The Nmap Scripting Engine (NSE) is one of the most powerful features within Nmap. It allows penetration testers and security researchers to create, automate, and perform customized scanning on a target system or network. When using NSE, the scanning techniques are usually aggressive and can sometimes create data loss or even crash a target system.
NSE script types: Auth: This category contains scripts that can scan a target to detect whether authentication bypass is possible. Broadcast: This category contains scripts that are used to discover host systems on a network. Brute: This category contains scripts that are used to perform some types of bruteforce attacks on a remote server to gain unauthorized access. Default: This category contains a set of default scripts within NSE for scanning. Discovery: This category contains scripts that are used in active information gathering regarding network services on a target. "DoS": This category contains scripts that can simulate a Denial-of-Service (DoS) attack on a target to check whether the target is susceptible to such types of attacks. Exploit: This category contains scripts that are used to actively exploit security vulnerabilities on a target. External: This category contains scripts that usually send data that’s been gathered from a target to an external resource for further processing. Fuzzer: This category contains scripts that are used to send random data into an application to discover any software bugs and vulnerabilities within applications. Intrusive: This category contains high-risk scripts that can crash systems and cause data loss. Malware: This category contains scripts that can determine whether a target is infected with malware. Safe: This category contains scripts that are not intrusive and safe to use on a target system. Version: This category contains scripts that are used to gather the version information of services on a target system. Vuln: This category contains scripts that are used to check for specific vulnerabilities on a target system. Performing scan using NSE: nmap --script ftp-vsftpd-backdoor 172.30.1.134 -p 21 The --script command allows you to specify either a single script, multiple scripts, or a category of scripts. We also saw that the target machine is exploitable: 2. I searched up for the version name and it’s exploit , we got one: 3. Additionally, within Kali Linux, there is a tool known as searchsploit that allows you to perform a query/search for exploits within the offline version of Exploit-DB on Kali Linux 4. Open msfconsole , search for vsftpd 2.3.4 5. use that exploit using the command use 0 , then show info 6. If you want to execute an entire category of scripts in NSE, you can use the –script <category-name>
...