahiJavaScript 1.0 by Zakaria Smahi
JavaScript 1.0 by Zakaria Smahi
 
Introduction à Python - Achraf Kacimi El Hassani
Introduction à Python - Achraf Kacimi El HassaniIntroduction à Python - Achraf Kacimi El Hassani
Introduction à Python - Achraf Kacimi El Hassani
 
BSides Algiers - Stuxnet - Sofiane Talmat
BSides Algiers - Stuxnet - Sofiane TalmatBSides Algiers - Stuxnet - Sofiane Talmat
BSides Algiers - Stuxnet - Sofiane Talmat
 
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniBSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
 
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama ElhamerBSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
 
BSides Algiers - Reversing Win32 applications - Yacine Hebbal
BSides Algiers - Reversing Win32 applications - Yacine HebbalBSides Algiers - Reversing Win32 applications - Yacine Hebbal
BSides Algiers - Reversing Win32 applications - Yacine Hebbal
 
BSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis RemliBSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis Remli
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama Elhamer
 
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil BelakhdarBSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
 
BSides Algiers - Certification Electronique - Lilia Ounini
BSides Algiers - Certification Electronique - Lilia OuniniBSides Algiers - Certification Electronique - Lilia Ounini
BSides Algiers - Certification Electronique - Lilia Ounini
 
BSides algiers - Malware History - Sofiane Talmat
BSides algiers -  Malware History - Sofiane TalmatBSides algiers -  Malware History - Sofiane Talmat
BSides algiers - Malware History - Sofiane Talmat
 

Recently uploaded

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 

Recently uploaded (20)

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 

BSides Algiers - Nmap Scripting Engine - Hani Benhabiles

  • 1. N m a p S c r ip t in g E n g in e R u lin g t h e n e t w o r k w it h N m a p o n s t e r o id s Hani Benhabiles President @ OWASP Algeria Student Chapter Nmap-dev team (gsoc) Security enthusiast Student @ ESI Twitter: @kroosec Email: hani.benhabiles@owasp.org
  • 2. S umma ry Nmap Nmap Scripting Engine Writing Nmap scripts
  • 3. Nma p Network scanner Open Source 1997, by Fyodor Latest version: 5.51 (stable), 5.61TEST5 (Dev) THE tool
  • 4. Nma p Host discovey (Are there devices on these IPs? ) -PE, -PS, -PA, -PU, -PP, -PR etc...
  • 5. Nma p Port scanning -sS, -sT, -sU, -sA etc...
  • 8. S t ill, n o t f le x ib le e no u g h...
  • 9. N m a p S c r ip t in g E n g in e 2006, by Diman Todorov (GSoC project) Extends Nmap capabilities Scripts are written in Lua
  • 10. N m a p S c r ip t in g E n g in e 365 scripts /usr/share/nmap/scripts/ 95 libraries /usr/share/nmap/nselib/
  • 11. N m a p S c r ip t in g E n g in e Script types: Prerule, Host, Service, Postrule Script categories: broadcast, brute, default (-A), discovery, dos, safe, version, vuln... http://nmap.org/nsedoc/
  • 12. N m a p S c r ip t in g E n g in e
  • 13. N m a p S c r ip t in g E n g in e
  • 14. P ha s e s of a n Nma p sc an Script pre-scanning Target enumeration Host discovery Reverse-DNS resolution Port scanning Version detection OS detection Traceroute Script scanning Output Script post-scanning
  • 15. E x e c u t in g S c r ip t s --script http-enum --script default,safe --script http-* --script-args user=foo
  • 16. N m a p S c r ip t in g E n g in e
  • 17. D e mo (broa dc a s t s c r ip t s )
  • 18. W r it in g N m a p s c r ip t s Scripting language Fast and very light Used by other security projects (Wireshark, Snort, ModSecurity...) Also used in game development: Crysis, WoW... yes, World of Warcraft :)
  • 19. W r it in g N m a p s c r ip t s Meta-information description, categories, dependencies, author and license.
  • 20. W r it in g N m a p s c r ip t s Rules Prerule, hostrule, portrule, postrule May have more than one rule
  • 21. W r it in g N m a p s c r ip t s action Core of the script Function executed when a rule returns true.
  • 22. L e s s t a lk . . .
  • 23. W r it in g N m a p s c r ip t s Drupal Views module Information Leakage Permits recovering list of users admin/views/ajax/autocomplete/user/S returns usernames that begin with S Results in JSON format
  • 24. W r it in g N m a p s c r ip t s Not patched Drupal.org is vulnerable :) For more information: http://www.madirish.net/node/465
  • 25. L e t ' s w r it e it
  • 26. H e lp t h e p r o je c t Testing scripts Ideas for new scripts Contribute scripts nmap-dev@insecure.org
  • 27. Th a n k yo u ! Hani Benhabiles Twitter: @kroosec Email: hani.benhabiles@owasp.org