• Home
  • Hacking & Security
    • Network Hacking
    • Web Hacking
    • Social Engineering
    • Kali Linux
    Submit An Article
  • Courses
    • All Courses
    • Bundles
    • VIP Membership
    • FAQ

    Popular Courses

    Network Hacking Continued – Intermediate to Advanced

    Network Hacking Continued – Intermediate to Advanced

  • Shop
  • Competitions
  • Services
    Penetration Testing
    Consulting
    Code Review
    One on one Training
    Online Courses
    VPN
  • Blog
      • Cart

        0
    VIP Membership
    Got a question?
    [email protected]
    RegisterLogin
    zSecurityzSecurity
    • Home
    • Hacking & Security
      • Network Hacking
      • Web Hacking
      • Social Engineering
      • Kali Linux
      Submit An Article
    • Courses
      • All Courses
      • Bundles
      • VIP Membership
      • FAQ

      Popular Courses

      Network Hacking Continued – Intermediate to Advanced

      Network Hacking Continued – Intermediate to Advanced

    • Shop
    • Competitions
    • Services
      Penetration Testing
      Consulting
      Code Review
      One on one Training
      Online Courses
      VPN
    • Blog
        • Cart

          0

      Nmap Scripting Engine (NSE)

      • Posted by Gagandeep Singh
      • Date November 14, 2019

      Hello everyone,

      In this article we will learn about Nmap Scripting Engine (NSE) after knowing this you will get to know about the real power of Nmap. So let’s get started

      1. Nmap Installation

      If you are using Kali Linux then you don’t need to install Nmap. It comes preinstalled with Kali Linux and if you are using a different flavor of Linux just open a terminal and run the following command

      sudo apt-get update
      Sudo apt-get install nmap 

      Enter the root password, hit enter and then Nmap will be installed

      2. Port States Terminologies:

      Before starting with Nmap you need to know some terminologies related to the scan results:

      • Open: This indicates that an application is listening for connections on this port.
      • Closed: Response was received but there is no application listening on this port.
      • Filtered: Response was not received and it also shows that packets are being dropped by some packet filtering system such as WAF (Web Application Firewall) and IDS (Intrusion Detection System).
      • Unfiltered: Response was received but the state couldn’t be established.
      • Open/Filtered: Port was filtered or open but Nmap couldn’t establish the state.
      • Closed/Filtered: Port filtered or closed but Nmap couldn’t establish the state.

       

      3. Update NSE Database.

      Now before starting it is a good thought to update the script database because new scripts are added and it is good to keep things update to date,  so just open the terminal and run the following command:

      nmap  --script-updatedb

      4. Nmap Help

      When you are using a new tool and you know nothing about that tool then its a very good idea to see the help menu of the program. To know more about Nmap just enter the following command:

       Nmap -h

      You can use also the manual page:

      man nmap

       

      5. Script Scanning

      Scroll down and see the section SCRIPT SCAN as shown below

      Now, in this section, you will get to know about how to use NSE scripts and much more. 

      If you want to use the default scripts just use the option  -Sc 

      Example 

      nmap -sV -sC <target ip>

       In the above example, I am scanning another virtual machine Metasploitable which is intentionally vulnerable. So as you can see, the following arguments were used for the scan: 

      -sV: Used for version detection it is a good idea to use this argument with other scripts the accuracy of result increases.

      -sC: Run all the scripts under the category default. NSE scripts are having a different category at the last of the article I will include some resources link and explore more category.

       

      6. NSE Scripts Arguments

      If you want to know about particular NSE  script what it is doing and the different arguments should be passed just run the command 

      nmap --script-help=<name of script>

      As you can see in the above example the http-unsafe-output-escaping script is used to find XSS vulnerability in websites.

       

      7. Nmap XSS Vulnerability Detection

      Now we will use the two scripts to demonstrate to you the two most common vulnerabilities in web application first XSS. To identify the website is vulnerable to XSS we will use the NSE script name http-unsafe-output-escaping for this just hit the command 

      Nmap -sV --script=http-unsafe-output-escaping <target>

      As you can see the result it is showing perfectly with the details and the proof of XSS vulnerable website.

       

      8. Nmap SQL Injection Vulnerability Detection

      In the second example, we will use the NSE script which shows the website is vulnerable to SQL injection name http-sql-injection 

      For that just run the command 

      nmap -sV --script=http-sql-injection <target>

      Now you can see all possible SQL injections in particular websites with  the details 

       

      9. Using Different Scripts at Once

      You can use different scripts at a time by separating them with a comma ‘,’

      Example 

      nmap -sV --script=<name of first script>,<name of second script> <target>
      nmap -sV --script=http-unsafe-output-escaping,http-sql-injection <target>
      
      

      Note: This is time-consuming to use multiple scripts at a time.

      Second, some of the scripts will accept some arguments 

      Example 

      nmap -sV --script=<name of script> --script-args=<arguments to be passed as string> <target>

       

      10. Intrusion Detection Systems (IDS) & Packet Filtering

      At last, I want to tell you one thing nowadays web servers are using packet filtering mechanism such as WAF or IDS that will filter the malicious packet and we will not get expected result so that is my advice to use the NSE script 

      Bypassing Firewalls

      https://nmap.org/nsedoc/scripts/firewall-bypass.html

      Note: Sometimes it will bypass firewall sometimes not but my experience is to use this firewall-bypass script with the combination of other script separated with coma at a time it will give the best result 

       

      References

      • https://nmap.org/nsedoc/
      • https://nmap.org/book/

       

      Thanks for reading 😉

      • Share:
      Gagandeep Singh
      Gagandeep Singh
      An ethical hacker and learner.

      Previous post

      How I Discovered a Remote Code Execution in rConfig v3.9.2 (CVE-2019-16663) & (CVE-2019-16662)
      November 14, 2019

      Next post

      How To Start a Fake Access Point (Fake WIFI)
      November 28, 2019

      You may also like

      Qubes-YT (1)
      The Most Secure OS!
      15 April, 2021
      Hacking TOR Hidden Services (1)
      How to Stay Away From Downloading Malware? Top 9 Prevention Tips
      12 April, 2021
      maxresdefault
      Accurately Locate Smartphones Using Social Engineering – Seeker
      9 April, 2021

      Leave A Reply Cancel reply

      You must be logged in to post a comment.

      Categories

      • Cryptography
      • Cryptography
      • CTF
      • Forensics
      • Hacking & Security
      • IOT
      • Kali Linux
      • Network Hacking
      • News
      • OSINT
      • Post Exploitation
      • Post Exploitation
      • Programming
      • Security
      • Social Engineering
      • Uncategorized
      • Web Hacking

      Popular Posts

      Got a Blank Screen After Importing Kali in Virtual Box ? Here’s How To Fix It
      25Jan2018
      How To Start a Fake Access Point (Fake WIFI)
      28Nov2019
      How to Discover Device Manufacturer Based on MAC Address
      28May2018
      HiddenEye – The All in One Phishing Solution
      28Apr2020

      Connect with us

      • Facebook
      • Twitter
      • LinkedIn
      • Instagram
      • Youtube

      “Everything related to ethical hacking

      & cyber security in one place.”

      Quick Links

      • Home
      • About Us
      • Hacking & Security
      • Contact
      • FAQ

      Services

      • Penetration Testing
      • Consulting
      • Code Review
      • One on one training
      • VPN
      • VIP Membership

      Company

      • About Us
      • Contact

      Support

      • FAQ
      • Forums

      Copyright © 2021 zSecurity Ltd. All rights reserved.

      • Privacy
      • Terms

      Contribute

      Share your knowledge with the world

      SUBMIT AN ARTICLE

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account

      Are you a member? Login now