BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
If you can't read please download the document
-
Upload
shellmates -
Category
Technology
-
view
636 -
download
9
Transcript of BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
- 1. N m a p S c r ip t in g E n g in eR u lin g t h e n e t w o r k w it h N m a p o n s t e r o id sHani BenhabilesPresident @ OWASP Algeria Student ChapterNmap-dev team (gsoc)Security enthusiastStudent @ ESI Twitter: @kroosec Email: [email protected]
2. S umma ryNmapNmap Scripting EngineWriting Nmap scripts 3. Nma pNetwork scannerOpen Source1997, by FyodorLatest version: 5.51 (stable), 5.61TEST5 (Dev)THE tool 4. Nma pHost discovey (Are there devices on these IPs? )-PE, -PS, -PA, -PU, -PP, -PR etc... 5. Nma pPort scanning-sS, -sT, -sU, -sA etc... 6. Nma pVersion detection-sVnmap-service-probes 7. Nma pOS detection-Onmap-os-db 8. S t ill, n o t f le x ib lee no u g h... 9. N m a p S c r ip t in g E n g in e2006, by Diman Todorov (GSoC project)Extends Nmap capabilitiesScripts are written in Lua 10. N m a p S c r ip t in g E n g in e365 scripts/usr/share/nmap/scripts/95 libraries/usr/share/nmap/nselib/ 11. N m a p S c r ip t in g E n g in eScript types: Prerule, Host, Service, PostruleScript categories: broadcast, brute, default (-A),discovery, dos, safe, version, vuln...http://nmap.org/nsedoc/ 12. N m a p S c r ip t in g E n g in e 13. N m a p S c r ip t in g E n g in e 14. P ha s e s of a n Nma psc anScript pre-scanningTarget enumerationHost discoveryReverse-DNS resolutionPort scanningVersion detectionOS detectionTracerouteScript scanningOutputScript post-scanning 15. E x e c u t in g S c r ip t s--script http-enum--script default,safe--script http-* --script-args user=foo 16. N m a p S c r ip t in g E n g in e 17. D e mo (broa dc a s t s c r ip t s ) 18. W r it in g N m a p s c r ip t sScripting languageFast and very lightUsed by other security projects(Wireshark, Snort, ModSecurity...)Also used in game development: Crysis, WoW...yes, World of Warcraft :) 19. W r it in g N m a p s c r ip t sMeta-informationdescription, categories, dependencies, author andlicense. 20. W r it in g N m a p s c r ip t sRulesPrerule, hostrule, portrule, postruleMay have more than one rule 21. W r it in g N m a p s c r ip t sactionCore of the scriptFunction executed when a rule returns true. 22. L e s s t a lk . . . 23. W r it in g N m a p s c r ip t sDrupal Views module Information LeakagePermits recovering list of usersadmin/views/ajax/autocomplete/user/S returnsusernames that begin with SResults in JSON format 24. W r it in g N m a p s c r ip t sNot patchedDrupal.org is vulnerable :)For more information:http://www.madirish.net/node/465 25. L e ts w r it e it 26. H e lp t h e p r o je c tTesting scriptsIdeas for new scriptsContribute [email protected] 27. Th a n k yo u ! Hani Benhabiles Twitter: @kroosec Email: [email protected]
