Exploring Nmap Script Categories
In this step, we're going to explore the categories of Nmap scripts that come pre - installed on your system. Nmap scripts are powerful tools in the field of cybersecurity. They are organized according to their functionality. For example, some scripts are used for discovery, which means they can find devices and services on a network. Others are for vulnerability assessment, which helps in identifying security weaknesses in systems.
First, we need to open a terminal. A terminal is a text - based interface where you can enter commands to interact with your system. Once the terminal is open, we need to make sure we are in the correct directory. The directory is like a folder on your computer where files and other folders are stored. Run the following command in the terminal:
cd /home/labex/project
This command changes the current working directory to /home/labex/project
.
Now, let's check the version of Nmap installed on our system. Knowing the version is important because different versions may have different features and compatibility. Run this command in the terminal:
nmap --version
The output will look similar to this:
Nmap version 7.80 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.3 openssl-1.1.1f libpcre-8.39 libpcap-1.9.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select
Next, we'll examine the available Nmap script categories. Nmap scripts are stored in the /usr/share/nmap/scripts/
directory. To get an idea of what scripts are available, we can list them and sort them by their names. Run this command in the terminal:
ls /usr/share/nmap/scripts/ | grep -v .lua | sort | head -10
This command first lists all the files in the /usr/share/nmap/scripts/
directory. Then, it uses grep -v .lua
to exclude files with the .lua
extension. After that, it sorts the remaining files by their names and shows the first 10 results. The output will be similar to:
address-info.nse
afp-brute.nse
afp-ls.nse
afp-path-vuln.nse
afp-serverinfo.nse
afp-showmount.nse
ajp-auth.nse
ajp-brute.nse
ajp-headers.nse
ajp-methods.nse
To see all the script categories, we can use the following command:
grep -r categories /usr/share/nmap/scripts/*.nse | grep -o "categories = {[^}]*}" | sort | uniq | head -10
This command searches through all .nse
script files in the /usr/share/nmap/scripts/
directory for the "categories" string. It then extracts the category information, sorts it, removes any duplicate entries, and shows the first 10 results. The output will look something like:
categories = {"auth", "brute", "intrusive"}
categories = {"auth", "default", "discovery", "safe"}
categories = {"auth", "discovery", "safe"}
categories = {"auth", "intrusive"}
categories = {"auth", "safe"}
categories = {"broadcast", "discovery"}
categories = {"broadcast", "discovery", "safe"}
categories = {"default", "discovery"}
categories = {"default", "discovery", "safe"}
categories = {"default", "discovery", "safe", "version"}
For better organization, we'll create a directory structure to categorize scripts based on their functionality. This will make it easier to find and use the scripts later. We'll create separate directories for different categories. Run these commands in the terminal:
mkdir -p /home/labex/project/NmapScripts/vulnerability
mkdir -p /home/labex/project/NmapScripts/discovery
mkdir -p /home/labex/project/NmapScripts/authentication
The mkdir -p
command creates directories. If the parent directories don't exist, it creates them as well.
Now, let's copy some vulnerability - related scripts to our newly created vulnerability directory. Run this command in the terminal:
cp /usr/share/nmap/scripts/smb-vuln* /home/labex/project/NmapScripts/vulnerability/
This command copies all the scripts in the /usr/share/nmap/scripts/
directory whose names start with smb - vuln
to the /home/labex/project/NmapScripts/vulnerability/
directory.
Let's verify the files were copied correctly. Run this command in the terminal:
ls -la /home/labex/project/NmapScripts/vulnerability/
The output will show the copied vulnerability scripts:
total 88
drwxr-xr-x 2 labex labex 4096 Mar 15 12:30 .
drwxr-xr-x 4 labex labex 4096 Mar 15 12:30 ..
-rw-r--r-- 1 labex labex 3355 Mar 15 12:30 smb-vuln-conficker.nse
-rw-r--r-- 1 labex labex 8045 Mar 15 12:30 smb-vuln-cve2009-3103.nse
-rw-r--r-- 1 labex labex 5100 Mar 15 12:30 smb-vuln-cve-2017-7494.nse
-rw-r--r-- 1 labex labex 9595 Mar 15 12:30 smb-vuln-ms06-025.nse
-rw-r--r-- 1 labex labex 11645 Mar 15 12:30 smb-vuln-ms07-029.nse
-rw-r--r-- 1 labex labex 12558 Mar 15 12:30 smb-vuln-ms08-067.nse
-rw-r--r-- 1 labex labex 9719 Mar 15 12:30 smb-vuln-ms10-054.nse
-rw-r--r-- 1 labex labex 7326 Mar 15 12:30 smb-vuln-ms10-061.nse
-rw-r--r-- 1 labex labex 8091 Mar 15 12:30 smb-vuln-ms17-010.nse
-rw-r--r-- 1 labex labex 4245 Mar 15 12:30 smb-vuln-regsvc-dos.nse
Similarly, let's copy some discovery and authentication scripts to their respective directories. Run these commands in the terminal:
cp /usr/share/nmap/scripts/dns-* /home/labex/project/NmapScripts/discovery/
cp /usr/share/nmap/scripts/ssh-* /home/labex/project/NmapScripts/authentication/
Now you have organized some Nmap scripts into categories based on their functionality, which makes it easier to find and use them for specific tasks.