Scribd Logo
Upload

Welcome to Scribd!

  • 181 views

    Dns-Zone-Transfer:: Scripting Engine Notable Scripts

    Uploaded by

    hamza
    This document provides information about notable Nmap Scripting Engine scripts and their uses. Some example scripts given are dns-zone-transfer which attempts a DNS zone transfer, http-robots.txt which harvests robots.txt files, smb-brute which attempts to guess SMB passwords, and smb-psexec which attempts to run programs on remote systems using SMB credentials. The document also lists some common Nmap script categories like auth, discovery, and vuln.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Dns-Zone-Transfer:: Scripting Engine Notable Scripts

    Uploaded by

    hamza
    181 views2 pages
    This document provides information about notable Nmap Scripting Engine scripts and their uses. Some example scripts given are dns-zone-transfer which attempts a DNS zone transfer, http-robots.txt which harvests robots.txt files, smb-brute which attempts to guess SMB passwords, and smb-psexec which attempts to run programs on remote systems using SMB credentials. The document also lists some common Nmap script categories like auth, discovery, and vuln.

    Original Description:

    f

    Original Title

    NmapCheatSheetv1.1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides information about notable Nmap Scripting Engine scripts and their uses. Some example scripts given are dns-zone-transfer which attempts a DNS zone transfer, http-robots.txt which harvests robots.txt files, smb-brute which attempts to guess SMB passwords, and smb-psexec which attempts to run programs on remote systems using SMB credentials. The document also lists some common Nmap script categories like auth, discovery, and vuln.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    181 views2 pages

    Dns-Zone-Transfer:: Scripting Engine Notable Scripts

    Uploaded by

    hamza
    This document provides information about notable Nmap Scripting Engine scripts and their uses. Some example scripts given are dns-zone-transfer which attempts a DNS zone transfer, http-robots.txt which harvests robots.txt files, smb-brute which attempts to guess SMB passwords, and smb-psexec which attempts to run programs on remote systems using SMB credentials. The document also lists some common Nmap script categories like auth, discovery, and vuln.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 2

    Scripting Engine Notable Scripts Nmap

    -sC Run default scripts Cheat Sheet


    --script=<ScriptName>| A full list of Nmap Scripting Engine scripts is v1.0
    <ScriptCategory>|<ScriptDir>... available at http://nmap.org/nsedoc/
    ! POCKET REFERENCE GUIDE
    Run individual or groups of scripts SANS Institute
    --script-args=<Name1=Value1,...> Some particularly useful scripts include: http://www.sans.org

    Use the list of script arguments


    --script-updatedb dns-zone-transfer: Attempts to pull a zone file
    (AXFR) from a DNS server. Base Syntax
    Update script database
    $ nmap --script dns-zone- # nmap [ScanType] [Options] {targets}
    transfer.nse --script-args dns-zone-
    Script Categories
    transfer.domain=<domain> -p53 Target Specification
    :: <hosts>
    IPv4 address: 192.168.1.1
    Nmap's script categories include, but are not limited to, the
    IPv6 address: AABB:CCDD::FF%eth0
    following: http-robots.txt: Harvests robots.txt files from
    Host name: www.target.tgt
    auth: Utilize credentials or bypass authentication on target
    discovered web servers.
    $ nmap --script http-robots.txt IP address range: 192.168.0-255.0-255
    hosts.
    broadcast: Discover hosts not included on command line by <hosts> CIDR block: 192.168.0.0/16
    broadcasting on local network. Use file with lists of targets: -iL <filename>
    brute: Attempt to guess passwords on target systems, for a
    variety of protocols, including http, SNMP, IAX, MySQL, VNC,
    smb-brute: Attempts to determine valid
    etc. username and password combinations via Target Ports
    default: Scripts run automatically when -sC or -A are used. automated guessing.
    discovery: Try to learn more information about target hosts $ nmap --script smb-brute.nse -p445 No port range specified scans 1,000 most popular
    through public sources of information, SNMP, directory services,
    and more.
    <hosts> ports
    dos: May cause denial of service conditions in target hosts.
    exploit: Attempt to exploit target systems. smb-psexec: Attempts to run a series of -F Scan 100 most popular ports
    external: Interact with third-party systems not included in -p<port1>-<port2> Port range
    target list.
    programs on the target machine, using
    fuzzer: Send unexpected input in network protocol fields. credentials provided as scriptargs. -p<port1>,<port2>,... Port List
    intrusive: May crash target, consume excessive resources, or $ nmap --script smb-psexec.nse -pU:53,U:110,T20-445 Mix TCP and UDP
    otherwise impact target machines in a malicious fashion. script-args=smbuser=<username>, -r Scan linearly (do not randomize ports)
    malware: Look for signs of malware infection on the target smbpass=<password>[,config=<config>] --top-ports <n> Scan n most popular ports
    hosts.
    safe: Designed not to impact target in a negative fashion. -p445 <hosts> -p-65535 Leaving off initial port in range makes
    version: Measure the version of software or protocol spoken Nmap scan start at port 1
    by target hosts. -p0- Leaving off end port in range makes
    vul: Measure whether target systems have a known
    Nmap scan through port 65535
    vulnerability.
    -p- Scan ports 1-65535
    Probing Options Fine-Grained Timing Options Aggregate Timing Options

    -Pn Don't probe (assume all hosts are up) --min-hostgroup/max-hostgroup <size> -T0 Paranoid: Very slow, used for IDS evasion
    Parallel host scan group sizes -T1 Sneaky: Quite slow, used for IDS evasion
    -PB Default probe (TCP 80, 445 & ICMP) -T2 Polite: Slows down to consume less
    --min-parallelism/max-parallelism bandwidth, runs ~10 times slower than
    -PS<portlist> <numprobes> default
    Check whether targets are up by probing TCP
    ports
    Probe parallelization -T3 Normal: Default, a dynamic timing model
    based on target responsiveness
    --min-rtt-timeout/max-rtt-
    -PE Use ICMP Echo Request -T4 Aggressive: Assumes a fast and reliable
    timeout/initial-rtt-timeout <time>
    network and may overwhelm targets
    Specifies probe round trip time.
    -PP Use ICMP Timestamp Request -T5 Insane: Very aggressive; will likely
    --max-retries <tries> overwhelm targets or miss open ports
    -PM Use ICMP Netmask Request
    Caps number of port scan probe
    retransmissions. Output Formats
    Scan Types
    --host-timeout <time> -oN Standard Nmap output
    -sn Probe only (host discovery, not port scan) Give up on target after this long -oG Greppable format
    -oX XML format
    -sS SYN Scan --scan-delay/--max-scan-delay <time>
    -oA <basename>
    Adjust delay between probes
    Generate Nmap, Greppable, and XML
    -sT TCP Connect Scan output files using basename for files
    --min-rate <number>
    -sU UDP Scan Send packets no slower than
    <number> per second Misc Options
    -sV Version Scan -n Disable reverse IP address lookups
    --max-rate <number>
    Send packets no faster than -6 Use IPv6 only
    -O OS Detection
    <number> per second -A Use several features, including OS
    Detection, Version Detection, Script
    --scanflags Set custom list of TCP using
    Scanning (default), and traceroute
    URGACKPSHRSTSYNFIN in any order
    --reason Display reason Nmap thinks port is
    open, closed, or filtered

    You might also like