Create
Learn
Share

NMAP NSE Scripts

rename
dfredde's version from 2017-10-08 23:23

Switch

Question Answer
-sC Example: nmap 192.168.1.1 -sCScan with default NSE scripts. Considered useful for discovery and safe
--script Example: default nmap 192.168.1.1 --script defaultScan with default NSE scripts. Considered useful for discovery and safe
--script Example: nmap 192.168.1.1 --script=bannerScan with a single script. Example banner
--script Example: nmap 192.168.1.1 --script=http*Scan with a wildcard. Example http
-script Example: nmap 192.168.1.1 --script=http,bannerScan with two scripts. Example http and banner
--script Example: nmap 192.168.1.1 --script "not intrusive"Scan default, but remove intrusive scripts
--script-args Example: nmap --script snmp-sysdescr --script-args snmpcommunity=admin 192.168.1.1NSE script with arguments
memorize

Useful NSE Script Examples

Question Answer
nmap -Pn --script=http-sitemap-generator scanme.nmap.orghttp site map generator
nmap -n -Pn -p 80 --open -sV -vvv --script banner,http-title -iR 1000Fast search for random web servers
nmap -Pn --script=dns-brute domain.comBrute forces DNS hostnames guessing subdomains
nmap -n -Pn -vv -O -sV --script smb-enum*,smb-ls,smb-mbenum,smb-os-discovery,smb-s*,smb-vuln*,smbv2* -vv 192.168.1.1Safe SMB scripts to run
nmap --script whois* domain.comWhois query
nmap -p80 --script http-unsafe-output-escaping scanme.nmap.orgDetect cross site scripting vulnerabilities
nmap -p80 --script http-sql-injection scanme.nmap.orgCheck for SQL injections
memorize