Search icon Close icon
Search icon
Subscription
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Nmap Network Exploration and Security Auditing Cookbook, Third Edition - Third Edition

You're reading from  Nmap Network Exploration and Security Auditing Cookbook, Third Edition - Third Edition

Product type Book
Published in Sep 2021
Publisher Packt
ISBN-13 9781838649357
Pages 436 pages
Edition 3rd Edition
Languages
Concepts
Author (1):
Paulino Calderon Paulino Calderon
Profile icon Paulino Calderon
LinkedIn
Paulino Calderon (@calderpwn on Twitter) is the cofounder of Websec, a company offering information security consulting services based in Mexico and Canada. When he is not traveling to a security conference or conducting on-site consulting for Fortune 500 companies, he spends peaceful days in Cozumel, a beautiful small island in the Caribbean, learning new technologies, conducting big data experiments, developing new tools, and finding bugs in software. Paulino is active in the open source community, and his contributions are used by millions of people in the information security industry. In 2011, Paulino joined the Nmap team during the Google Summer of Code to work on the project as an NSE developer. He focused on improving the web scanning capabilities of Nmap, and he has kept contributing to the project since then. In addition, he has been a mentor for students who focused on vulnerability detection during the Google Summer of Code 2015 and 2017. He has published Nmap 6: Network Exploration and Security Auditing Cookbook and Mastering the Nmap Scripting Engine, which cover practical tasks with Nmap and NSE development in depth. He loves attending information security conferences, and he has given talks and participated in workshops in dozens of events in Canada, the United States, Mexico, Colombia, Peru, Bolivia, and Curacao.
See other products by Paulino Calderon

Table of Contents (22) Chapters

Preface 1. Chapter 1: Nmap Fundamentals 2. Chapter 2: Getting Familiar with Nmap's Family 3. Chapter 3: Network Scanning 4. Chapter 4: Reconnaissance Tasks 5. Chapter 5: Scanning Web Servers 6. Chapter 6: Scanning Databases 7. Chapter 7: Scanning Mail Servers 8. Chapter 8: Scanning Windows Systems 9. Chapter 9: Scanning ICS/SCADA Systems 10. Chapter 10: Scanning Mainframes 11. Chapter 11: Optimizing Scans 12. Chapter 12: Generating Scan Reports 13. Chapter 13: Writing Your Own NSE Scripts 14. Chapter 14: Exploiting Vulnerabilities with the Nmap Scripting Engine 15. Other Books You May Enjoy Appendix A: HTTP, HTTP Pipelining, and Web Crawling Configuration Options 1. Appendix Β: Brute-Force Password Auditing Options 2. Appendix C: NSE Debugging 3. Appendix D: Additional Output Options 4. Appendix Ε: Introduction to Lua 5. Appendix F: References and Additional Reading

Chapter 14: Exploiting Vulnerabilities with the Nmap Scripting Engine

While Nmap has never tried to become an exploitation framework, it does have several features that make it a viable option. Transparent parallelism in network I/O operations allows speed and efficiency. Quick prototyping in Lua allows exploit writers to work with protocols or applications having many Nmap Scripting Engine (NSE) libraries available to save development time. NSE scripts will be ready to run on any system that can run Nmap. And they can run against entire network ranges or large lists of targets, making them ideal for vulnerability detection.

Hopefully, the previous chapter introduced you to the NSE script format, common functions, and libraries. This chapter will teach you how to apply that to vulnerability detection and exploitation within Nmap.

In this chapter, you will learn about the following:

  • Generating vulnerability reports in NSE scripts
  • Writing brute-force password auditing...

Generating vulnerability reports in NSE scripts

NSE is perfect for detecting vulnerabilities, and for this reason, there are already several exploitation scripts included with Nmap. Not too long ago, each developer used their criteria for what output to include when reporting these vulnerabilities. To address this issue and unify the output format and the amount of information provided, a new NSE library was introduced.

This recipe will teach you how to generate vulnerability reports in your NSE scripts with the vulns library.

How to do it...

The correct way to report vulnerabilities in NSE is through the vulns library. Let's review the process of reporting a vulnerability:

  1. Load the vulns library in your script:
    local vulns = require 'vulns'
  2. Create a vuln object table. Pay special attention to the state field:
    local vuln = { 
 title = '<TITLE GOES HERE>',
 state = vulns.STATE.NOT_VULN, 
 references = {'<URL1>', &apos...

Writing brute-force password auditing scripts

Brute-force password auditing has become a major strength of NSE. The brute library allows developers to quickly write scripts to perform custom brute-force attacks. Nmap offers libraries such as unpwd, which gives access to a flexible username and password database to further customize attacks, and the creds library, which provides an interface to manage the valid credentials found.

This recipe will guide you through the process of writing your brute-force script with the brute, unpwdb, and creds NSE libraries to perform brute-force password auditing on web applications.

How to do it...

Let's write an NSE script to brute-force WordPress accounts:

  1. Create the http-wordpress-brute.nse file and fill in the required information tags:
    description = [[
performs brute force password auditing against Wordpress CMS/blog installations.
This script uses the unpwdb and brute libraries to perform password guessing. Any successful...

Crawling web servers to detect vulnerabilities

When assessing the security of web applications, certain checks need to be done on every file in a web server. For example, looking for forgotten backup files may reveal the application source code or database passwords. NSE supports web crawling, to help us with tasks that require a list of existing files on a web server.

This recipe will show you how to write an NSE script that will crawl a web server looking for files with a .php extension and perform an injection test via the $_SERVER['PHP_SELF'] variable to find reflected cross-site scripting vulnerabilities.

How to do it...

A common task that some major security scanners miss is locating reflected cross-site scripting vulnerabilities in PHP files via the $_SERVER['PHP_SELF'] variable. The web crawler httpspider library comes in handy when automating this task. Let's see how we can write a script:

  1. Create the http-phpself-xss.nse script file...

Exploiting SMB vulnerabilities

NSE allows quick prototyping of proof-of-concept code to exploit a vulnerability due to the robust libraries available for protocols and applications. SMB has been heavily attacked in the past due to the amount of public critical vulnerabilities that surfaced. Since Nmap has a library for SMB, we can use it for crafting special packets and writing exploits easily.

This recipe will teach you how to write a vulnerability detection script for the infamous SMB vulnerability known as EternalBlue (MS17-010).

How to do it...

  1. Start by writing the mandatory fields such as description, author, license, and categories, and loading the required libraries for SMB and other common tasks:
    local nmap = require 'nmap'
local smb = require 'smb'
local vulns = require 'vulns'
local stdnse = require 'stdnse'
local string = require 'string'
  2. Create a function to encapsulate the code related to checking the vulnerability...
lock icon The rest of the chapter is locked
arrow left Previous Chapter
Chapter 1 of 22
Next Chapter arrow right
You have been reading a chapter from
Nmap Network Exploration and Security Auditing Cookbook, Third Edition - Third Edition
Published in: Sep 2021 Publisher: Packt ISBN-13: 9781838649357
© 2021 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime}

Authors (1)

Profile icon Paulino Calderon
LinkedIn
Paulino Calderon (@calderpwn on Twitter) is the cofounder of Websec, a company offering information security consulting services based in Mexico and Canada. When he is not traveling to a security conference or conducting on-site consulting for Fortune 500 companies, he spends peaceful days in Cozumel, a beautiful small island in the Caribbean, learning new technologies, conducting big data experiments, developing new tools, and finding bugs in software. Paulino is active in the open source community, and his contributions are used by millions of people in the information security industry. In 2011, Paulino joined the Nmap team during the Google Summer of Code to work on the project as an NSE developer. He focused on improving the web scanning capabilities of Nmap, and he has kept contributing to the project since then. In addition, he has been a mentor for students who focused on vulnerability detection during the Google Summer of Code 2015 and 2017. He has published Nmap 6: Network Exploration and Security Auditing Cookbook and Mastering the Nmap Scripting Engine, which cover practical tasks with Nmap and NSE development in depth. He loves attending information security conferences, and he has given talks and participated in workshops in dozens of events in Canada, the United States, Mexico, Colombia, Peru, Bolivia, and Curacao.
Read more
See other products by Paulino Calderon

Other recommended products

Related to this chapter
Left arrow icon
Network Scanning Cookbook
Network Scanning Cookbook
Network Scanning Cookbook enables a reader to understand how to perform a Network Scan, which includes Discovery, Scanning, Enumeration, Vulnerability detection etc using scanning tools like Nessus and Nmap. If the reader is an auditor, they will be able to determine the security state of the client's network and recommend remediations accordingly.
Sep 2018 10 hours 8 minutes
Kali Linux Network Scanning Cookbook
Kali Linux Network Scanning Cookbook
With the ever-increasing amount of data flowing in today’s world, information security has become vital to any application. This is where Kali Linux comes in. Kali Linux focuses mainly on security auditing and penetration testing. This step-by-step cookbook on network scanning trains you in important scanning concepts based on version 2016.2. It will enable you to conquer any network environment through a range of network scanning techniques and will also equip you to script your very own tools.
May 2017 21 hours 8 minutes
Metasploit Penetration Testing Cookbook
Metasploit Penetration Testing Cookbook
Metasploit is the world's leading penetration testing tool and helps security and IT professionals find, exploit, and validate vulnerabilities. Metasploit allows penetration testing automation, password auditing, web application scanning, social engineering, post exploitation, evidence collection, and reporting. Metasploit's integration with InsightVM (or Nexpose), Nessus, OpenVas, and other vulnerability scanners provides a validation solution that simplifies vulnerability prioritization and remediation reporting. Teams can collaborate in Metasploit and present their findings in consolidated reports.
Feb 2018 14 hours 12 minutes
Network Vulnerability Assessment
Network Vulnerability Assessment
Being able to identify security loopholes has become critical to many businesses. That's where learning network security assessment becomes very important. This book will not only show you how to find out the system vulnerabilities but also help you build a network security threat model.
Aug 2018 8 hours 28 minutes
Industrial Cybersecurity
Industrial Cybersecurity
With ever-improving and ever-changing cyber threats, businesses need to be on their toes to ensure their safety. This comprehensive book takes you from understanding the basics of cyber security and industrial protocols to building robust industrial control systems. Through real-world scenarios, you will understand vulnerabilities and will be equipped with techniques to ward off all kinds of cyber threat.
Oct 2017 15 hours 12 minutes
Kali Linux 2018: Assuring Security by Penetration Testing
Kali Linux 2018: Assuring Security by Penetration Testing
This book is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques. It offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age.
Oct 2018 17 hours 36 minutes
Mastering Python for Networking and Security
Mastering Python for Networking and Security
Python’s latest updates feature numerous packages that can be used to perform critical missions. This Python networking and security book will help you to use Python packages to detect vulnerabilities in web apps and tackle networking challenges. You’ll explore a variety of techniques and tools for networking and security in Python.
Jan 2021 17 hours 56 minutes
Practical Web Penetration Testing
Practical Web Penetration Testing
Web Applications are the core of any business today, and the need for specialized Application Security experts is increasing these days. Using this book, you will be able to learn Application Security testing and understand how to analyze a web application, conduct a web intrusion test, and a network infrastructure test.
Jun 2018 9 hours 48 minutes
Right arrow icon

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.
Aug 2023 17 hours 28 minutes
Microsoft 365 Security, Compliance, and Identity Administration
Microsoft 365 Security, Compliance, and Identity Administration
The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.
Aug 2023 21 hours 0 minutes
Zero Trust Overview and Playbook Introduction
Zero Trust Overview and Playbook Introduction
Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.
Oct 2023 8 hours 0 minutes
The Self-Taught Cloud Computing Engineer
The Self-Taught Cloud Computing Engineer
This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.
Sep 2023 15 hours 44 minutes
Technology Operating Models for Cloud and Edge
Technology Operating Models for Cloud and Edge
This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.
Aug 2023 7 hours 36 minutes
Azure Architecture Explained
Azure Architecture Explained
Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.
Sep 2023 14 hours 52 minutes
Pentesting Active Directory and Windows-based Infrastructure
Pentesting Active Directory and Windows-based Infrastructure
This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.
Nov 2023 12 hours 0 minutes
Practical Ansible
Practical Ansible
In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.
Sep 2023 14 hours 0 minutes
Windows 11 for Enterprise Administrators
Windows 11 for Enterprise Administrators
Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.
Oct 2023 9 hours 32 minutes
The Linux DevOps Handbook
The Linux DevOps Handbook
This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.
Nov 2023 14 hours 16 minutes
Right arrow icon