Codecademy Logo

Nmap Scripting Engine (NSE)

Print Cheatsheet

Performing scripting

Scripts are typically performed through command-line interfaces (CLI), but some scripting languages may be executed from IDEs or a file manager.

Scripts

A script is a program-like sequence of actions that can typically only be run within a specific context.

The most popular CLI tools are Command Prompt, PowerShell, Bash, and Terminal (macOS).

Most Common Scripting Languages

The most common scripting languages used today are Bash, PowerShell, Python, and JavaScript.

Scripting languages does not require compilers

Scripting languages are programming languages that do not require a compiler but instead depend on an interpreter.

Automate Common Task

Scripting languages are used to automate everyday computing tasks.

Nmap Uses Lua

Nmap uses the Lua language in its scripting engine.

Cybersecurity Professionals Use Nmap Scripts

Cybersecurity professionals use Nmap scripting to discover vulnerabilities on a network, perform reconnaissance, identify weaknesses on a server, and automate tasks.

Precompiled Scripts

Precompiled scripts are executable code that can be called to run at any time.

Scripting Process

Nmap scripting is using or writing custom scripts to find useful information on a network.

Scripting Engine

The Nmap scripting engine is a dynamic feature within Nmap that allows users to use scripts to automate networking tasks.

nmap-scripting-possibilities

With Nmap scripts, we can discover open ports on a network, identify versions of services, detect vulnerabilities, and even exploit vulnerabilities.

Using Nmap Scripting Engine

To use the Nmap scripting engine, we can use the –script argument to call on preloaded scripts or our custom scripts.

Nmap Scripting Arguments

We can find information on a target with Nmap scripting arguments, such as version numbers, exploits, and more.

Commonly Use Nmap Scripts Use By Professionals

Cybersecurity professionals commonly use the following Nmap scripts:

  • brute scripts
  • discovery scripts
  • exploit scripts