This world is like a melting pot, burning a batch of souls of different quality and different from the original quality
This article, as the third in the series of penetration artifacts, will introduce a classic port scanning tool – nmap. There are many mature port scanners on the market, such as massscan (full network scanner), zenmap (nmap GUI version), etc., but I personally still love nmap, the reason is very simple, because it is very powerful, and supports extension. In the latest versions of Nmap, the nmap script engine (NSE) function has been added to support extended scripts. That is, you can load custom nse scripts in nmap to achieve the purpose of scanning. At present, the official nse script has more than 500, nse script address [https://nmap.org/nsedoc/] (https://nmap.org/nsedoc/), or view [github library] (https:// Github.com/nmap/nmap).
This article will introduce how to write and use nse scripts, in order to maximize the power of nmap (extended function), of course, this paragraph will also briefly introduce the basic use of the nmap tool and parameter settings.
Create a new file in the scripts directory, such as: hello.nse, write the following:
After the above code is run, it will detect whether the target ip is open to port 80. If it is open, it will return helloworld.
The nse script follows the nmap api specification, which consists of three parts, where – the behavior of the comment at the beginning.
This section contains some metadata that describes the functionality of the script, author, influence, category, and more.
This section defines some rules for the script, including at least one of the functions in the following list:
This part defines the script logic, that is, the content that is executed after the condition is met. For example, the above example is output helloworld.
NSE scripts can call built-in libraries, such as the http library, the shortport library, the nmap library, and so on.
After writing the hello.nse script under scripts, how do I load it?
Enumerate the smb share opened by the target machine.
Violent guessing of the target machine’s username and password.
Test the heart drip loophole on the target machine.
Here are a few examples of hardware devices:
The above content is the basic knowledge of nmap nse extension script, which involves the grammar rules of nse script writing, etc. This article does not introduce in detail, please refer to the official documentation. The following content is used by nmap, including command line parameters and so on.
Nmap port status:
The following commands are collected on the web and partly from personal summaries.
Nmap supports many language extensions. This article briefly introduces how to use nmap in Python.
Install: pip install python-nmap
Role: use python to call the nmap interface to achieve port scanning.
For more ways to use, refer to: http://xael.org/pages/python-nmap-en.html
[[Infiltration Artifact Series] Metasploit] (http://thief.one/2017/08/01/1/)
[[Infiltration Artifact Series] DNS Information Query] (http://thief.one/2017/07/12/1/)
[[Infiltration artifact series] nc] (http://thief.one/2017/04/10/1/)
[[Infiltration Artifact Series] Fiddler] (http://thief.one/2017/04/27/1)
[Infiltration Artifact Series] Search Engine
[[Infiltration Artifact Series] WireShark] (http://thief.one/2017/02/09/WireShark%E8%BF%87%E6%BB%A4%E8%A7%84%E5%88%99/)