Nmap & NSE
Description of the Tool:
Nmap is a free and open-source security scanner, originally written by Gordon Lyon, used to discover hosts and services on a computer network, thus building a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses
The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Those scripts are then executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap, or write their own to meet custom needs.
Official Nmap site.
Official Nmap Scripting Engine (NSE) site.
- Udemy - Nmap: Network Security Scanning Basics & Advanced Techniques by Jason Wood
- SpiderLabs - Using Nmap to Screenshot Web Servicess
- Security Weekly Tech Segment - Using Nmap to Screenshot Web Servicess
- Halcyon IDE - Halcyon is the first IDE specifically focused on Nmap Script (NSE) Development.
Presentations/Blogs on the Tool:
I've used this several times and it works, however, I've compared findings with others using other tools and it wasn't as accurate.
Security Weekly (2018)
NMap Command Cheat Sheet
|nmap -sP x.x.x.x/24||Performes a ping scan of the network|
|nmap -iL ipaddresses.txt||Scans a list of ip addresses||Additional options can be before or after|
|nmap -sV -p 80,443 -oG output.txt 192.168.1.0/24||Outputs to a "grepable" file||File output file could be grepped for "Open"|
|nmap -p80,443 192.168.1.0/24 -oG -||nikto -h -||Scans for http/https on hosts|