Introduction To The Nmap Scripting Engine (NSE)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hello everyone welcome to this module in this module we're going to be getting started with the nmap scripting engine now the nmap scripting engine is where things start getting really really exciting primarily because we're now dealing with enumeration at a deeper level or a much more detailed level and yeah so let's get started in this video i'm just going to be introducing you to the nmap scripting engine in the next set of videos within this module within this very short module i'll introduce you to the basic syntax the functionality uh what you can do with it and then in the later modules we'll get started with uh you know service specific enumeration so first of all what is the nmap scripting engine this is going to be the burning question on your mind right now so the nmap scripting engine is an extremely versatile and useful tool that is a core part of nmap and allows users to write their own scripts and automate various types of scans so you might be saying well could you elaborate a little bit further well of course i can and i can do this by going to the nmap.org website and going under the book and nsc.html where it has a fantastic introduction to the what to what the nmap scripting engine is and how it can help you perform enumeration service enumeration vulnerability analysis so on and so forth all right so again it tells you here and the nmf scripting engine is one of nmap's most powerful and flexible features that is exactly true and allows users to write and share simple scripts to automate a wide variety of networking tasks now the type of tasks you can perform or the types of scans you can perform are listed here we can perform network discovery we can perform more sophisticated version detection scans we can perform vulnerability detection we can also perform backdoor detection and vulnerability exploitation now i'll be explaining uh all of this and how to to differentiate between all of this in a short while uh but before i do that i just want to cover a few important aspects of the nmap scripting engine and nmap scripts in general number one every nmap installation comes pre-loaded or pre-configured or pre-packaged with end with with nmap scripts right and map scripts that are that are part of the nmap at the end map scripting engine database and you can find these scripts under the user share nmap and if we click on scripts directory and hit enter you can find them directly in here so these are all your nmap scripts that allow you to perform uh or automate particular scans and again these these are used for uh you know for performing broadcast scans they're used for performing vulnerability detection uh backdoor detection so on and so forth there's tons of functionality here and they all sorted alphabetically now the key thing you need to take a look at here is the is the extension which in this case is going to be nsc and when you write your own nmap scripts they must have the nsc extension to be used by the nmap scripting engine so in other words the nmap scripting engine allows us to use scripts to automate you know particular scans and without the nmap scripting engine we would not be able to use particular scripts to automate scans so that's a very simple way of explaining what the nmap scripting engine is and why it's so useful now the second or third question that might be on your mind is all right i see the scripts i understand what the scripting engine is what language or scripting language are these scripts written in and to answer that we can take a look at one but before we do that i just want to say that nmap scripts are written in the lua programming or scripting language and you might be thinking huh lua i'm not really sure what that is that's perfectly fine it's very simple to understand and to get started with especially when you take a look at the various nmap scripts in the nmap script directory you'll be able to learn about how to use the scripting or programming language and you'll be able to write your own scripts we will be having an introductory uh module to writing your uh your own nmap scripts um so again to take a look at a script we can use a text editor like vim and uh let's say i want to look for a particular script based on a protocol or a service in this case we're looking for let's say i'm looking for an http uh script in my case i can use i can pipe the output out and to grep and then i can say you can use the expression and i'm looking for all scripts with the expression http and i hit enter and we have tons of them so i'm looking for let's see can we find the http enum script which the http enum script allows us to perform it allows us to perform enumeration on web servers so again i can then use the the previous command here and go i can just get rid of this and i can then use something like vim to make changes to this and then i can finally just go to the end here and i paste the file name in there and i hit enter and this is the http enum script and it's written in the newer programming language all right so this is a great way of learning how to program in lua and how to create your own nmap scripts in the event you need to as i said nmap scripts are used to for very particular types of scans and based on the the actual documentation here you can see they are based on you know vulnerability detection backdoor detection and very specific service based scans right so in this case you can see we this is an http only script which means you can only run this on on a web server or a target that has the port 80 or port 443 open so again you can see there's some variable declaration here and then at the bottom we have the essential the essential the essential code here where you have all the functionality and you can go through it and try and understand it as best as you can if you already have experience with the lua programming language then it shouldn't be it shouldn't take any and any time for you to actually start writing your own nmap scripts um however before we do any of that we need to understand how to use the scripting engine so that's going to be the end to this introductory video to the nmap scripting engine in the next set of videos we'll take a look at the syntax how to run scripts how to run multiple scripts and i will also talk about various important bits of functionality like the script catheter the script categories so on and so forth so that's going to be it for this video and i'll be seeing you in the next video [Music]

Info

Channel: HackerSploit

Views: 40,089

Rating: undefined out of 5

Keywords: hackersploit, hacker exploit, kali linux, hacking, infosec, cybersecurity, nmap tutorial, nmap kali linux, nmap 101, nmap windows, nmap port scan, nmap scan, nmap tutorial windows 10, nmap tutorial for beginners, nmap commands, nmap advanced, nmap tutorial windows, nmap windows 10 tutorial, nmap vulnerability scan, nmap full course, nmap penetration testing, nmap script tutorial, nmap script, nmap script to find vulnerabilities, nmap scripting engine

Id: ceGywKe8RnY

Channel Id: undefined

Length: 6min 44sec (404 seconds)

Published: Wed Aug 05 2020