Nmap: Network Exploration and Security Auditing Cookbook - Second Edition
()
About this ebook
- Learn through practical recipes how to use Nmap for a wide range of tasks for system administrators and penetration testers.
- Learn the latest and most useful features of Nmap and the Nmap Scripting Engine.
- Learn to audit the security of networks, web applications, databases, mail servers, Microsoft Windows servers/workstations and even ICS systems.
- Learn to develop your own modules for the Nmap Scripting Engine.
- Become familiar with Lua programming.
- 100% practical tasks, relevant and explained step-by-step with exact commands and optional arguments description
The book is for anyone who wants to master Nmap and its scripting engine to perform real life security auditing checks for system administrators and penetration testers. This book is also recommended to anyone looking to learn about network security auditing. Finally, novice Nmap users will also learn a lot from this book as it covers several advanced internal aspects of Nmap and related tools.
Related to Nmap
Related ebooks
Mastering the Nmap Scripting Engine Rating: 0 out of 5 stars0 ratingsNmap Essentials Rating: 4 out of 5 stars4/5Kali Linux Network Scanning Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsPenetration Testing with the Bash shell Rating: 0 out of 5 stars0 ratingsBuilding Virtual Pentesting Labs for Advanced Penetration Testing Rating: 0 out of 5 stars0 ratingsBurp Suite Essentials Rating: 4 out of 5 stars4/5Mastering Kali Linux for Advanced Penetration Testing - Second Edition Rating: 0 out of 5 stars0 ratingsMetasploit Bootcamp Rating: 5 out of 5 stars5/5Learn Kali Linux 2019: Perform powerful penetration testing using Kali Linux, Metasploit, Nessus, Nmap, and Wireshark Rating: 0 out of 5 stars0 ratingsMastering Wireshark Rating: 2 out of 5 stars2/5Penetration Testing Bootcamp Rating: 5 out of 5 stars5/5Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks Rating: 0 out of 5 stars0 ratingsKali Linux Wireless Penetration Testing Essentials Rating: 5 out of 5 stars5/5Hands-On Network Forensics: Investigate network attacks and find evidence using common network forensic tools Rating: 0 out of 5 stars0 ratingsMastering Kali Linux for Web Penetration Testing Rating: 4 out of 5 stars4/5Penetration Testing with BackBox Rating: 0 out of 5 stars0 ratingsApplied Network Security Rating: 0 out of 5 stars0 ratingsEffective Python Penetration Testing Rating: 0 out of 5 stars0 ratingsPractical Linux Security Cookbook Rating: 0 out of 5 stars0 ratingsPython Passive Network Mapping: P2NMAP Rating: 4 out of 5 stars4/5Building a Pentesting Lab for Wireless Networks Rating: 0 out of 5 stars0 ratingsLinux Networking Cookbook Rating: 0 out of 5 stars0 ratingsBuilding Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition Rating: 0 out of 5 stars0 ratingsWireshark Network Security Rating: 3 out of 5 stars3/5Learning Network Forensics Rating: 5 out of 5 stars5/5Kali Linux CTF Blueprints Rating: 0 out of 5 stars0 ratingsMastering Kali Linux for Advanced Penetration Testing Rating: 4 out of 5 stars4/5
Networking For You
Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsA Beginner's Guide to Ham Radio Rating: 0 out of 5 stars0 ratingsProgramming Arduino: Getting Started with Sketches Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Network+ Certification Passport, Sixth Edition (Exam N10-007) Rating: 1 out of 5 stars1/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Concise and Simple Guide to IP Subnets Rating: 5 out of 5 stars5/5Networking For Dummies Rating: 5 out of 5 stars5/5Networking All-in-One For Dummies Rating: 5 out of 5 stars5/5Home Networking Do-It-Yourself For Dummies Rating: 4 out of 5 stars4/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Certification Study Guide: Exam N10-004: Exam N10-004 2E Rating: 4 out of 5 stars4/5Cisco Packet Tracer for Beginners Rating: 5 out of 5 stars5/5CCNA Certification Study Guide, Volume 2: Exam 200-301 Rating: 0 out of 5 stars0 ratingsLinux Bible Rating: 0 out of 5 stars0 ratingsThe Compete Ccna 200-301 Study Guide: Network Engineering Edition Rating: 5 out of 5 stars5/5Practical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5Wikis For Dummies Rating: 3 out of 5 stars3/5Windows Command Line Administration Instant Reference Rating: 0 out of 5 stars0 ratingsRaspberry Pi Electronics Projects for the Evil Genius Rating: 3 out of 5 stars3/5AWS Certified Cloud Practitioner Study Guide: CLF-C01 Exam Rating: 5 out of 5 stars5/5Computer Networking: Beginners Guide to Network Security & Network Troubleshooting Fundamentals Rating: 0 out of 5 stars0 ratingsThe Windows Command Line Beginner's Guide: Second Edition Rating: 4 out of 5 stars4/5Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3 Rating: 0 out of 5 stars0 ratingsQuantum Computing For Dummies Rating: 0 out of 5 stars0 ratingsCisco Networking All-in-One For Dummies Rating: 4 out of 5 stars4/5Emergency Preparedness and Off-Grid Communication Rating: 0 out of 5 stars0 ratingsAlt-Right: From 4chan to the White House Rating: 3 out of 5 stars3/5
Reviews for Nmap
0 ratings0 reviews
Book preview
Nmap - Paulino Calderon
Title Page
Nmap: Network Exploration and Security Auditing Cookbook
Second Edition
A complete guide to mastering Nmap and its scripting engine, covering practical tasks for penetration testers and system administrators
Paulino Calderon
BIRMINGHAM - MUMBAI
Copyright
Nmap: Network Exploration and Security Auditing Cookbook
Second Edition
Copyright © 2017 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: November 2012
Second edition: May 2017
Production reference: 1240517
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78646-745-4
www.packtpub.com
Credits
About the Author
Paulino Calderon (@calderpwn on Twitter) is the cofounder of Websec, a company offering information security consulting services based in Mexico and Canada. When he is not traveling to a security conference or conducting on-site consulting for Fortune 500 companies, he spends peaceful days in Cozumel, a beautiful small island in the Caribbean, learning new technologies, conducting big data experiments, developing new tools, and finding bugs in software.
Paulino is active in the open source community, and his contributions are used by millions of people in the information security industry. In 2011, Paulino joined the Nmap team during the Google Summer of Code to work on the project as an NSE developer. He focused on improving the web scanning capabilities of Nmap, and he has kept contributing to the project since then. In addition, he has been a mentor for students who focused on vulnerability detection during the Google Summer of Code 2015 and 2017.
He has published Nmap 6: Network Exploration and Security Auditing Cookbook and Mastering the Nmap Scripting Engine, which cover practical tasks with Nmap and NSE development in depth. He loves attending information security conferences, and he has given talks and participated in workshops in dozens of events in Canada, the United States, Mexico, Colombia, Peru, Bolivia, and Curacao.
Acknowledgments
As always, I would like to dedicate this book to a lot of special people who have helped me get where I am.
Special thanks to Fyodor for mentoring me and giving me the opportunity to participate in this amazing project named Nmap. To all the development team, from whom I have learned a lot and now I have the pleasure to know personally, thanks for always answering all my questions and being outstanding individuals.
To my mother, Edith, and my brothers, Omar and Yael, thanks for always supporting me and being the best family I could ask for.
To Martha, who I will always love more than anything, and Pedro Moguel, Martha Vela, Maru, Jo, Fana, Pete, and Pablo, thanks for welcoming me into your family.
Nothing but love to all my friends. It is impossible to list all of you, but know that I appreciate all your love and support. You are always in my heart. Greetings to b33rcon, H4ckD0g5, Security Room LATAM, and the Negan clan, keep on hacking!
To Pedro, Roberto, and the Websec team, thanks for joining me in this crazy adventure that started 6 years ago.
In memory of my father, Dr. Paulino Calderon Medina, who I miss every day.
About the Reviewer
Nikhil Kumar has over 5 years of experience in information security. Currently he is working with Biz2Credit as a Senior Security Consultant. He is a certified ethical hacker, and has bachelor's and master's degrees in computer science. He has done globally accepted certifications such as OSCP, OSWP, and CEH. He has written many articles on web application security, security coding practices, web application firewalls, and so on. He has discovered multiple vulnerabilities in big hotshot applications, including Apple, Microsoft, and so on.
Nikhil can be contacted on LinkedIn at https://in.linkedin.com/in/nikhil73.
www.PacktPub.com
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.comand as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www.packtpub.com/mapt
Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.
Why subscribe?
Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser
Customer Feedback
Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/1786467453.
If you'd like to join our team of regular reviewers, you can e-mail us at customerreviews@packtpub.com. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!
Table of Contents
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Getting ready
How to do it…
How it works…
There's more…
See also
Conventions
Reader feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
Nmap Fundamentals
Introduction
Building Nmap's source code
Getting ready
How to do it...
How it works...
There's more...
Experimental branches
Updating your local working copy
Customizing the building process
Precompiled packages
Finding live hosts in your network
How to do it...
How it works...
There's more...
Tracing routes
Running the Nmap Scripting Engine during host discovery
Exploring more ping scanning techniques
Listing open ports on a target host
How to do it...
How it works...
There's more...
Privileged versus unprivileged
Scanning specific port ranges
Selecting a network interface
More port scanning techniques
Fingerprinting OS and services running on a target host
How to do it...
How it works...
There's more...
Increasing version detection intensity
Aggressive detection mode
Configuring OS detection
OS detection in verbose mode
Submitting new OS and service fingerprints
Using NSE scripts against a target host
How to do it...
How it works...
There's more...
NSE script arguments
Script selection
Debugging NSE scripts
Adding new scripts
Reading targets from a file
How to do it...
How it works...
There's more...
Excluding a host list from your scans
Scanning an IP address ranges
How to do it...
How it works...
There's more...
CIDR notation
Scanning random targets on the Internet
How to do it...
How it works...
There's more...
Legal issues with port scanning
Collecting signatures of web servers
How to do it...
How it works...
There's more...
Monitoring servers remotely with Nmap and Ndiff
Getting ready
How to do it...
How it works...
There's more...
Monitoring specific services
Crafting ICMP echo replies with Nping
How to do it...
How it works...
There's more...
Managing multiple scanning profiles with Zenmap
How to do it...
How it works...
There's more...
Zenmap scanning profiles
Editing or deleting a scan profile
Running Lua scripts against a network connection with Ncat
How to do it...
How it works...
There's more...
Other ways of executing external commands with Ncat
Discovering systems with weak passwords with Ncrack
Getting ready
How to do it...
How it works...
There's more...
Configuring authentication options
Pausing and resuming attacks
Launching Nmap scans remotely from a web browser using Rainmap Lite
Getting ready
How to do it...
How it works...
There's more...
Custom arguments
Network Exploration
Introduction
Discovering hosts with TCP SYN ping scans
How to do it...
How it works...
There's more...
Privileged versus unprivileged TCP SYN ping scan
Firewalls and traffic filtering
Discovering hosts with TCP ACK ping scans
How to do it...
How it works...
There's more...
Privileged versus unprivileged TCP ACK ping scans
Selecting ports in TCP ACK ping scans
Discovering hosts with UDP ping scans
How to do it...
How it works...
There's more...
Selecting ports in UDP ping scans
Discovering hosts with ICMP ping scans
How to do it...
How it works...
There's more...
Local versus remote networks
ICMP types
Discovering hosts with SCTP INIT ping scans
How to do it...
How it works...
There's more...
Unprivileged SCTP INIT ping scans
Selecting ports in SCTP INIT ping scans
Discovering hosts with IP protocol ping scans
How to do it...
How it works...
There's more...
Setting alternate IP protocols
Generating random data for the IP packets
Supported IP protocols and their payloads
Discovering hosts with ARP ping scans
How to do it...
How it works...
There's more...
MAC address spoofing
IPv6 scanning
Performing advanced ping scans
How to do it...
How it works...
There's more...
Ping probe effectiveness
Discovering hosts with broadcast ping scans
How to do it...
How it works...
There's more...
Broadcast ping options
Target library
Scanning IPv6 addresses
How to do it...
How it works...
There's more...
IPv6 fingerprinting
Discovering new IPv6 targets
Gathering network information with broadcast scripts
How to do it...
How it works...
There's more...
Script selection
Target library
Scanning through proxies
How to do it...
How it works...
There's more...
Proxychains
Spoofing the origin IP of a scan
Getting ready
How to do it...
How it works...
There's more...
Choosing your zombie host wisely
The IP ID sequence number
Reconnaissance Tasks
Introduction
Performing IP address geolocation
Getting ready
How to do it...
How it works...
There's more...
Submitting a new geolocation provider
Getting information from WHOIS records
How to do it...
How it works...
There's more...
Selecting service providers
Ignoring referral records
Disabling cache
Obtaining traceroute geolocation information
How to do it...
How it works...
There's more...
Querying Shodan to obtain target information
Getting ready
How to do it...
How it works...
There's more...
Saving the results in CSV files
Specifying a single target
Checking whether a host is flagged by Google Safe Browsing for malicious activities
Getting ready
How to do it...
How it works...
There's more...
Collecting valid e-mail accounts and IP addresses from web servers
How to do it...
How it works...
There's more...
Discovering hostnames pointing to the same IP address
How to do it...
How it works...
There's more...
Discovering hostnames by brute forcing DNS records
How to do it...
How it works...
There's more...
Customizing the dictionary
Adjusting the number of threads
Specifying a DNS server
Using the NSE library target
Obtaining profile information from Google's People API
Getting ready
How to do it...
How it works...
There's more...
Matching services with public vulnerability advisories
Getting ready
How to do it...
How it works...
There's more...
Scanning Web Servers
Introduction
Listing supported HTTP methods
How to do it...
How it works...
There's more...
Interesting HTTP methods
Checking whethera web server is an open proxy
How to do it...
How it works...
There's more...
Discovering interesting files and folders in web servers
How to do it...
How it works...
There's more...
Using a Nikto database
Abusing mod_userdir to enumerate user accounts
How to do it...
How it works...
There's more...
Brute forcing HTTP authentication
How to do it...
How it works...
There's more...
Brute modes
Brute forcing web applications
How to do it...
How it works...
There's more...
Brute forcing WordPress installations
Brute forcing WordPress installations
Detecting web application firewalls
How to do it...
How it works...
There's more...
Detecting possible XST vulnerabilities
How to do it...
How it works...
There's more...
Detecting XSS vulnerabilities
How to do it...
How it works...
There's more...
Finding SQL injection vulnerabilities
How to do it...
How it works...
There's more...
Detecting web servers vulnerable to slowloris denial of service attacks
How to do it...
How it works...
There's more...
Finding web applications with default credentials
How to do it...
How it works...
There's more...
Detecting web applications vulnerable to Shellshock
How to do it...
How it works...
There's more...
Executing commands remotely
Spidering web servers to find vulnerable applications
Detecting insecure cross-domain policies
How to do it...
How it works...
There's more...
Finding attacking domains available for purchase
Detecting exposed source code control systems
How to do it...
How it works...
There's more...
Obtaining information from subversion source code control systems
Auditing the strength of cipher suites in SSL servers
How to do it...
How it works...
There's more...
Scrapping e-mail accounts from web servers
How to do it...
How it works...
There's more...
Scanning Databases
Introduction
Listing MySQL databases
How to do it...
How it works...
There's more...
Listing MySQL users
How to do it...
How it works...
There's more...
Listing MySQL variables
How to do it...
How it works...
There's more...
Brute forcing MySQL passwords
How to do it...
How it works...
There's more...
Finding root accounts with an empty password in MySQL servers
How to do it...
How it works...
There's more...
Detecting insecure configurations in MySQL servers
How to do it...
How it works...
There's more...
Brute forcing Oracle passwords
How to do it...
How it works...
There's more...
Brute forcing Oracle SID names
How to do it...
How it works...
There's more...
Retrieving information from MS SQL servers
How to do it...
How it works...
There's more...
Force-scanned ports only in NSE scripts for MS SQL
Brute forcing MS SQL passwords
How to do it...
How it works...
There's more...
Dumping password hashes of MS SQL servers
How to do it...
How it works...
There's more...
Running commands through xp_cmdshell in MS SQL servers
How to do it...
How it works...
There's more...
Finding system administrator accounts with empty passwords in MS SQL servers
How to do it...
How it works...
There's more...
Force-scanned ports only in MS SQL scripts
Obtaining information from MS SQL servers with NTLM enabled
How to do it...
How it works...
There's more...
Retrieving MongoDB server information
How to do it...
How it works...
There's more...
Detecting MongoDB instances with no authentication enabled
How to do it...
How it works...
There's more...
Listing MongoDB databases
How to do it...
How it works...
There's more...
Listing CouchDB databases
How to do it...
How it works...
There's more...
Retrieving CouchDB database statistics
How to do it...
How it works...
There's more...
Detecting Cassandra databases with no authentication enabled
How to do it...
How it works...
There's more...
Brute forcing Redis passwords
How to do it...
How it works...
There's more...
Scanning Mail Servers
Introduction
Detecting SMTP open relays
How to do it...
How it works...
There's more...
Brute forcing SMTP passwords
How to do it...
How it works...
There's more...
Detecting suspicious SMTP servers
How to do it...
How it works...
There's more...
Enumerating SMTP usernames
How to do it...
How it works...
There's more...
Brute forcing IMAP passwords
How to do it...
How it works...
There's more...
Retrieving the capabilities of an IMAP server
How to do it...
How it works...
There's more...
Brute forcing POP3 passwords
How to do it...
How it works...
There's more...
Retrieving the capabilities of a POP3 server
How to do it...
How it works...
There's more...
Retrieving information from SMTP servers with NTLM authentication
How to do it...
How it works...
There's more...
Scanning Windows Systems
Introduction
Obtaining system information from SMB
How to do it...
How it works...
There's more...
Detecting Windows clients with SMB signing disabled
How to do it...
How it works...
There's more...
Checking UDP when TCP traffic is blocked
Attacking hosts with message signing disabled
Detecting IIS web servers that disclose Windows 8.3 names
How to do it...
How it works...
There's more...
Bruteforcing Windows 8.3 names
Detecting Windows 8.3 names through different HTTP methods
Detecting Windows hosts vulnerable to MS08-067
How to do it...
How it works...
There's more...
Exploiting MS08-067
Detecting other SMB vulnerabilities
Retrieving the NetBIOS name and MAC address of a host
How to do it...
How it works...
There's more...
Enumerating user accounts of Windows hosts
How to do it...
How it works...
There's more...
Selecting LSA bruteforcing or SAMR enumeration exclusively
Checking UDP when TCP traffic is blocked
Enumerating shared folders
How to do it...
How it works...
There's more...
Enumerating SMB sessions
How to do it...
How it works...
Preparing a brute force password auditing attack
Checking UDP when TCP traffic is blocked
Finding domain controllers
How to do it...
How it works...
There's more...
Finding domain master browsers
Finding DNS servers
Detecting Shadow Brokers' DOUBLEPULSAR SMB implants
How to do it...
How it works...
There's more...
Scanning ICS SCADA Systems
Introduction
Finding common ports used in ICS SCADA systems
How to do it...
How it works...
There's more...
Finding HMI systems
How to do it...
How it works...
There's more...
Creating a database for HMI service ports
Enumerating Siemens SIMATIC S7 PLCs
How to do it...
How it works...
There's more...
Enumerating Modbus devices
How to do it...
How it works...
There's more...
Enumerating BACnet devices
How to do it...
How it works...
There's more...
Discovering the BACnet broadcast management device
Enumerating Ethernet/IP devices
How to do it...
How it works...
There's more...
Enumerating Niagara Fox devices
How to do it...
How it works...
There's more...
Enumerating ProConOS devices
How to do it...
How it works...
There's more...
Enumerating Omrom PLC devices
How to do it...
How it works...
There's more...
Enumerating PCWorx devices
How to do it...
How it works...
Optimizing Scans
Introduction
Skipping phases to speed up scans
How to do it...
How it works...
There's more...
Selecting the correct timing template
How to do it...
How it works...
There's more...
Adjusting timing parameters
How to do it...
How it works...
There's more...
Estimating round trip times with Nping
Displaying the timing settings
Adjusting performance parameters
How to do it...
How it works...
There's more...
Distributing a scan among several clients using Dnmap
Getting ready
How to do it...
How it works...
There's more...
Dnmap statistics
Internet-wide scanning
Generating Scan Reports
Introduction
Saving scan results in a normal format
How to do it...
How it works...
There's more...
Saving scan results in an XML format
How to do it...
How it works...
There's more...
Structured script output for NSE
Saving scan results to a SQLite database
Getting ready
How to do it...
How it works...
There's more...
Dumping the database in CSV format
Fixing outputpbnj
Saving scan results in a grepable format
How to do it...
How it works...
There's more...
Generating a network topology graph with Zenmap
How to do it...
How it works...
There's more...
Generating HTML scan reports
Getting ready
How to do it...
How it works...
There's more...
Reporting vulnerability checks
How to do it...
How it works...
There's more...
Generating PDF reports with fop
Getting ready
How to do it...
How it works...
There's more...
Generating reports in other formats
Saving NSE reports in ElasticSearch
Getting ready
How to do it...
How it works...
There's more...
Writing Your Own NSE Scripts
Introduction
Making HTTP requests to identify vulnerable supermicro IPMI/BMC controllers
How to do it...
How it works...
There's more...
Setting the user agent pragmatically
HTTP pipelining
Sending UDP payloads using NSE sockets
How to do it...
How it works...
There's more...
Generating vulnerability reports in NSE scripts
How to do it...
How it works...
There's more...
Vulnerability states of the library vulns
Exploiting a path traversal vulnerability with NSE
How to do it...
How it works...
There's more...
Setting the user agent pragmatically
HTTP pipelining
Writing brute force password auditing scripts
How to do it...
How it works...
There's more...
Crawling web servers to detect vulnerabilities
How to do it...
How it works...
There's more...
Working with NSE threads, condition variables, and mutexes in NSE
How to do it...
How it works...
There's more...
Writing a new NSE library in Lua
How to do it...
How it works...
There's more...
Writing a new NSE library in C/C++
How to do it...
How it works...
There's more...
Getting your scripts ready for submission
How to do it...
How it works...
There's more...
HTTP, HTTP Pipelining, and Web Crawling Configuration Options
HTTP user agent
HTTP pipelining
Configuring the NSE library httpspider
Brute Force Password Auditing Options
Brute modes
NSE Debugging
Debugging NSE scripts
Exception handling
Additional Output Options
Saving output in all formats
Appending Nmap output logs
Including debugging information in output logs
Including the reason for a port or host state
OS detection in verbose mode
Introduction to Lua
Flow control structures
Conditional statements - if, then, elseif
Loops - while
Loops - repeat
Loops - for
Data types
String handling
Character classes
Magic characters
Patterns
Captures
Repetition operators
Concatenation
Finding substrings
String repetition
String length
Formatting strings
Splitting and joining strings
Common data structures
Tables
Arrays
Linked lists
Sets
Queues
Custom data structures
I/O operations
Modes
Opening a file
Reading a file
Writing a file
Closing a file
Coroutines
Creating a coroutine
Executing a coroutine
Determining current coroutine
Getting the status of a coroutine
Yielding a coroutine
Metatables
Arithmetic methamethods
Relational methamethods
Things to remember when working with Lua
Comments
Dummy assignments
Indexes
Semantics
Coercion
Safe language
Booleans
References and Additional Reading
Preface
Nmap: Network Exploration and Security Auditing Cookbook, is a practical book that covers some of the most useful tasks you can do with Nmap. The book is divided into tasks or recipes. Each recipe focuses on a single task explained with command-line examples, sample output, and even additional personal tips that I know you will find handy.
Nmap's vast functionality is explored through 11 chapters covering more than 120 different tasks for penetration testers and system administrators. Unlike Nmap's official book, this cookbook focuses on the tasks you can do with the Nmap Scripting Engine and unofficial related tools, covering the core functionality of Nmap, but without focusing on the scanning techniques that are perfectly described in the official book. Think of this book as an addition to what the official Nmap book covers.
There were many great NSE scripts I wish I had more space to include in this book and many more that will be created after its publication. I invite you to follow the development mailing list and stay up to date with Nmap's latest features and NSE scripts.
I hope that you not only enjoy reading this cookbook, but as you