BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
Download as ODP, PDF0 likes972 views
This document discusses Nmap and its scripting engine. Nmap is a network scanner tool used for host discovery, port scanning, and OS/service detection. It was created in 1997 and has a large user community. The Nmap Scripting Engine was added in 2006 and allows users to write scripts in Lua to extend Nmap's capabilities. It includes over 365 scripts across various categories. The document demonstrates how to execute scripts during a scan and discusses writing new scripts to contribute back to the project.
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
- 1. N m a p S c r ip t in g E n g in e R u lin g t h e n e t w o r k w it h N m a p o n s t e r o id s Hani Benhabiles President @ OWASP Algeria Student Chapter Nmap-dev team (gsoc) Security enthusiast Student @ ESI Twitter: @kroosec Email: hani.benhabiles@owasp.org
- 2. S umma ry Nmap Nmap Scripting Engine Writing Nmap scripts
- 3. Nma p Network scanner Open Source 1997, by Fyodor Latest version: 5.51 (stable), 5.61TEST5 (Dev) THE tool
- 4. Nma p Host discovey (Are there devices on these IPs? ) -PE, -PS, -PA, -PU, -PP, -PR etc...
- 5. Nma p Port scanning -sS, -sT, -sU, -sA etc...
- 8. S t ill, n o t f le x ib le e no u g h...
- 9. N m a p S c r ip t in g E n g in e 2006, by Diman Todorov (GSoC project) Extends Nmap capabilities Scripts are written in Lua
- 10. N m a p S c r ip t in g E n g in e 365 scripts /usr/share/nmap/scripts/ 95 libraries /usr/share/nmap/nselib/
- 11. N m a p S c r ip t in g E n g in e Script types: Prerule, Host, Service, Postrule Script categories: broadcast, brute, default (-A), discovery, dos, safe, version, vuln... http://nmap.org/nsedoc/
- 12. N m a p S c r ip t in g E n g in e
- 13. N m a p S c r ip t in g E n g in e
- 14. P ha s e s of a n Nma p sc an Script pre-scanning Target enumeration Host discovery Reverse-DNS resolution Port scanning Version detection OS detection Traceroute Script scanning Output Script post-scanning
- 15. E x e c u t in g S c r ip t s --script http-enum --script default,safe --script http-* --script-args user=foo
- 16. N m a p S c r ip t in g E n g in e
- 17. D e mo (broa dc a s t s c r ip t s )
- 18. W r it in g N m a p s c r ip t s Scripting language Fast and very light Used by other security projects (Wireshark, Snort, ModSecurity...) Also used in game development: Crysis, WoW... yes, World of Warcraft :)
- 19. W r it in g N m a p s c r ip t s Meta-information description, categories, dependencies, author and license.
- 20. W r it in g N m a p s c r ip t s Rules Prerule, hostrule, portrule, postrule May have more than one rule
- 21. W r it in g N m a p s c r ip t s action Core of the script Function executed when a rule returns true.
- 22. L e s s t a lk . . .
- 23. W r it in g N m a p s c r ip t s Drupal Views module Information Leakage Permits recovering list of users admin/views/ajax/autocomplete/user/S returns usernames that begin with S Results in JSON format
- 24. W r it in g N m a p s c r ip t s Not patched Drupal.org is vulnerable :) For more information: http://www.madirish.net/node/465
- 25. L e t ' s w r it e it
- 26. H e lp t h e p r o je c t Testing scripts Ideas for new scripts Contribute scripts nmap-dev@insecure.org
- 27. Th a n k yo u ! Hani Benhabiles Twitter: @kroosec Email: hani.benhabiles@owasp.org