Mastering the Nmap Scripting Engine

More Information
  • Get to grips with the fundamentals of Lua, the programming language used by the Nmap Scripting Engine
  • Extend the capabilities of Nmap by writing your own NSE scripts
  • Explore the Nmap Scripting Engine API
  • Discover all the available NSE libraries
  • Write robust brute force password auditing scripts
  • Customize the databases distributed with Nmap
  • Produce flexible script reports in NSE
  • Optimize Nmap scans with script and library arguments
  • Enhance the version detection capabilities of Nmap

Nmap is a well-known security tool used by penetration testers and system administrators for many different networking tasks. The Nmap Scripting Engine (NSE) was introduced during Google's Summer of Code 2006 and has added the ability to perform additional tasks on target hosts, such as advanced fingerprinting and service discovery and information gathering.

This book will teach you everything you need to know to master the art of developing NSE scripts. The book starts by covering the fundamental concepts of Lua programming and reviews the syntax and structure of NSE scripts. After that, it covers the most important features of NSE. It jumps right into coding practical scripts and explains how to use the Nmap API and the available NSE libraries to produce robust scripts. Finally, the book covers output formatting, string handling, network I/O, parallelism, and vulnerability exploitation.

  • Extend the capabilities of Nmap to perform custom tasks with the Nmap Scripting Engine
  • Learn the fundamentals of Lua programming
  • Develop powerful scripts for the Nmap Scripting Engine
  • Discover all the features and libraries of the Nmap Scripting Engine
  • In-depth coverage of the Nmap Scripting Engine API and most important libraries with examples
Page Count 244
Course Length 7 hours 19 minutes
ISBN 9781782168317
Date Of Publication 18 Feb 2015


Paulino Calderon

Paulino Calderon (@calderpwn on Twitter) is the cofounder of Websec, a company offering information security consulting services based in Mexico and Canada. When he is not traveling to a security conference or conducting on-site consulting for Fortune 500 companies, he spends peaceful days in Cozumel, a beautiful small island in the Caribbean, learning new technologies, conducting big data experiments, developing new tools, and finding bugs in software.

Paulino is active in the open source community, and his contributions are used by millions of people in the information security industry. In 2011, Paulino joined the Nmap team during the Google Summer of Code to work on the project as an NSE developer. He focused on improving the web scanning capabilities of Nmap, and he has kept contributing to the project since then. In addition, he has been a mentor for students who focused on vulnerability detection during the Google Summer of Code 2015 and 2017.

He has published Nmap 6: Network Exploration and Security Auditing Cookbook and Mastering the Nmap Scripting Engine, which cover practical tasks with Nmap and NSE development in depth. He loves attending information security conferences, and he has given talks and participated in workshops in dozens of events in Canada, the United States, Mexico, Colombia, Peru, Bolivia, and Curacao.