API tools faq
paste
joemccray

NMap NSE Tutorial

joemccray
Jul 1st, 2020
527
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.52 KB | None | 0 0
raw download clone embed print report
  1. #####################################################
  2. # 2020 Intro to NMAP NSE #
  3. # By Joe McCray #
  4. #####################################################
  5.  
  6. - Here is a good set of slides for getting started with Linux:
  7. http://www.slideshare.net/olafusimichael/linux-training-24086319
  8.  
  9.  
  10. - Here is a good tutorial that you should complete before doing the labs below:
  11. http://linuxsurvival.com/linux-tutorial-introduction/
  12.  
  13.  
  14. - I prefer to use Putty to SSH into my Linux host.
  15. - You can download Putty from here:
  16. - http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
  17.  
  18. Here is the information to put into putty
  19.  
  20. Host Name: 149.28.201.171
  21. protocol: ssh
  22. port: 22
  23. username: cysa
  24. password: cysa!cysa123!
  25.  
  26.  
  27. If you are on a Mac (https://osxdaily.com/2017/04/28/howto-ssh-client-mac/)
  28.  
  29. Open a terminal, then type:
  30. -------------------------------
  31. ssh -l cysa 149.28.201.171
  32. ------------------------------
  33.  
  34.  
  35.  
  36. #########################
  37. # Playing with Nmap NSE #
  38. #########################
  39.  
  40. nmap -Pn -p80 --script ip-geolocation-* infosecaddicts.com
  41.  
  42. nmap -p80 --script dns-brute infosecaddicts.com
  43.  
  44. nmap --script http-robtex-reverse-ip secore.info
  45.  
  46. nmap -Pn -p80 --script=http-headers infosecaddicts.com
  47.  
  48.  
  49. ls /usr/share/nmap/scripts | grep http
  50. nmap -Pn -p80 --script=http-* infosecaddicts.com
  51.  
  52.  
  53.  
  54.  
  55. #####################################
  56. # Writing Your Own Nmap NSE Scripts #
  57. #####################################
  58.  
  59.  
  60. -----------------------Type this command -----------------------------
  61. sudo nano /usr/share/nmap/scripts/intro-nse.nse
  62. ----------------------------------------------------------------------
  63.  
  64.  
  65.  
  66. -------------Paste the following into the file-----------------------
  67. -- The Head Section --
  68. -- The Rule Section --
  69. portrule = function(host, port)
  70. return port.protocol == "tcp"
  71. and port.number == 80
  72. and port.state == "open"
  73. end
  74.  
  75. -- The Action Section --
  76. action = function(host, port)
  77. return "Advanced CyberWar!"
  78. end
  79. ----------------------------------------------------------------------
  80.  
  81. - Ok, now that we've made that change let's run the script
  82. -----------------------Type this command -----------------------------
  83. sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse infosecaddicts.com -p 22,80,443
  84. ----------------------------------------------------------------------
  85.  
  86.  
  87.  
  88.  
  89.  
  90. -----------------------Type this command -----------------------------
  91. sudo nano /usr/share/nmap/scripts/intro-nse.nse
  92. ----------------------------------------------------------------------
  93.  
  94.  
  95.  
  96. -------------Paste the following into the file-----------------------
  97. -- The Head Section --
  98. local shortport = require "shortport"
  99.  
  100. -- The Rule Section --
  101. portrule = shortport.http
  102.  
  103.  
  104. -- The Action Section --
  105. action = function(host, port)
  106. return "Advanced CyberWar!"
  107. end
  108. ----------------------------------------------------------------------
  109.  
  110. - Ok, now that we've made that change let's run the script
  111. sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse www.darkoperator.com -p 22,80,443
  112. ----------------------------------------------------------------------
  113.  
  114.  
  115.  
  116.  
  117.  
  118.  
  119. OK, now let's have some fun with my buddy Carlos Perez's website.
  120.  
  121. -----------------------Type this command -----------------------------
  122. sudo nano /usr/share/nmap/scripts/intro-nse.nse
  123. ----------------------------------------------------------------------
  124.  
  125.  
  126.  
  127. -------------Paste the following into the file-----------------------
  128. -- The Head Section --
  129. local shortport = require "shortport"
  130. local http = require "http"
  131.  
  132. -- The Rule Section --
  133. portrule = shortport.http
  134.  
  135. -- The Action Section --
  136. action = function(host, port)
  137.  
  138. local uri = "/installing-metasploit-in-ubunt/"
  139. local response = http.get(host, port, uri)
  140. return response.status
  141.  
  142. end
  143. ----------------------------------------------------------------------
  144.  
  145. - Ok, now that we've made that change let's run the script
  146. sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse www.darkoperator.com -p 22,80,443
  147. ----------------------------------------------------------------------
  148.  
  149.  
  150.  
  151. -----------------------Type this command -----------------------------
  152. sudo nano /usr/share/nmap/scripts/intro-nse.nse
  153. ----------------------------------------------------------------------
  154.  
  155.  
  156.  
  157. -------------Paste the following into the file-----------------------
  158. -- The Head Section --
  159. local shortport = require "shortport"
  160. local http = require "http"
  161.  
  162. -- The Rule Section --
  163. portrule = shortport.http
  164.  
  165. -- The Action Section --
  166. action = function(host, port)
  167.  
  168. local uri = "/installing-metasploit-in-ubunt/"
  169. local response = http.get(host, port, uri)
  170.  
  171. if ( response.status == 200 ) then
  172. return response.body
  173. end
  174.  
  175. end
  176. ----------------------------------------------------------------------
  177.  
  178. - Ok, now that we've made that change let's run the script
  179. sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse www.darkoperator.com -p 22,80,443
  180. ----------------------------------------------------------------------
  181.  
  182.  
  183.  
  184.  
  185.  
  186.  
  187.  
  188.  
  189. -----------------------Type this command -----------------------------
  190. sudo nano /usr/share/nmap/scripts/intro-nse.nse
  191. ----------------------------------------------------------------------
  192.  
  193.  
  194.  
  195. -------------Paste the following into the file-----------------------
  196. -- The Head Section --
  197. local shortport = require "shortport"
  198. local http = require "http"
  199. local string = require "string"
  200.  
  201. -- The Rule Section --
  202. portrule = shortport.http
  203.  
  204. -- The Action Section --
  205. action = function(host, port)
  206.  
  207. local uri = "/installing-metasploit-in-ubunt/"
  208. local response = http.get(host, port, uri)
  209.  
  210. if ( response.status == 200 ) then
  211. local title = string.match(response.body, "Installing Metasploit in Ubuntu and Debian")
  212. return title
  213. end
  214.  
  215. end
  216. ----------------------------------------------------------------------
  217.  
  218. - Ok, now that we've made that change let's run the script
  219. sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse www.darkoperator.com -p 22,80,443
  220. ----------------------------------------------------------------------
  221.  
  222.  
  223.  
  224.  
  225.  
  226.  
  227. -----------------------Type this command -----------------------------
  228. sudo sudo nano /usr/share/nmap/scripts/intro-nse.nse
  229. ----------------------------------------------------------------------
  230.  
  231.  
  232.  
  233. -------------Paste the following into the file-----------------------
  234. -- The Head Section --
  235. local shortport = require "shortport"
  236. local http = require "http"
  237. local string = require "string"
  238.  
  239. -- The Rule Section --
  240. portrule = shortport.http
  241.  
  242. -- The Action Section --
  243. action = function(host, port)
  244.  
  245. local uri = "/installing-metasploit-in-ubunt/"
  246. local response = http.get(host, port, uri)
  247.  
  248. if ( response.status == 200 ) then
  249. local title = string.match(response.body, "Installing Metasploit in Ubuntu and Debian")
  250.  
  251. if (title) then
  252. return "Vulnerable"
  253. else
  254. return "Not Vulnerable"
  255. end
  256. end
  257. end
  258.  
  259. ----------------------------------------------------------------------
  260.  
  261.  
  262.  
  263.  
  264. - Ok, now that we've made that change let's run the script
  265. -----------------------Type this command -----------------------------
  266. sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse www.darkoperator.com -p 22,80,443
  267. ----------------------------------------------------------------------
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!