Mastering the Nmap Scripting Engine

Master the Nmap Scripting Engine and the art of developing NSE scripts
Preview in Mapt
Code Files

Mastering the Nmap Scripting Engine

Paulino Calderon

Master the Nmap Scripting Engine and the art of developing NSE scripts

Quick links: > What will you learn?> Table of content

Mapt Subscription
FREE
$29.99/m after trial
eBook
$18.90
RRP $26.99
Save 29%
Print + eBook
$44.99
RRP $44.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$18.90
$44.99
$29.99 p/m after trial
RRP $26.99
RRP $44.99
Subscription
eBook
Print + eBook
Start 14 Day Trial

Frequently bought together


Mastering the Nmap Scripting Engine Book Cover
Mastering the Nmap Scripting Engine
$ 26.99
$ 18.90
Nmap Essentials Book Cover
Nmap Essentials
$ 19.99
$ 14.00
Buy 2 for $31.50
Save $15.48
Add to Cart

Book Details

ISBN 139781782168317
Paperback244 pages

Book Description

Nmap is a well-known security tool used by penetration testers and system administrators for many different networking tasks. The Nmap Scripting Engine (NSE) was introduced during Google's Summer of Code 2006 and has added the ability to perform additional tasks on target hosts, such as advanced fingerprinting and service discovery and information gathering.

This book will teach you everything you need to know to master the art of developing NSE scripts. The book starts by covering the fundamental concepts of Lua programming and reviews the syntax and structure of NSE scripts. After that, it covers the most important features of NSE. It jumps right into coding practical scripts and explains how to use the Nmap API and the available NSE libraries to produce robust scripts. Finally, the book covers output formatting, string handling, network I/O, parallelism, and vulnerability exploitation.

Table of Contents

Chapter 1: Introduction to the Nmap Scripting Engine
Installing Nmap
Running NSE scripts
Script categories
Scan phases and NSE
Applications of NSE scripts
Setting up a development environment
Adding new scripts
Summary
Chapter 2: Lua Fundamentals
Quick notes about Lua
Flow control structures
Data types
String handling
Common data structures
I/O operations
Coroutines
Metatables and metamethods
Summary
Chapter 3: NSE Data Files
Locating your data directory
Data directory search order
Username and password lists used in brute-force attacks
Web application auditing data files
DBMS-auditing data files
Java Debug Wire Protocol data files
Other NSE data files
Other Nmap data files
Summary
Chapter 4: Exploring the Nmap Scripting Engine API and Libraries
Understanding the structure of an NSE script
Exploring environment variables
Accessing the Nmap API
The NSE registry
Writing NSE libraries
Exploring other popular NSE libraries
Summary
Chapter 5: Enhancing Version Detection
Understanding version detection mode in NSE
Writing your own version detection scripts
Examples of version detection scripts
Summary
Chapter 6: Developing Brute-force Password-auditing Scripts
Working with the brute NSE library
Reading usernames and password lists with the unpwdb NSE library
Managing user credentials found during scans
Writing an NSE script to launch password-auditing attacks against the MikroTik RouterOS API
Summary
Chapter 7: Formatting the Script Output
Output formats and Nmap Scripting Engine
XML structured output
Printing verbosity messages
Including debugging information
The weakness of the grepable format
NSE script output in the HTML report
Summary
Chapter 8: Working with Network Sockets and Binary Data
Working with NSE sockets
Understanding advanced network I/O
Manipulating raw packets
Raw packet handling and NSE sockets
Summary
Chapter 9: Parallelism
Parallelism options in Nmap
Parallelism mechanisms in Lua
Parallelism mechanisms in NSE
Consuming TCP connections with NSE
Summary
Chapter 10: Vulnerability Detection and Exploitation
Vulnerability scanning
Reporting vulnerabilities
Summary

What You Will Learn

  • Get to grips with the fundamentals of Lua, the programming language used by the Nmap Scripting Engine
  • Extend the capabilities of Nmap by writing your own NSE scripts
  • Explore the Nmap Scripting Engine API
  • Discover all the available NSE libraries
  • Write robust brute force password auditing scripts
  • Customize the databases distributed with Nmap
  • Produce flexible script reports in NSE
  • Optimize Nmap scans with script and library arguments
  • Enhance the version detection capabilities of Nmap

Authors

Table of Contents

Chapter 1: Introduction to the Nmap Scripting Engine
Installing Nmap
Running NSE scripts
Script categories
Scan phases and NSE
Applications of NSE scripts
Setting up a development environment
Adding new scripts
Summary
Chapter 2: Lua Fundamentals
Quick notes about Lua
Flow control structures
Data types
String handling
Common data structures
I/O operations
Coroutines
Metatables and metamethods
Summary
Chapter 3: NSE Data Files
Locating your data directory
Data directory search order
Username and password lists used in brute-force attacks
Web application auditing data files
DBMS-auditing data files
Java Debug Wire Protocol data files
Other NSE data files
Other Nmap data files
Summary
Chapter 4: Exploring the Nmap Scripting Engine API and Libraries
Understanding the structure of an NSE script
Exploring environment variables
Accessing the Nmap API
The NSE registry
Writing NSE libraries
Exploring other popular NSE libraries
Summary
Chapter 5: Enhancing Version Detection
Understanding version detection mode in NSE
Writing your own version detection scripts
Examples of version detection scripts
Summary
Chapter 6: Developing Brute-force Password-auditing Scripts
Working with the brute NSE library
Reading usernames and password lists with the unpwdb NSE library
Managing user credentials found during scans
Writing an NSE script to launch password-auditing attacks against the MikroTik RouterOS API
Summary
Chapter 7: Formatting the Script Output
Output formats and Nmap Scripting Engine
XML structured output
Printing verbosity messages
Including debugging information
The weakness of the grepable format
NSE script output in the HTML report
Summary
Chapter 8: Working with Network Sockets and Binary Data
Working with NSE sockets
Understanding advanced network I/O
Manipulating raw packets
Raw packet handling and NSE sockets
Summary
Chapter 9: Parallelism
Parallelism options in Nmap
Parallelism mechanisms in Lua
Parallelism mechanisms in NSE
Consuming TCP connections with NSE
Summary
Chapter 10: Vulnerability Detection and Exploitation
Vulnerability scanning
Reporting vulnerabilities
Summary

Book Details

ISBN 139781782168317
Paperback244 pages
Read More

Read More Reviews

Recommended for You

Nmap Essentials Book Cover
Nmap Essentials
$ 19.99
$ 14.00
Mastering Wireshark Book Cover
Mastering Wireshark
$ 39.99
$ 28.00
Packet Analysis with Wireshark Book Cover
Packet Analysis with Wireshark
$ 27.99
$ 19.60
Nmap 6: Network Exploration and Security Auditing Cookbook Book Cover
Nmap 6: Network Exploration and Security Auditing Cookbook
$ 26.99
$ 18.90
Wireshark Essentials Book Cover
Wireshark Essentials
$ 14.99
$ 10.50
Wireshark Network Security Book Cover
Wireshark Network Security
$ 31.99
$ 22.40