joemccray

NMap NSE Tutorial

Jul 1st, 2020
532
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.52 KB | None | 0 0
  1. #####################################################
  2. # 2020 Intro to NMAP NSE #
  3. # By Joe McCray #
  4. #####################################################
  5.  
  6. - Here is a good set of slides for getting started with Linux:
  7. http://www.slideshare.net/olafusimichael/linux-training-24086319
  8.  
  9.  
  10. - Here is a good tutorial that you should complete before doing the labs below:
  11. http://linuxsurvival.com/linux-tutorial-introduction/
  12.  
  13.  
  14. - I prefer to use Putty to SSH into my Linux host.
  15. - You can download Putty from here:
  16. - http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
  17.  
  18. Here is the information to put into putty
  19.  
  20. Host Name: 149.28.201.171
  21. protocol: ssh
  22. port: 22
  23. username: cysa
  24. password: cysa!cysa123!
  25.  
  26.  
  27. If you are on a Mac (https://osxdaily.com/2017/04/28/howto-ssh-client-mac/)
  28.  
  29. Open a terminal, then type:
  30. -------------------------------
  31. ssh -l cysa 149.28.201.171
  32. ------------------------------
  33.  
  34.  
  35.  
  36. #########################
  37. # Playing with Nmap NSE #
  38. #########################
  39.  
  40. nmap -Pn -p80 --script ip-geolocation-* infosecaddicts.com
  41.  
  42. nmap -p80 --script dns-brute infosecaddicts.com
  43.  
  44. nmap --script http-robtex-reverse-ip secore.info
  45.  
  46. nmap -Pn -p80 --script=http-headers infosecaddicts.com
  47.  
  48.  
  49. ls /usr/share/nmap/scripts | grep http
  50. nmap -Pn -p80 --script=http-* infosecaddicts.com
  51.  
  52.  
  53.  
  54.  
  55. #####################################
  56. # Writing Your Own Nmap NSE Scripts #
  57. #####################################
  58.  
  59.  
  60. -----------------------Type this command -----------------------------
  61. sudo nano /usr/share/nmap/scripts/intro-nse.nse
  62. ----------------------------------------------------------------------
  63.  
  64.  
  65.  
  66. -------------Paste the following into the file-----------------------
  67. -- The Head Section --
  68. -- The Rule Section --
  69. portrule = function(host, port)
  70. return port.protocol == "tcp"
  71. and port.number == 80
  72. and port.state == "open"
  73. end
  74.  
  75. -- The Action Section --
  76. action = function(host, port)
  77. return "Advanced CyberWar!"
  78. end
  79. ----------------------------------------------------------------------
  80.  
  81. - Ok, now that we've made that change let's run the script
  82. -----------------------Type this command -----------------------------
  83. sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse infosecaddicts.com -p 22,80,443
  84. ----------------------------------------------------------------------
  85.  
  86.  
  87.  
  88.  
  89.  
  90. -----------------------Type this command -----------------------------
  91. sudo nano /usr/share/nmap/scripts/intro-nse.nse
  92. ----------------------------------------------------------------------
  93.  
  94.  
  95.  
  96. -------------Paste the following into the file-----------------------
  97. -- The Head Section --
  98. local shortport = require "shortport"
  99.  
  100. -- The Rule Section --
  101. portrule = shortport.http
  102.  
  103.  
  104. -- The Action Section --
  105. action = function(host, port)
  106. return "Advanced CyberWar!"
  107. end
  108. ----------------------------------------------------------------------
  109.  
  110. - Ok, now that we've made that change let's run the script
  111. sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse www.darkoperator.com -p 22,80,443
  112. ----------------------------------------------------------------------
  113.  
  114.  
  115.  
  116.  
  117.  
  118.  
  119. OK, now let's have some fun with my buddy Carlos Perez's website.
  120.  
  121. -----------------------Type this command -----------------------------
  122. sudo nano /usr/share/nmap/scripts/intro-nse.nse
  123. ----------------------------------------------------------------------
  124.  
  125.  
  126.  
  127. -------------Paste the following into the file-----------------------
  128. -- The Head Section --
  129. local shortport = require "shortport"
  130. local http = require "http"
  131.  
  132. -- The Rule Section --
  133. portrule = shortport.http
  134.  
  135. -- The Action Section --
  136. action = function(host, port)
  137.  
  138. local uri = "/installing-metasploit-in-ubunt/"
  139. local response = http.get(host, port, uri)
  140. return response.status
  141.  
  142. end
  143. ----------------------------------------------------------------------
  144.  
  145. - Ok, now that we've made that change let's run the script
  146. sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse www.darkoperator.com -p 22,80,443
  147. ----------------------------------------------------------------------
  148.  
  149.  
  150.  
  151. -----------------------Type this command -----------------------------
  152. sudo nano /usr/share/nmap/scripts/intro-nse.nse
  153. ----------------------------------------------------------------------
  154.  
  155.  
  156.  
  157. -------------Paste the following into the file-----------------------
  158. -- The Head Section --
  159. local shortport = require "shortport"
  160. local http = require "http"
  161.  
  162. -- The Rule Section --
  163. portrule = shortport.http
  164.  
  165. -- The Action Section --
  166. action = function(host, port)
  167.  
  168. local uri = "/installing-metasploit-in-ubunt/"
  169. local response = http.get(host, port, uri)
  170.  
  171. if ( response.status == 200 ) then
  172. return response.body
  173. end
  174.  
  175. end
  176. ----------------------------------------------------------------------
  177.  
  178. - Ok, now that we've made that change let's run the script
  179. sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse www.darkoperator.com -p 22,80,443
  180. ----------------------------------------------------------------------
  181.  
  182.  
  183.  
  184.  
  185.  
  186.  
  187.  
  188.  
  189. -----------------------Type this command -----------------------------
  190. sudo nano /usr/share/nmap/scripts/intro-nse.nse
  191. ----------------------------------------------------------------------
  192.  
  193.  
  194.  
  195. -------------Paste the following into the file-----------------------
  196. -- The Head Section --
  197. local shortport = require "shortport"
  198. local http = require "http"
  199. local string = require "string"
  200.  
  201. -- The Rule Section --
  202. portrule = shortport.http
  203.  
  204. -- The Action Section --
  205. action = function(host, port)
  206.  
  207. local uri = "/installing-metasploit-in-ubunt/"
  208. local response = http.get(host, port, uri)
  209.  
  210. if ( response.status == 200 ) then
  211. local title = string.match(response.body, "Installing Metasploit in Ubuntu and Debian")
  212. return title
  213. end
  214.  
  215. end
  216. ----------------------------------------------------------------------
  217.  
  218. - Ok, now that we've made that change let's run the script
  219. sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse www.darkoperator.com -p 22,80,443
  220. ----------------------------------------------------------------------
  221.  
  222.  
  223.  
  224.  
  225.  
  226.  
  227. -----------------------Type this command -----------------------------
  228. sudo sudo nano /usr/share/nmap/scripts/intro-nse.nse
  229. ----------------------------------------------------------------------
  230.  
  231.  
  232.  
  233. -------------Paste the following into the file-----------------------
  234. -- The Head Section --
  235. local shortport = require "shortport"
  236. local http = require "http"
  237. local string = require "string"
  238.  
  239. -- The Rule Section --
  240. portrule = shortport.http
  241.  
  242. -- The Action Section --
  243. action = function(host, port)
  244.  
  245. local uri = "/installing-metasploit-in-ubunt/"
  246. local response = http.get(host, port, uri)
  247.  
  248. if ( response.status == 200 ) then
  249. local title = string.match(response.body, "Installing Metasploit in Ubuntu and Debian")
  250.  
  251. if (title) then
  252. return "Vulnerable"
  253. else
  254. return "Not Vulnerable"
  255. end
  256. end
  257. end
  258.  
  259. ----------------------------------------------------------------------
  260.  
  261.  
  262.  
  263.  
  264. - Ok, now that we've made that change let's run the script
  265. -----------------------Type this command -----------------------------
  266. sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse www.darkoperator.com -p 22,80,443
  267. ----------------------------------------------------------------------
Add Comment
Please, Sign In to add comment