What is Nmap ?
-> Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.
What is NSE ?
-> The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts (using the Lua programming language ) to automate a wide variety of networking tasks. Those scripts are executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap, or write their own to meet custom needs.
Why This tools are needed ?
-> When we want to gather information about our target or we can say we want to do recon on some network, Server or any machine that is up and running and connected to internet.
To gather some information about our target by simply interacting with the target and gather some information like.
- Services Running
- Service version numbers
- OS detection
- and we can also scan for vulnerabilities on the machine from nmap using NSE.
- Here I will give you one example of scanned target using nmap.
- This is scanned result of 1 IP.
- To get the commands cheat sheet. type command nmap -h
- By executing this command you will get full cheat sheet of nmap commands, which you can use for further recon.
NSE :-
The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts (using the Lua programming language ) to automate a wide variety of networking tasks. Those scripts are executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap, or write their own to meet custom needs.
- This will use a script to perform scans, we will use some script to scan for vulnerabilities on the victim.
- This is Vulscan - Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB.
- We will clone this repository on to our machine. use command - git clone https://github.com/scipag/vulscan.git
- Now we will scan for vuln. using the scripts in this repositry on to our target. use command - nmap -sV --script=vulscan/vulscan.nse [ip]
results -
- You will get this type of large result on to your screen.
- On reviewing it, you can see there are some finding, vulnerabilities always differ target to target, if your target has vulnerability it will show.
- This is limited to the vulnerabilities that are available inside the script for newer vulnerabilities update repository time to time, or you can use other repository as per your choice.
So this is the Examples of Nmap and NSE usage.
Comments
Post a Comment
We respect your valuable Feedback