Mastering the Nmap Scripting Engine

Master the Nmap Scripting Engine and the art of developing NSE scripts

Mastering the Nmap Scripting Engine

Mastering
Paulino Calderón Pale

Master the Nmap Scripting Engine and the art of developing NSE scripts
$26.99
$44.99
RRP $26.99
RRP $44.99
eBook
Print + eBook
$12.99 p/month

Want this title & more? Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.
Code Files
+ Collection
Free Sample

Book Details

ISBN 139781782168317
Paperback244 pages

About This Book

  • Extend the capabilities of Nmap to perform custom tasks with the Nmap Scripting Engine
  • Learn the fundamentals of Lua programming
  • Develop powerful scripts for the Nmap Scripting Engine
  • Discover all the features and libraries of the Nmap Scripting Engine
  • In-depth coverage of the Nmap Scripting Engine API and most important libraries with examples

Who This Book Is For

If you want to learn to write your own scripts for the Nmap Scripting Engine, this is the book for you. It is perfect for network administrators, information security professionals, and even Internet enthusiasts who are familiar with Nmap.

Table of Contents

Chapter 1: Introduction to the Nmap Scripting Engine
Installing Nmap
Running NSE scripts
Script categories
Scan phases and NSE
Applications of NSE scripts
Setting up a development environment
Adding new scripts
Summary
Chapter 2: Lua Fundamentals
Quick notes about Lua
Flow control structures
Data types
String handling
Common data structures
I/O operations
Coroutines
Metatables and metamethods
Summary
Chapter 3: NSE Data Files
Locating your data directory
Data directory search order
Username and password lists used in brute-force attacks
Web application auditing data files
DBMS-auditing data files
Java Debug Wire Protocol data files
Other NSE data files
Other Nmap data files
Summary
Chapter 4: Exploring the Nmap Scripting Engine API and Libraries
Understanding the structure of an NSE script
Exploring environment variables
Accessing the Nmap API
The NSE registry
Writing NSE libraries
Exploring other popular NSE libraries
Summary
Chapter 5: Enhancing Version Detection
Understanding version detection mode in NSE
Writing your own version detection scripts
Examples of version detection scripts
Summary
Chapter 6: Developing Brute-force Password-auditing Scripts
Working with the brute NSE library
Reading usernames and password lists with the unpwdb NSE library
Managing user credentials found during scans
Writing an NSE script to launch password-auditing attacks against the MikroTik RouterOS API
Summary
Chapter 7: Formatting the Script Output
Output formats and Nmap Scripting Engine
XML structured output
Printing verbosity messages
Including debugging information
The weakness of the grepable format
NSE script output in the HTML report
Summary
Chapter 8: Working with Network Sockets and Binary Data
Working with NSE sockets
Understanding advanced network I/O
Manipulating raw packets
Raw packet handling and NSE sockets
Summary
Chapter 9: Parallelism
Parallelism options in Nmap
Parallelism mechanisms in Lua
Parallelism mechanisms in NSE
Consuming TCP connections with NSE
Summary
Chapter 10: Vulnerability Detection and Exploitation
Vulnerability scanning
Reporting vulnerabilities
Summary

What You Will Learn

  • Get to grips with the fundamentals of Lua, the programming language used by the Nmap Scripting Engine
  • Extend the capabilities of Nmap by writing your own NSE scripts
  • Explore the Nmap Scripting Engine API
  • Discover all the available NSE libraries
  • Write robust brute force password auditing scripts
  • Customize the databases distributed with Nmap
  • Produce flexible script reports in NSE
  • Optimize Nmap scans with script and library arguments
  • Enhance the version detection capabilities of Nmap

In Detail

Nmap is a well-known security tool used by penetration testers and system administrators for many different networking tasks. The Nmap Scripting Engine (NSE) was introduced during Google's Summer of Code 2006 and has added the ability to perform additional tasks on target hosts, such as advanced fingerprinting and service discovery and information gathering.

This book will teach you everything you need to know to master the art of developing NSE scripts. The book starts by covering the fundamental concepts of Lua programming and reviews the syntax and structure of NSE scripts. After that, it covers the most important features of NSE. It jumps right into coding practical scripts and explains how to use the Nmap API and the available NSE libraries to produce robust scripts. Finally, the book covers output formatting, string handling, network I/O, parallelism, and vulnerability exploitation.

Authors

Table of Contents

Chapter 1: Introduction to the Nmap Scripting Engine
Installing Nmap
Running NSE scripts
Script categories
Scan phases and NSE
Applications of NSE scripts
Setting up a development environment
Adding new scripts
Summary
Chapter 2: Lua Fundamentals
Quick notes about Lua
Flow control structures
Data types
String handling
Common data structures
I/O operations
Coroutines
Metatables and metamethods
Summary
Chapter 3: NSE Data Files
Locating your data directory
Data directory search order
Username and password lists used in brute-force attacks
Web application auditing data files
DBMS-auditing data files
Java Debug Wire Protocol data files
Other NSE data files
Other Nmap data files
Summary
Chapter 4: Exploring the Nmap Scripting Engine API and Libraries
Understanding the structure of an NSE script
Exploring environment variables
Accessing the Nmap API
The NSE registry
Writing NSE libraries
Exploring other popular NSE libraries
Summary
Chapter 5: Enhancing Version Detection
Understanding version detection mode in NSE
Writing your own version detection scripts
Examples of version detection scripts
Summary
Chapter 6: Developing Brute-force Password-auditing Scripts
Working with the brute NSE library
Reading usernames and password lists with the unpwdb NSE library
Managing user credentials found during scans
Writing an NSE script to launch password-auditing attacks against the MikroTik RouterOS API
Summary
Chapter 7: Formatting the Script Output
Output formats and Nmap Scripting Engine
XML structured output
Printing verbosity messages
Including debugging information
The weakness of the grepable format
NSE script output in the HTML report
Summary
Chapter 8: Working with Network Sockets and Binary Data
Working with NSE sockets
Understanding advanced network I/O
Manipulating raw packets
Raw packet handling and NSE sockets
Summary
Chapter 9: Parallelism
Parallelism options in Nmap
Parallelism mechanisms in Lua
Parallelism mechanisms in NSE
Consuming TCP connections with NSE
Summary
Chapter 10: Vulnerability Detection and Exploitation
Vulnerability scanning
Reporting vulnerabilities
Summary

Book Details

ISBN 139781782168317
Paperback244 pages
Read More