Nmap is most used as a portscanner. If you want to know if your firewall correctly setup, Nmap is THE tool to use. Unfortunately, Nmap is also used by hackers and script kiddies. I think, most of the time, it are the script kiddies who use it to do some harm. IDS’s and firewalls are getting better at detecting portscans with for example Nmap. Hackers want to stay more under the radar to avoid detection.
More than a portscanner
There is a scripting engine in Nmap, called the Nmap Scripting Engine (NSE), that you can use with Nmap to do some more than a portscan. NSE scripts are programmed in Lua and there are a bunch delivered with the installation of Nmap. You can find NSE documentation over here: https://nmap.org/nsedoc/.
Nmap has installable packages in much Linux distributions. So, installing it with a package can be easy as:
# Debian / Ubuntu apt install nmap # Redhat / CentOS yum install nmap # Fedora dnf install nmap
The NSE scripts delivered with Nmap are divided in a few categories so you can find and run them seperatly. These are the main categories:
You can find them all here: https://nmap.org/book/nse-usage.html#nse-categories
Running the scripts
Running the script is easy. The
default scripts are from itself very powerful. But if you want to go further and look for vulnerabilitys, you can use the
vuln category like this.
nmap --script vuln yourdomain.nl
Running all the NSE scripts in de
vuln category can take a while.
Another nice category is the discover category.
nmap --script discover yourdomain.nl
To run the default scripts:
nmap -sC yourdomain.nl
When you get the message “check disables” you can add an argument to run unsage scripts.
nmap --script-args=unsafe=1 --script vuln yourdomain.nl
Updates for the scripts
Nmap can be installed and updated with your package manager, but the development of some scripts are going a bit faster than your package manager knows.
nmap --script-updatedb Starting Nmap 6.47 ( http://nmap.org ) at 2016-08-25 00:18 CEST NSE: Updating rule database. NSE: Script Database updated successfully. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.34 seconds
Take a look at the scripts and go play with them. There are some awesome scripts packed with Nmap. Most of the time, you can find them here:
It’s a multitool!
As you can see, Nmap can be a real multitool. With some effort you can cat much information of your server with it.