Nmap for Scriptors
-
Upload
nu-the-open-security-community -
Category
Education
-
view
113 -
download
0
description
Transcript of Nmap for Scriptors
![Page 1: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/1.jpg)
Nmap for Scriptors Sanoop Thomas
@s4n7h0
![Page 2: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/2.jpg)
• This is very small session to accommodate
some coding concept (I agree it’s a bad try)
• We will try to cover up some very important
points required
• A kick start session for security researchers
to know how NSE can be build and use to
create PoCs
Disclaimer
![Page 3: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/3.jpg)
• How many of you used Nmap ?
• What about –A option ?
• What are Nmap scripts ?
Some Wrong Questions I’m sure many of you must be familiar with Nmap; but still for those who are new….
![Page 4: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/4.jpg)
![Page 5: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/5.jpg)
Nmap Script Scan
![Page 6: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/6.jpg)
• Windows
– C:\Program Files (x86)\Nmap\scripts
• Linux
– /usr/share/nmap/scripts
• In Backtrack
– /usr/local/share/nmap/scripts
Script Path
![Page 7: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/7.jpg)
• Network Discovery
• Version Detection
• Vulnerability Detection
• Malware Detection
• Exploitation
Nmap Script Engine [NSE]
![Page 8: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/8.jpg)
Anatomy of NSE
require
metadata
categories
portrule
action
![Page 9: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/9.jpg)
description =[[
Just to show the Skelton of an NSE script
]]
author = “Mr. X”
categories = {"safe", "discovery"}
require "shortport"
portrule = shortport.port_or_service({80,8080,443},{"http"},{"tcp"})
action = function(host,port)
return "Webserver found on port "..port.number
end
NSE Skelton
![Page 10: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/10.jpg)
• Import libraries
• require "shortport“
• local shortport = require "shortport"
require
![Page 11: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/11.jpg)
• Includes description of script, author name,
license information, etc.
• Not much relevant; but will help the user to
know what your script does
metadata
![Page 12: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/12.jpg)
• Defines the type of your script
– auth, broadcast, brute, default, discovery, dos, exploit, external, fuzzer, intrusive, malware, safe, version, vuln
• Because you can run scripts with
categories
categories
![Page 13: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/13.jpg)
• nmap --script “http-*”
• nmap --script “http-* and ftp-*”
• nmap --script “not brute”
• nmap --script “vuln,safe”
• nmap --script “vuln or safe”
• nmap --script “(vuln or safe) and not http-*”
Scan Smartly
![Page 14: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/14.jpg)
• Script executions are conditional
• portrule = shortport.http
• portrule = shortport.port_or_service(21, “ftp”)
portrule
![Page 15: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/15.jpg)
• The actual code to execute based of the
portrule
• A combination of LUA code and NMAP library
calls
action = function(host, port)
-- code to execute
end
action
![Page 16: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/16.jpg)
• It’s coding
– Means – giving life to a code snippet
– So,
• You need to know how, what, why etc.
Some Practical Approach
![Page 17: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/17.jpg)
• Specify the script directory (--datadir)
• Use debugging mode when running script (-d)
• Update the script database once you are
done with final make (--script-updatedb)
• Use script trace (--script-trace)
Tips for Scriptors
![Page 18: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/18.jpg)
• nmap.org/nsedoc/
• lua.org/docs.html
References
![Page 19: Nmap for Scriptors](https://reader033.fdocuments.us/reader033/viewer/2022051515/54c5a6194a795914298b4643/html5/thumbnails/19.jpg)
Thanks
Any Questions ?
Sanoop Thomas @s4n7h0