NMAP - NSE Scripts

Vulnerability scanning using NSE in Nmap. 

Note: I have written this tutorial taking the fact into consideration that the user is well versed with basic "NMAP commands".

For basic NMAP commands please refer the cheat-sheet given below:

Basic Scanning Techniques

• Scan a single target :                                                                  nmap [target]

• Scan multiple targets:                                                                nmap [target1,target2,etc]

• Scan a list of targets                                                                  nmap -iL [list.txt]

• Scan a range of hosts                                                                nmap [range of IP addresses]

• Scan an entire subnet                                                                nmap [IP address/cdir]

• Scan random hosts                                                                    nmap -iR [number]

• Excluding targets from a scan                                                  nmap [targets] –exclude [targets]

• Excluding targets using a list                                                   nmap [targets] –excludefile [list.txt]

• Perform an aggressive scan                                                      nmap -A [target]

• Scan an IPv6 target                                                                  nmap -6 [target]


Discovery Options

• Perform a ping scan only                                                         nmap -sP [target]

• Don’t ping                                                                                nmap -PN [target]

• TCP SYN ping                                                                         nmap -PS [target]

• TCP ACK ping                                                                        nmap -PA [target]

• UDP ping                                                                                 nmap -PU [target]

• SCTP Init Ping                                                                         nmap -PY [target]

• ICMP echo ping                                                                       nmap -PE [target]

• ICMP Timestamp ping                                                             nmap -PP [target]

• ICMP address mask ping                                                         nmap -PM [target]

• IP protocol ping                                                                       nmap -PO [target]

• ARP ping                                                                                 nmap -PR [target]

• Traceroute                                                                                nmap –traceroute [target]


Firewall Evasion Techniques

• Fragment packets                                                                     nmap -f [target]

• Specify a specific MTU                                                           nmap –mtu [MTU] [target]

• Use a decoy                                                                              nmap -D RND: [number] [target]

• Idle zombie scan                                                                      nmap -sI [zombie] [target]

• Manually specify a source port                                                nmap –source-port [port] [target]

• Append random data                                                                nmap –data-length [size] [target]

• Randomize target scan order                                                    nmap –randomize-hosts [target]

• Spoof MAC Address                                                             nmap –spoof-mac [MAC|0|vendor] [target]

• Send bad checksums                                                                nmap –badsum [target]


Version Detection

• Operating system detection                                                     nmap -O [target]

• Attempt to guess an unknown OS                                           nmap -O –osscan-guess [target]

• Service version detection                                                        nmap -sV [target]

• Troubleshooting version scans                                                nmap -sV –version-trace [target]

• Perform a RPC scan                                                                nmap -sR [target]


Nmap Scripting Engine

• Execute individual scripts                                                       nmap –script [script.nse] [target]

• Execute multiple scripts                                                          nmap –script [expression] [target]

• Execute scripts by category                                                    nmap –script [cat] [target]

• Execute multiple scripts categories                                        nmap –script [cat1,cat2, etc]

• Troubleshoot scripts                                                               nmap –script [script] –script-trace [target]

• Update the script database                                                      nmap –script-updatedb

Comments

Post a Comment

Popular posts from this blog

OSINT Tool in Termux

Image
The Instagram OSINT Tool gets a range of information from an Instagram account that you normally wouldn't be able to get from just looking at their profile The information includes: [ profile ] : user id, followers / following, number of uploads, profile img URL, business enum, external URL, joined Recently, etc [ tags & mentions ] : most used hashtags and mentioned accounts [ email ] : if any email is used any where it'll be displayed [ posts ] : accessability caption, location, timestamp, caption, picture url, etc ( yet not working correctly with posts instagram marks as 'sensitive cotent' ) How To Install apt update && upgrade -y Pkg install git pkg install python3 git clone https://github.com/th3unkn0n/osi.ig.git && cd osi.ig python3 -m pip install -r requirements.txt Usage python3 main.py -u username
Read more

Active Directory Ransomware Attacks

Image
    Organizations worldwide use Active Directory (AD) as their primary identity service , which makes it a top target for ransomware attacks . This article explains how adversaries exploit Active Directory during ransomware attacks and provides strategies and tools for defending against this modern menace. The two phases of a ransomware attack A common misconception about ransomware attacks is that they are quick: Someone opens an infected email attachment or inserts an infected USB device , and within minutes data across the network is encrypted and a ransom demand is displayed on every screen . The reality is quite different. Ransomware attacks today tend to be quite sophisticated and methodical . To encrypt as much sensitive information as possible and therefore maximize the chances of receiving a high payout , attackers proceed in two phases: Find an entry point — The first step is to gain a foothold in the victim organization ’s network . One common strategy is to comp...
Read more

Colt Telecom Hit by WarLock Ransomware: SharePoint Zero Day Used for Mass Data Theft

Image
  What Happened On August 12, 2025 , Colt Technology Services—a UK-based telecom giant—experienced a cyberattack that disrupted several internal support services, impacting systems like Colt Online, porting, and Voice API platforms, while core network services remained unaffected. Who Claimed Responsibility A threat actor using the handle "cnkjasdfgd," claiming to represent the WarLock ransomware group , offered 1 million stolen documents for US$200,000 , providing sample files to prove their legitimacy. Made Possible By The attackers exploited a critical zero-day vulnerability in on-premises Microsoft SharePoint (CVE‑2025‑53770), which was publicly patched on July 21, 2025. Technical Breakdown (“ToolShell” Exploit Chain) Attackers used a sophisticated exploit chain now dubbed ToolShell , involving multiple steps: 1. Initial Access – Bypassing Authentication A crafted HTTP POST to the /_layouts/15/ToolPane.aspx endpoint with a spoofed Referer header (/_layo...
Read more