SlideShare a Scribd company logo

Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw

Redspin, Inc.
Redspin, Inc.

Redspin Engineer, David Shaw at Toorcon Information Security Conference giving his talk titled, Beginner's Guide to the nmap Scripting Engine.

TechnologyBusiness
1 of 34
Download to read offline
Beginner's Guide to the nmap Scripting Engine David Shaw (dshaw@redspin.com)
First Things First - These slides (and all code used) are available online at: http://github.com/davidshaw/toorcon2010
Who is this?
What is the NSE? - Versatile lua framework for nmap
What is the NSE? - Versatile lua framework for nmap - Allows users to script scans natively
What is the NSE? - Versatile lua framework for nmap - Allows users to script scans natively - Great at picking low-hanging fruit
Why lua?
Why lua? - Fyodor likes it (isn't that enough?)
Why lua? - Fyodor likes it (isn't that enough?) - I prefer Ruby (Metasploit, anyone?), so I looked up some benchmarks
Benchmarks Credit: http://shootout.alioth.debian.org/
What's already out there? - There are a lot of awesome of scripts in every nmap install - http://nmap.org/nsedoc/
What's already out there? Starting Nmap 5.35DC1 ( http://nmap.org ) at 2010-10-18 15:02 PDT NSE: Loaded 131 scripts for scanning.
What's already out there? nmap <target> -sC all
Moving on... - Great documentation at http://nmap.org/book/nse.html
Moving on... - Great documentation at http://nmap.org/book/nse.html - NSE's true power: anything you want
A Common Problem - JMX Consoles
A Common Problem - JMX Consoles - Fairly common
A Common Problem - JMX Consoles - Fairly common - Often run on non-standard ports, such as 8080
Internals of an NSE - NSE's are simple (even if you don't code)
Internals of an NSE - NSE's are simple (even if you don't code) - Let's create one, line by line, from scratch
jmx_detect.nse description = [[ This is an nmap script to search for accessible JMX web consoles. ]]
jmx_detect.nse author = "David Shaw" -- hello, Toorcon!
jmx_detect.nse author = "David Shaw" -- hello, Toorcon! license = "see http://nmap.org/book/man- legal.htm"
jmx_detect.nse author = "David Shaw" -- hello, Toorcon! license = "see http://nmap.org/book/man- legal.htm" categories = {"default", "discovery", "safe"}
- We want to trigger on certain ports, and JMX consoles are served over HTTP require “shortport” require “http”
portrule - “portrule” lets us tell nmap when to trigger our script - “shortport” further simplifies this process
portrule - “portrule” lets us tell nmap when to trigger our script - “shortport” further simplifies this process portrule = shortport.port_or_service( {80, 443, 8080}, {“http”, “https”} )
action - The “action” function runs when portrule is matched action = function(host, port) -- do stuff in here end
action action = function(host, port) -- we only care about the HTTP status (quick demo!) local stat = http.get(host, port, '/jmx-console/').status end
action action = function(host, port) -- we only care about the HTTP status (quick demo!) local stat = http.get(host, port, '/jmx-console/').status -- HTTP 200 (OK) means we probably found a JMX console! if stat == 200 then return “[+] Found possible JMX Console!” end end
Bringing it all together require 'http' require 'shortport' portrule = shortport.port_or_service({80, 443, 8080}, {“http”, “https”}) action = function(host, port) local stat = http.get(host, port, '/jmx-console/').status if stat == 200 then return “[+] Found possible JMX Console!” end end
Execution
We Did It! Thank you to: Fyodor & the nmap team My incredible coworkers, past and present (Mark, Joel, DB, Paul, Jason, Nate: that means you!)

Recommended

Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Ravi Rajput
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
n|u - The Open Security Community
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Bishop Fox
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
amiable_indian
 
Nmap tutorial
Nmap tutorialNmap tutorial
Nmap tutorial
Varun Kakumani
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
Mohammed Akbar Shariff
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
Aryan G
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmap
commiebstrd
 

Recommended

Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Ravi Rajput
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
n|u - The Open Security Community
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Bishop Fox
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
amiable_indian
 
Nmap tutorial
Nmap tutorialNmap tutorial
Nmap tutorial
Varun Kakumani
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
Mohammed Akbar Shariff
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
Aryan G
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmap
commiebstrd
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)
KHNOG
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
Phannarith Ou, G-CISO
 
N map presentation
N map presentationN map presentation
N map presentation
ulirraptor
 
NMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit GautamNMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit Gautam
n|u - The Open Security Community
 
Nmap for Scriptors
Nmap for ScriptorsNmap for Scriptors
Nmap for Scriptors
n|u - The Open Security Community
 
NMAP
NMAPNMAP
NMAP
PrateekAryan1
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
Kailash Kumar
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
SSASIT
 
Nmap
NmapNmap
Nmap
Fat-Thing Gabriel-Culley
 
NMap
NMapNMap
NMap
Pritesh Raka
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
n|u - The Open Security Community
 
Nmap
NmapNmap
Nmap
Sreekanth Narendran
 
Nmap
NmapNmap
Nmap
Megha Sahu
 
Penetration Testing Resource Guide
Penetration Testing Resource Guide Penetration Testing Resource Guide
Penetration Testing Resource Guide
Bishop Fox
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
OWASP Delhi
 
Network scanning with nmap
Network scanning with nmapNetwork scanning with nmap
Network scanning with nmap
Ashish Jha
 
Dynamic Port Scanning
Dynamic Port ScanningDynamic Port Scanning
Dynamic Port Scanning
amiable_indian
 
Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"
abend_cve_9999_0001
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basics
amiable_indian
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
OWASP Delhi
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
shwetha mk
 
Port scanning
Port scanningPort scanning
Port scanning
Hemanth Pasumarthi
 

More Related Content

What's hot

Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)
KHNOG
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
Phannarith Ou, G-CISO
 
N map presentation
N map presentationN map presentation
N map presentation
ulirraptor
 
NMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit GautamNMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit Gautam
n|u - The Open Security Community
 
Nmap for Scriptors
Nmap for ScriptorsNmap for Scriptors
Nmap for Scriptors
n|u - The Open Security Community
 
NMAP
NMAPNMAP
NMAP
PrateekAryan1
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
Kailash Kumar
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
SSASIT
 
Nmap
NmapNmap
Nmap
Fat-Thing Gabriel-Culley
 
NMap
NMapNMap
NMap
Pritesh Raka
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
n|u - The Open Security Community
 
Nmap
NmapNmap
Nmap
Sreekanth Narendran
 
Nmap
NmapNmap
Nmap
Megha Sahu
 
Penetration Testing Resource Guide
Penetration Testing Resource Guide Penetration Testing Resource Guide
Penetration Testing Resource Guide
Bishop Fox
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
OWASP Delhi
 
Network scanning with nmap
Network scanning with nmapNetwork scanning with nmap
Network scanning with nmap
Ashish Jha
 
Dynamic Port Scanning
Dynamic Port ScanningDynamic Port Scanning
Dynamic Port Scanning
amiable_indian
 
Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"
abend_cve_9999_0001
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basics
amiable_indian
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
OWASP Delhi
 

What's hot (20)

Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
N map presentation
N map presentationN map presentation
N map presentation
 
NMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit GautamNMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit Gautam
 
Nmap for Scriptors
Nmap for ScriptorsNmap for Scriptors
Nmap for Scriptors
 
NMAP
NMAPNMAP
NMAP
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
Nmap
NmapNmap
Nmap
 
NMap
NMapNMap
NMap
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
 
Nmap
NmapNmap
Nmap
 
Nmap
NmapNmap
Nmap
 
Penetration Testing Resource Guide
Penetration Testing Resource Guide Penetration Testing Resource Guide
Penetration Testing Resource Guide
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Network scanning with nmap
Network scanning with nmapNetwork scanning with nmap
Network scanning with nmap
 
Dynamic Port Scanning
Dynamic Port ScanningDynamic Port Scanning
Dynamic Port Scanning
 
Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"Nmap 9 truth "Nothing to say any more"
Nmap 9 truth "Nothing to say any more"
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basics
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
 

Viewers also liked

Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
shwetha mk
 
Port scanning
Port scanningPort scanning
Port scanning
Hemanth Pasumarthi
 
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
Xatierlike Lee
 
Ch 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP AnalysisCh 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP Analysis
Yoram Orzach
 
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani BenhabilesBSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
Shellmates
 
Ch 07 -- The Expert System
Ch 07 -- The Expert SystemCh 07 -- The Expert System
Ch 07 -- The Expert System
Yoram Orzach
 
Wireshark course, Ch 05: Advanced statistics tools
Wireshark course, Ch 05: Advanced statistics toolsWireshark course, Ch 05: Advanced statistics tools
Wireshark course, Ch 05: Advanced statistics tools
Yoram Orzach
 
Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filters
Yoram Orzach
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wireshark
Al Imran, CISA
 
Ch 08 -- Ethernet & LAN Switching Troubleshooting
Ch 08 -- Ethernet & LAN Switching TroubleshootingCh 08 -- Ethernet & LAN Switching Troubleshooting
Ch 08 -- Ethernet & LAN Switching Troubleshooting
Yoram Orzach
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
Leon Teale
 
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
Denny K
 
Wireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkWireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wireshark
Yoram Orzach
 
Ch 06 -- Bandwidth Delay and Jitter Issues
Ch 06 -- Bandwidth Delay and Jitter IssuesCh 06 -- Bandwidth Delay and Jitter Issues
Ch 06 -- Bandwidth Delay and Jitter Issues
Yoram Orzach
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
n|u - The Open Security Community
 
Reactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream ProcessingReactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream Processing
Andy Piper
 
Debs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processingDebs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processing
Opher Etzion
 
Tutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing PatternsTutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing Patterns
Opher Etzion
 

Viewers also liked (18)

Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
Port scanning
Port scanningPort scanning
Port scanning
 
[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I[NCTU] [CCCA] Network Security I
[NCTU] [CCCA] Network Security I
 
Ch 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP AnalysisCh 09 -- ARP & IP Analysis
Ch 09 -- ARP & IP Analysis
 
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani BenhabilesBSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
 
Ch 07 -- The Expert System
Ch 07 -- The Expert SystemCh 07 -- The Expert System
Ch 07 -- The Expert System
 
Wireshark course, Ch 05: Advanced statistics tools
Wireshark course, Ch 05: Advanced statistics toolsWireshark course, Ch 05: Advanced statistics tools
Wireshark course, Ch 05: Advanced statistics tools
 
Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filters
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wireshark
 
Ch 08 -- Ethernet & LAN Switching Troubleshooting
Ch 08 -- Ethernet & LAN Switching TroubleshootingCh 08 -- Ethernet & LAN Switching Troubleshooting
Ch 08 -- Ethernet & LAN Switching Troubleshooting
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
 
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
 
Wireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wiresharkWireshark course, Ch 02: Introduction to wireshark
Wireshark course, Ch 02: Introduction to wireshark
 
Ch 06 -- Bandwidth Delay and Jitter Issues
Ch 06 -- Bandwidth Delay and Jitter IssuesCh 06 -- Bandwidth Delay and Jitter Issues
Ch 06 -- Bandwidth Delay and Jitter Issues
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 
Reactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream ProcessingReactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream Processing
 
Debs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processingDebs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processing
 
Tutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing PatternsTutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing Patterns
 

Similar to Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw

Introduction to NodeJS with LOLCats
Introduction to NodeJS with LOLCatsIntroduction to NodeJS with LOLCats
Introduction to NodeJS with LOLCats
Derek Anderson
 
Nmap Scripting Engine and http-enumeration
Nmap Scripting Engine and http-enumerationNmap Scripting Engine and http-enumeration
Nmap Scripting Engine and http-enumeration
Robert Rowley
 
Node.js in production
Node.js in productionNode.js in production
Node.js in production
Felix Geisendörfer
 
Node.js - async for the rest of us.
Node.js - async for the rest of us.Node.js - async for the rest of us.
Node.js - async for the rest of us.
Mike Brevoort
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Logicaltrust pl
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Yury Chemerkin
 
Apache Submarine: Unified Machine Learning Platform
Apache Submarine: Unified Machine Learning PlatformApache Submarine: Unified Machine Learning Platform
Apache Submarine: Unified Machine Learning Platform
Wangda Tan
 
Node.js
Node.jsNode.js
Node.js
Mat Schaffer
 
Nodejs a-practical-introduction-oredev
Nodejs a-practical-introduction-oredevNodejs a-practical-introduction-oredev
Nodejs a-practical-introduction-oredev
Felix Geisendörfer
 
Server side JavaScript: going all the way
Server side JavaScript: going all the wayServer side JavaScript: going all the way
Server side JavaScript: going all the way
Oleg Podsechin
 
infra-as-code
infra-as-codeinfra-as-code
infra-as-code
Itamar Hassin
 
JS everywhere 2011
JS everywhere 2011JS everywhere 2011
JS everywhere 2011
Oleg Podsechin
 
Puppet and the HashiCorp Suite
Puppet and the HashiCorp SuitePuppet and the HashiCorp Suite
Puppet and the HashiCorp Suite
Bram Vogelaar
 
Node.js - The New, New Hotness
Node.js - The New, New HotnessNode.js - The New, New Hotness
Node.js - The New, New Hotness
Daniel Shaw
 
Site Performance - From Pinto to Ferrari
Site Performance - From Pinto to FerrariSite Performance - From Pinto to Ferrari
Site Performance - From Pinto to Ferrari
Joseph Scott
 
Torquebox OSCON Java 2011
Torquebox OSCON Java 2011Torquebox OSCON Java 2011
Torquebox OSCON Java 2011
tobiascrawley
 
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
Moabi.com
 
A tour of Ansible
A tour of AnsibleA tour of Ansible
A tour of Ansible
DevOps Ltd.
 
Performance Profiling in Rust
Performance Profiling in RustPerformance Profiling in Rust
Performance Profiling in Rust
InfluxData
 
Ferrara Linux Day 2011
Ferrara Linux Day 2011Ferrara Linux Day 2011
Ferrara Linux Day 2011
Gianluca Padovani
 

Similar to Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw (20)

Introduction to NodeJS with LOLCats
Introduction to NodeJS with LOLCatsIntroduction to NodeJS with LOLCats
Introduction to NodeJS with LOLCats
 
Nmap Scripting Engine and http-enumeration
Nmap Scripting Engine and http-enumerationNmap Scripting Engine and http-enumeration
Nmap Scripting Engine and http-enumeration
 
Node.js in production
Node.js in productionNode.js in production
Node.js in production
 
Node.js - async for the rest of us.
Node.js - async for the rest of us.Node.js - async for the rest of us.
Node.js - async for the rest of us.
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
 
Apache Submarine: Unified Machine Learning Platform
Apache Submarine: Unified Machine Learning PlatformApache Submarine: Unified Machine Learning Platform
Apache Submarine: Unified Machine Learning Platform
 
Node.js
Node.jsNode.js
Node.js
 
Nodejs a-practical-introduction-oredev
Nodejs a-practical-introduction-oredevNodejs a-practical-introduction-oredev
Nodejs a-practical-introduction-oredev
 
Server side JavaScript: going all the way
Server side JavaScript: going all the wayServer side JavaScript: going all the way
Server side JavaScript: going all the way
 
infra-as-code
infra-as-codeinfra-as-code
infra-as-code
 
JS everywhere 2011
JS everywhere 2011JS everywhere 2011
JS everywhere 2011
 
Puppet and the HashiCorp Suite
Puppet and the HashiCorp SuitePuppet and the HashiCorp Suite
Puppet and the HashiCorp Suite
 
Node.js - The New, New Hotness
Node.js - The New, New HotnessNode.js - The New, New Hotness
Node.js - The New, New Hotness
 
Site Performance - From Pinto to Ferrari
Site Performance - From Pinto to FerrariSite Performance - From Pinto to Ferrari
Site Performance - From Pinto to Ferrari
 
Torquebox OSCON Java 2011
Torquebox OSCON Java 2011Torquebox OSCON Java 2011
Torquebox OSCON Java 2011
 
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
[Ruxcon Monthly Sydney 2011] Proprietary Protocols Reverse Engineering : Rese...
 
A tour of Ansible
A tour of AnsibleA tour of Ansible
A tour of Ansible
 
Performance Profiling in Rust
Performance Profiling in RustPerformance Profiling in Rust
Performance Profiling in Rust
 
Ferrara Linux Day 2011
Ferrara Linux Day 2011Ferrara Linux Day 2011
Ferrara Linux Day 2011
 

More from Redspin, Inc.

HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business Associates
Redspin, Inc.
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012
Redspin, Inc.
 
HIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest StateHIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest State
Redspin, Inc.
 
Official HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol PublishedOfficial HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol Published
Redspin, Inc.
 
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Redspin, Inc.
 
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
Redspin, Inc.
 
Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?
Redspin, Inc.
 
Healthcare IT Security - Who's responsible, really?
Healthcare IT Security - Who's responsible, really?Healthcare IT Security - Who's responsible, really?
Healthcare IT Security - Who's responsible, really?
Redspin, Inc.
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin, Inc.
 
Redspin Webinar Business Associate Risk
Redspin Webinar Business Associate RiskRedspin Webinar Business Associate Risk
Redspin Webinar Business Associate Risk
Redspin, Inc.
 
Redspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP Template
Redspin, Inc.
 
Mobile Device Security Policy
Mobile Device Security PolicyMobile Device Security Policy
Mobile Device Security Policy
Redspin, Inc.
 
Financial institution security top it security risk
Financial institution security top it security riskFinancial institution security top it security risk
Financial institution security top it security risk
Redspin, Inc.
 
Managing Windows User Accounts via the Commandline
Managing Windows User Accounts via the CommandlineManaging Windows User Accounts via the Commandline
Managing Windows User Accounts via the Commandline
Redspin, Inc.
 
Redspin February 17 2011 Webinar - Meaningful Use
Redspin February 17 2011 Webinar - Meaningful UseRedspin February 17 2011 Webinar - Meaningful Use
Redspin February 17 2011 Webinar - Meaningful Use
Redspin, Inc.
 
Redspin Report - Protected Health Information 2010 Breach Report
Redspin Report - Protected Health Information 2010 Breach ReportRedspin Report - Protected Health Information 2010 Breach Report
Redspin Report - Protected Health Information 2010 Breach Report
Redspin, Inc.
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin, Inc.
 
Email hacking husband faces felony
Email hacking husband faces felonyEmail hacking husband faces felony
Email hacking husband faces felony
Redspin, Inc.
 
Meaningful use, risk analysis and protecting electronic health information
Meaningful use, risk analysis and protecting electronic health informationMeaningful use, risk analysis and protecting electronic health information
Meaningful use, risk analysis and protecting electronic health information
Redspin, Inc.
 
Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...
Redspin, Inc.
 

More from Redspin, Inc. (20)

HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business Associates
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012
 
HIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest StateHIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest State
 
Official HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol PublishedOfficial HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol Published
 
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
 
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
 
Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?
 
Healthcare IT Security - Who's responsible, really?
Healthcare IT Security - Who's responsible, really?Healthcare IT Security - Who's responsible, really?
Healthcare IT Security - Who's responsible, really?
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
 
Redspin Webinar Business Associate Risk
Redspin Webinar Business Associate RiskRedspin Webinar Business Associate Risk
Redspin Webinar Business Associate Risk
 
Redspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP Template
 
Mobile Device Security Policy
Mobile Device Security PolicyMobile Device Security Policy
Mobile Device Security Policy
 
Financial institution security top it security risk
Financial institution security top it security riskFinancial institution security top it security risk
Financial institution security top it security risk
 
Managing Windows User Accounts via the Commandline
Managing Windows User Accounts via the CommandlineManaging Windows User Accounts via the Commandline
Managing Windows User Accounts via the Commandline
 
Redspin February 17 2011 Webinar - Meaningful Use
Redspin February 17 2011 Webinar - Meaningful UseRedspin February 17 2011 Webinar - Meaningful Use
Redspin February 17 2011 Webinar - Meaningful Use
 
Redspin Report - Protected Health Information 2010 Breach Report
Redspin Report - Protected Health Information 2010 Breach ReportRedspin Report - Protected Health Information 2010 Breach Report
Redspin Report - Protected Health Information 2010 Breach Report
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
 
Email hacking husband faces felony
Email hacking husband faces felonyEmail hacking husband faces felony
Email hacking husband faces felony
 
Meaningful use, risk analysis and protecting electronic health information
Meaningful use, risk analysis and protecting electronic health informationMeaningful use, risk analysis and protecting electronic health information
Meaningful use, risk analysis and protecting electronic health information
 
Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...
 

Recently uploaded

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
Pixlogix Infotech
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Zilliz
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 

Recently uploaded (20)

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 

Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw

  • 1. Beginner's Guide to the nmap Scripting Engine David Shaw (dshaw@redspin.com)
  • 2. First Things First - These slides (and all code used) are available online at: http://github.com/davidshaw/toorcon2010
  • 4. What is the NSE? - Versatile lua framework for nmap
  • 5. What is the NSE? - Versatile lua framework for nmap - Allows users to script scans natively
  • 6. What is the NSE? - Versatile lua framework for nmap - Allows users to script scans natively - Great at picking low-hanging fruit
  • 8. Why lua? - Fyodor likes it (isn't that enough?)
  • 9. Why lua? - Fyodor likes it (isn't that enough?) - I prefer Ruby (Metasploit, anyone?), so I looked up some benchmarks
  • 11. What's already out there? - There are a lot of awesome of scripts in every nmap install - http://nmap.org/nsedoc/
  • 12. What's already out there? Starting Nmap 5.35DC1 ( http://nmap.org ) at 2010-10-18 15:02 PDT NSE: Loaded 131 scripts for scanning.
  • 13. What's already out there? nmap <target> -sC all
  • 14.
  • 15. Moving on... - Great documentation at http://nmap.org/book/nse.html
  • 16. Moving on... - Great documentation at http://nmap.org/book/nse.html - NSE's true power: anything you want
  • 17. A Common Problem - JMX Consoles
  • 18. A Common Problem - JMX Consoles - Fairly common
  • 19. A Common Problem - JMX Consoles - Fairly common - Often run on non-standard ports, such as 8080
  • 20. Internals of an NSE - NSE's are simple (even if you don't code)
  • 21. Internals of an NSE - NSE's are simple (even if you don't code) - Let's create one, line by line, from scratch
  • 22. jmx_detect.nse description = [[ This is an nmap script to search for accessible JMX web consoles. ]]
  • 23. jmx_detect.nse author = "David Shaw" -- hello, Toorcon!
  • 24. jmx_detect.nse author = "David Shaw" -- hello, Toorcon! license = "see http://nmap.org/book/man- legal.htm"
  • 25. jmx_detect.nse author = "David Shaw" -- hello, Toorcon! license = "see http://nmap.org/book/man- legal.htm" categories = {"default", "discovery", "safe"}
  • 26. - We want to trigger on certain ports, and JMX consoles are served over HTTP require “shortport” require “http”
  • 27. portrule - “portrule” lets us tell nmap when to trigger our script - “shortport” further simplifies this process
  • 28. portrule - “portrule” lets us tell nmap when to trigger our script - “shortport” further simplifies this process portrule = shortport.port_or_service( {80, 443, 8080}, {“http”, “https”} )
  • 29. action - The “action” function runs when portrule is matched action = function(host, port) -- do stuff in here end
  • 30. action action = function(host, port) -- we only care about the HTTP status (quick demo!) local stat = http.get(host, port, '/jmx-console/').status end
  • 31. action action = function(host, port) -- we only care about the HTTP status (quick demo!) local stat = http.get(host, port, '/jmx-console/').status -- HTTP 200 (OK) means we probably found a JMX console! if stat == 200 then return “[+] Found possible JMX Console!” end end
  • 32. Bringing it all together require 'http' require 'shortport' portrule = shortport.port_or_service({80, 443, 8080}, {“http”, “https”}) action = function(host, port) local stat = http.get(host, port, '/jmx-console/').status if stat == 200 then return “[+] Found possible JMX Console!” end end
  • 34. We Did It! Thank you to: Fyodor & the nmap team My incredible coworkers, past and present (Mark, Joel, DB, Paul, Jason, Nate: that means you!)