• Home
  • Hacking & Security
    • Network Hacking
    • Web Hacking
    • Social Engineering
    • Kali Linux
    Submit An Article
  • Courses
    • All Courses
    • Bundles
    • Masterclass
    • VIP Membership
    • FAQ

    Popular Courses

  • Shop
    • Hardware Bundles
    • Wireless Adapters
    • Pentesting Tools
    • Security
    • Accessories
    • Clothing
    • Books
    • All
  • Competition
  • Services
    Penetration Testing
    Consulting
    Code Review
    One on one Training
    Online Courses
    VPN
  • Blog
      • Cart

    VIP Membership Masterclass
    Got a question?
    [email protected]
    RegisterLogin
    zSecurity
    • Home
    • Hacking & Security
      • Network Hacking
      • Web Hacking
      • Social Engineering
      • Kali Linux
      Submit An Article
    • Courses
      • All Courses
      • Bundles
      • Masterclass
      • VIP Membership
      • FAQ

      Popular Courses

    • Shop
      • Hardware Bundles
      • Wireless Adapters
      • Pentesting Tools
      • Security
      • Accessories
      • Clothing
      • Books
      • All
    • Competition
    • Services
      Penetration Testing
      Consulting
      Code Review
      One on one Training
      Online Courses
      VPN
    • Blog
        • Cart

      Hacking & Security

      Nmap Scripting Engine (NSE)

      • Posted by Gagandeep Singh
      • Date November 14, 2019

      Hello everyone,

      In this article we will learn about Nmap Scripting Engine (NSE) after knowing this you will get to know about the real power of Nmap. So let’s get started

      1. Nmap Installation

      If you are using Kali Linux then you don’t need to install Nmap. It comes preinstalled with Kali Linux and if you are using a different flavor of Linux just open a terminal and run the following command

      sudo apt-get update
      Sudo apt-get install nmap 

      Enter the root password, hit enter and then Nmap will be installed

      2. Port States Terminologies:

      Before starting with Nmap you need to know some terminologies related to the scan results:

      • Open: This indicates that an application is listening for connections on this port.
      • Closed: Response was received but there is no application listening on this port.
      • Filtered: Response was not received and it also shows that packets are being dropped by some packet filtering system such as WAF (Web Application Firewall) and IDS (Intrusion Detection System).
      • Unfiltered: Response was received but the state couldn’t be established.
      • Open/Filtered: Port was filtered or open but Nmap couldn’t establish the state.
      • Closed/Filtered: Port filtered or closed but Nmap couldn’t establish the state.

       

      3. Update NSE Database.

      Now before starting it is a good thought to update the script database because new scripts are added and it is good to keep things update to date,  so just open the terminal and run the following command:

      nmap  --script-updatedb

      4. Nmap Help

      When you are using a new tool and you know nothing about that tool then its a very good idea to see the help menu of the program. To know more about Nmap just enter the following command:

       Nmap -h

      You can use also the manual page:

      man nmap

       

      5. Script Scanning

      Scroll down and see the section SCRIPT SCAN as shown below

      Now, in this section, you will get to know about how to use NSE scripts and much more. 

      If you want to use the default scripts just use the option  -Sc 

      Example 

      nmap -sV -sC <target ip>

       In the above example, I am scanning another virtual machine Metasploitable which is intentionally vulnerable. So as you can see, the following arguments were used for the scan: 

      -sV: Used for version detection it is a good idea to use this argument with other scripts the accuracy of result increases.

      -sC: Run all the scripts under the category default. NSE scripts are having a different category at the last of the article I will include some resources link and explore more category.

       

      6. NSE Scripts Arguments

      If you want to know about particular NSE  script what it is doing and the different arguments should be passed just run the command 

      nmap --script-help=<name of script>

      As you can see in the above example the http-unsafe-output-escaping script is used to find XSS vulnerability in websites.

       

      7. Nmap XSS Vulnerability Detection

      Now we will use the two scripts to demonstrate to you the two most common vulnerabilities in web application first XSS. To identify the website is vulnerable to XSS we will use the NSE script name http-unsafe-output-escaping for this just hit the command 

      Nmap -sV --script=http-unsafe-output-escaping <target>

      As you can see the result it is showing perfectly with the details and the proof of XSS vulnerable website.

       

      8. Nmap SQL Injection Vulnerability Detection

      In the second example, we will use the NSE script which shows the website is vulnerable to SQL injection name http-sql-injection 

      For that just run the command 

      nmap -sV --script=http-sql-injection <target>

      Now you can see all possible SQL injections in particular websites with  the details 

       

      9. Using Different Scripts at Once

      You can use different scripts at a time by separating them with a comma ‘,’

      Example 

      nmap -sV --script=<name of first script>,<name of second script> <target>
      nmap -sV --script=http-unsafe-output-escaping,http-sql-injection <target>
      
      

      Note: This is time-consuming to use multiple scripts at a time.

      Second, some of the scripts will accept some arguments 

      Example 

      nmap -sV --script=<name of script> --script-args=<arguments to be passed as string> <target>

       

      10. Intrusion Detection Systems (IDS) & Packet Filtering

      At last, I want to tell you one thing nowadays web servers are using packet filtering mechanism such as WAF or IDS that will filter the malicious packet and we will not get expected result so that is my advice to use the NSE script 

      Bypassing Firewalls

      https://nmap.org/nsedoc/scripts/firewall-bypass.html

      Note: Sometimes it will bypass firewall sometimes not but my experience is to use this firewall-bypass script with the combination of other script separated with coma at a time it will give the best result 

       

      References

      • https://nmap.org/nsedoc/
      • https://nmap.org/book/

       

      Thanks for reading 😉

      • Share:
      author avatar
      Gagandeep Singh

      An ethical hacker and learner.

      Previous post

      How I Discovered a Remote Code Execution in rConfig v3.9.2 (CVE-2019-16663) & (CVE-2019-16662)
      November 14, 2019

      Next post

      How To Start a Fake Access Point (Fake WIFI)
      November 28, 2019

      You may also like

      domain-controllers_370x208
      Identifying Domain controller in a network
      24 March, 2023
      storm-braker_370x208
      Access Location, Camera & Mic of any Device 🌎🎤📍📷
      23 March, 2023
      Common-Authentication-Bypass-Techniques_370x208
      Common Authentication Bypass Techniques
      16 March, 2023

      Leave A Reply Cancel reply

      You must be logged in to post a comment.

      Categories

      • Cryptography
      • Cryptography
      • CTF
      • Forensics
      • Hacking & Security
      • Hardware
      • IOT
      • Kali Linux
      • Network Hacking
      • News
      • OSINT
      • Post Exploitation
      • Post Exploitation
      • Privacy
      • Programming
      • Security
      • Social Engineering
      • Uncategorized
      • Web Hacking

      Popular Posts

      Got a Blank Screen After Importing Kali in Virtual Box ? Here’s How To Fix It
      25Jan2018

      Connect with us

      • Facebook
      • Twitter
      • LinkedIn
      • Instagram
      • Youtube

      “Everything related to ethical hacking

      & cyber security in one place.”

      Quick Links

      • Home
      • About Us
      • Hacking & Security
      • Download Custom Kali
      • Contact
      • FAQ

      Services

      • Penetration Testing
      • Consulting
      • Code Review
      • One on one training
      • VPN
      • VIP Membership

      Company

      • About Us
      • Contact
      • Vulnerability Disclosure

      Support

      • FAQ
      • Forums

      Copyright © 2022 Z IT SECURITY LTD t/a zSecurity. All rights reserved.

      • Privacy
      • Shipping
      • Refunds
      • Terms

      Contribute

      Share your knowledge with the world

      SUBMIT AN ARTICLE

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account


      Are you a member? Login now

      Enroll in this course to access this lesson!

      All of our courses include:

      ✔ Lifetime, unlimited access to course materials & training videos.

      ✔ Watch online or download lectures for offline use.

      ✔ Verifiable certificate of completion from zSecurity, signed by the course instructor, Zaid.

      ✔ Get answers from our Support Team within a maximum of 15 hours.

      ✔ Unlimited Updates.

      Get free 1 month VIP membership per course with:

      ✔ Live mentorship and Q&A session with the course instructor, Zaid.

      ✔ Instant support from community members through our private discord channel.

      ✔ Daily updates with the latest tutorials & news in the hacking world.

      ✔ Daily resources like CTFs, bug bounty programs, onion services and more!

      ✔ Access our VIP community & connect with like-minded people.

      ✔ Discounts on other zSecurity products and services.

      We are using cookies to give you the best experience on our website. This includes but is not limited to:

      • Storing your settings and preferences.
      • Remember your access information
      • Track website performance and make our website more relevant to you.

      You can find out more about which cookies we are using or switch them off in settings.

      Privacy Overview

      This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

      Strictly Necessary Cookies

      Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

      3rd Party Cookies

      This website uses Google Analytics and Linkedin to collect anonymous information such as the number of visitors to the site, and the most popular pages.

      Keeping this cookies enabled helps us to improve our website.

      Please enable Strictly Necessary Cookies first so that we can save your preferences!

      Powered by  GDPR Cookie Compliance