mastering the nmap scripting engine
play

Mastering the Nmap Scripting Engine by Fyodor and David Fifield - PowerPoint PPT Presentation

Aug 30, 2022 •486 likes •539 views

Insecure.Org Insecure.Org Mastering the Nmap Scripting Engine by Fyodor and David Fifield http://insecure.org/presentations/BHDC10/ Black Hat Briefings Las Vegas Defcon 18 July 28; 4:45 PM; Augustus 5+6 July 30; 5:00 PM; Track One

  1. Insecure.Org Insecure.Org Mastering the Nmap Scripting Engine by Fyodor and David Fifield http://insecure.org/presentations/BHDC10/ Black Hat Briefings Las Vegas Defcon 18 July 28; 4:45 PM; Augustus 5+6 July 30; 5:00 PM; Track One

  2. Insecure.Org Insecure.Org Abstract Most hackers can use Nmap for simple port scanning and OS detection, but the Nmap Scripting Engine (NSE) takes scanning to a whole new level. Nmap's high-speed networking engine can now spider web sites for SQL injection vulnerabilities, brute-force crack and query MSRPC services, find open proxies, and more. Nmap includes more than 125 NSE scripts for network discovery, vulnerability detection, exploitation, and authentication cracking. Rather than give a dry overview of NSE, Fyodor and Nmap co- maintainer David Fifield demonstrate practical solutions to common problems. They have scanned millions of hosts with NSE and will discuss vulnerabilities found on enterprise networks and how Nmap can be used to quickly detect those problems on your own systems. Then they demonstrate how easy it is to write custom NSE scripts to meet the needs of your network. Finally they take a quick look at recent Nmap developments and provide a preview of what is soon to come. This presentation does not require any NSE experience, but it wouldn't hurt to read http://nmap.org/book/nse.html.

  3. Insecure.Org Insecure.Org Resources These slides are just a teaser. Final slides will be posted by August 1, 2010 to http://insecure.org/presentations/BHDC10/. Our goal is to make this presentation useful, informative, and entertaining even to those who know very little about Nmap and the Nmap Scripting Engine. But you can get the most out of this presentation by first reading about (and trying!) Nmap at http://nmap.org and the Nmap Scripting Engine at http://nmap.org/book/nse.html.

  4. Insecure.Org Insecure.Org Nmap Scripting Engine http://nmap.org/nsedoc/ # nmap -T4 -A scanme.nmap.org Starting Nmap 5.30BETA1 ( http://nmap.org ) Nmap scan report for scanme.nmap.org (64.13.134.52) Host is up (0.022s latency). Not shown: 995 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.3 (protocol 2.0) | ssh-hostkey: 1024 60:ac:4d:51:b1:cd:85:09:12:16:92:76:1d:5d:27:6e (DSA) |_2048 2c:22:75:60:4b:c3:3b:18:a2:97:2c:96:7e:28:dc:dd (RSA) 53/tcp open domain 80/tcp open http Apache httpd 2.2.3 ((CentOS)) |_html-title: Go ahead and ScanMe! | http-methods: Potentially risky methods: TRACE |_See http://nmap.org/nsedoc/scripts/http-methods.html 113/tcp closed auth 31337/tcp closed Elite OS details: Linux 2.6.18 (CentOS 5.4) Nmap done: 1 IP address (1 host up) scanned in 25.76 seconds

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mastering the Nmap Scripting Engine by Fyodor and David Fifield

Mastering the Nmap Scripting Engine by Fyodor and David Fifield

Insecure.Org Insecure.Org Mastering the Nmap Scripting Engine by Fyodor and David Fifield http://insecure.org/presentations/BHDC10/ Black Hat Briefings Las Vegas Defcon 18 July 28; 4:45 PM; Augustus 5+6 July 30; 5:00 PM; Track One

622 views • 34 slides
Mastering the Nmap Scripting Engine by Fyodor and David Fifield

Mastering the Nmap Scripting Engine by Fyodor and David Fifield

Insecure.Org Insecure.Org Mastering the Nmap Scripting Engine by Fyodor and David Fifield http://insecure.org/presentations/BHDC10/ Black Hat Briefings Las Vegas Defcon 18 July 28; 4:45 PM; Augustus 5+6 July 30; 5:00 PM; Track One

424 views • 20 slides
The New Nmap Gordon Fyodor Lyon iSec Open Security Forum August 21, 2008 San Jose, CA

The New Nmap Gordon Fyodor Lyon iSec Open Security Forum August 21, 2008 San Jose, CA

Insecure.Org Insecure.Org The New Nmap Gordon Fyodor Lyon iSec Open Security Forum August 21, 2008 San Jose, CA Insecure.Org Insecure.Org Nmap Scripting Engine (NSE) # nmap -A -PN -T4 www.ebay.com Starting Nmap ( http://nmap.org

792 views • 32 slides
Advanced network scanning with Nmap 6 Henri Doreau henri.doreau@gmail.com 13 th LSM - Geneva 2012

Advanced network scanning with Nmap 6 Henri Doreau henri.doreau@gmail.com 13 th LSM - Geneva 2012

Advanced network scanning with Nmap 6 Henri Doreau henri.doreau@gmail.com 13 th LSM - Geneva 2012 Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Outline Project presentation 1 Introduction

844 views • 35 slides
Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs & Gordon Fyodor

Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs & Gordon Fyodor

Insecure.Org Insecure.Org Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs & Gordon Fyodor Lyon Sharkfest 2010 June 16, 1:15 PM http://insecure.org/presentations/Sharkfest10/ Insecure.Org Insecure.Org Nmap

278 views • 16 slides
Nmap/Zenmap/Metasploit/Armitage website: http://nmap.org/ http://www.metasploit.com April 20 th

Nmap/Zenmap/Metasploit/Armitage website: http://nmap.org/ http://www.metasploit.com April 20 th

Nmap/Zenmap/Metasploit/Armitage website: http://nmap.org/ http://www.metasploit.com April 20 th 2015 Only perform scans and exploitations after receiving permission from the owner of the machine/device. Nmap Purpose Scan a

671 views • 30 slides
THE MOD METHOD with VESPERS MASTERING In this Module What mastering can do & what it

THE MOD METHOD with VESPERS MASTERING In this Module What mastering can do & what it

THE MOD METHOD with VESPERS MASTERING In this Module What mastering can do & what it cant Self-mastering vs. third-party mastering Picking a mastering engineer Mastering work fl ow Audio artifacts & fi delity:

520 views • 16 slides
NMAP Jen Beveridge and Joe Kolenda secret.pathetic.net History of NMAP Developed by Gordon

NMAP Jen Beveridge and Joe Kolenda secret.pathetic.net History of NMAP Developed by Gordon

NMAP Jen Beveridge and Joe Kolenda secret.pathetic.net History of NMAP Developed by Gordon Lyon Features Host discovery Port scanning Version detecting OS detection Scriptable interaction with the target Uses of

339 views • 10 slides
Trinity uses nmap in the film The Matrix Reloaded to hack the city power grid Benjamin

Trinity uses nmap in the film The Matrix Reloaded to hack the city power grid Benjamin

Trinity uses nmap in the film The Matrix Reloaded to hack the city power grid Benjamin uses nmap in Who Am I - No System is Safe to compromise the local power company, causing a brief blackout Lisbeth uses nmap in the film The

710 views • 26 slides
Mastering the Gospel P resentation Welcome to the CMF Training page on Mastering a Gospel

Mastering the Gospel P resentation Welcome to the CMF Training page on Mastering a Gospel

Mastering the Gospel P resentation Welcome to the CMF Training page on Mastering a Gospel Presentation. This may be the most important thing that you do and you need to be able to do this as you grow in your Christian walk. You may be the only

290 views • 6 slides
Scripting with Objects: A Comparative Presentation of Scripting With Perl and Python Avinash C.

Scripting with Objects: A Comparative Presentation of Scripting With Perl and Python Avinash C.

Scripting with Objects: A Comparative Presentation of Scripting With Perl and Python Avinash C. Kak Click here if your download doesn"t start automatically Scripting with Objects: A Comparative Presentation of Scripting With Perl and

269 views • 5 slides
Nmap: Scanning the Internet by Fyodor Black Hat Briefings USA August 6, 2008; 10AM Defcon 16

Nmap: Scanning the Internet by Fyodor Black Hat Briefings USA August 6, 2008; 10AM Defcon 16

Insecure.Org Insecure.Org Nmap: Scanning the Internet by Fyodor Black Hat Briefings USA August 6, 2008; 10AM Defcon 16 August 8, 2008; 4PM Insecure.Org Insecure.Org Scan Goals Collect empirical data and use it to enhance Nmap

558 views • 45 slides
Extending LLDB to More Scripting Languages Jonas Devlieghere, Apple C++ API Scripting Bridge

Extending LLDB to More Scripting Languages Jonas Devlieghere, Apple C++ API Scripting Bridge

Extending LLDB to More Scripting Languages Jonas Devlieghere, Apple C++ API Scripting Bridge API Scripting Bridge API SBThread SBDebugger SBBreakpoint SBTarget SBFrame SBSymbol SBValue SBProcess SBFunction Python Python

307 views • 15 slides
A Comparison of Python, JavaScript and Lua Scripting Language Features CS798 Scripting

A Comparison of Python, JavaScript and Lua Scripting Language Features CS798 Scripting

A Comparison of Python, JavaScript and Lua Scripting Language Features CS798 Scripting Languages Project Final Presentation March 31, 2014 Afiya Nusrat, Alexander Pokluda and Michael Wexler Outline Introduction Letter Lizard

758 views • 20 slides
What are scripting languages? Unix shells: sh, ksh, bash Scripting Languages job control

What are scripting languages? Unix shells: sh, ksh, bash Scripting Languages job control

10/22/08 What are scripting languages? Unix shells: sh, ksh, bash Scripting Languages job control Perl Slashdot, bioinformatics, financial data processing, cgi Python System administration at Google BitTorrent file

570 views • 7 slides
Mastering the DMA and IOMMU APIs Embedded Linux Conference Europe 2014 Dsseldorf Laurent

Mastering the DMA and IOMMU APIs Embedded Linux Conference Europe 2014 Dsseldorf Laurent

Mastering the DMA and IOMMU APIs Embedded Linux Conference Europe 2014 Dsseldorf Laurent Pinchart laurent.pinchart@ideasonboard.com DMA != DMA DMA != DMA (mapping) (engine) The topic we will focus on is how to manage system

1.45k views • 102 slides
Networking Challenges for the Next Decade Amin Vahdat On behalf of Google Technical

Networking Challenges for the Next Decade Amin Vahdat On behalf of Google Technical

Networking Challenges for the Next Decade Amin Vahdat On behalf of Google Technical Infrastructure and Google Cloud Platform APRIL 4, 2017 Google Network More than a collection of data centers FASTER (US, JP, TW) 2016 SJC (JP, HK, SG) 2013

926 views • 37 slides
Postcards from the post-HTTP world Stefano Calzavara (Universit Ca Foscari Venezia) joint

Postcards from the post-HTTP world Stefano Calzavara (Universit Ca Foscari Venezia) joint

Postcards from the post-HTTP world Stefano Calzavara (Universit Ca Foscari Venezia) joint work with Riccardo Focardi, Matus Nemec, Alvise Rabitti & Marco Squarcina A dirge for HTTP The Web is fast evolving from HTTP to HTTPS

404 views • 15 slides
Image Domain Gridding Sebastiaan van der Tol, Bram Veenboer Overview brief recap of imaging,

Image Domain Gridding Sebastiaan van der Tol, Bram Veenboer Overview brief recap of imaging,

Image Domain Gridding Sebastiaan van der Tol, Bram Veenboer Overview brief recap of imaging, gridding, Wprojection and Aprojection motivation for a new algorithm image domain gridding accuracy performance demo conclusions Imaging:

375 views • 18 slides
r trt srt

r trt srt

r trt srt r r r r

955 views • 52 slides
Making Distributed Systems Secure with Program Analysis and Transformation Andrew Myers Cornell

Making Distributed Systems Secure with Program Analysis and Transformation Andrew Myers Cornell

Making Distributed Systems Secure with Program Analysis and Transformation Andrew Myers Cornell University Joint work with Stephen Chong, Nate Nystrom, Steve Zdancewic, Lantian Zheng Information security Amazon.com Privacy Notice: We

516 views • 36 slides
CSE 127: Introduction to Security Lecture 15: TLS Nadia Heninger and Deian Stefan UCSD Fall

CSE 127: Introduction to Security Lecture 15: TLS Nadia Heninger and Deian Stefan UCSD Fall

CSE 127: Introduction to Security Lecture 15: TLS Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Dan Boneh, Stefan Savage Reminder: Network Attacker Threat Model Network Attacker: Controls infrastructure: Routers, DNS

1.36k views • 67 slides
A71CH Plug & trust for IoT Session 1: A71CH product introduction JORDI JOFRE 24/04/2018

A71CH Plug & trust for IoT Session 1: A71CH product introduction JORDI JOFRE 24/04/2018

A71CH Plug & trust for IoT Session 1: A71CH product introduction JORDI JOFRE 24/04/2018 PUBLIC A71CH Plug & trust for IoT Session 1: A71CH product introduction Get familiar with A71CH key security features, key benefits, use

559 views • 40 slides
Hacking Web Sites Insecure Direct Object Reference Emmanuel Benoist Fall Term 2020/2021 Berner

Hacking Web Sites Insecure Direct Object Reference Emmanuel Benoist Fall Term 2020/2021 Berner

Hacking Web Sites Insecure Direct Object Reference Emmanuel Benoist Fall Term 2020/2021 Berner Fachhochschule | Haute ecole sp ecialis ee bernoise | Berne University of Applied Sciences 1 Table of Contents Introduction

890 views • 35 slides

More recommend