NSE Scripts

Question 1

Scan with default NSE scripts. Considered useful for discovery and safe

Answer 1

-sC

nmap 192.168.1.1 -sC

Question 2

Scan with default NSE scripts. Considered useful for discovery and safe

Answer 2

–script default

nmap 192.168.1.1 –script default

Question 3

Scan with a single script. Example banner

Answer 3

–script

nmap 192.168.1.1 –script=banner

Question 4

Scan with a wildcard. Example http

Answer 4

–script

nmap 192.168.1.1 –script=http*

Question 5

Scan with two scripts. Example http and banner

Answer 5

–script

nmap 192.168.1.1 –script=http,banner

Question 6

Scan default, but remove intrusive scripts

Answer 6

–script

nmap 192.168.1.1 –script “not intrusive”

Question 7

NSE script with arguments

Answer 7

–script-args

nmap –script snmp-sysdescr –script-args snmpcommunity=admin 192.168.1.1

Question 8

http site map generator

Answer 8

nmap -Pn –script=http-sitemap-generator scanme.nmap.org

Question 9

Fast search for random web servers

Answer 9

nmap -n -Pn -p 80 –open -sV -vvv –script banner,http-title -iR 1000

Question 10

Brute forces DNS hostnames guessing subdomains

Answer 10

nmap -Pn –script=dns-brute domain.com

Question 11

Safe SMB scripts to run

Answer 11

nmap -n -Pn -vv -O -sV –script smb-enum,smb-ls,smb-mbenum,smb-os-discovery,smb-s,smb-vuln,smbv2 -vv 192.168.1.1

Question 12

Whois query

Answer 12

nmap –script whois* domain.com

Question 13

Detect cross site scripting vulnerabilities

Answer 13

nmap -p80 –script http-unsafe-output-escaping scanme.nmap.org

Question 14

Check for SQL injections

Answer 14

nmap -p80 –script http-sql-injection scanme.nmap.org