Penetration Testing with Kali Linux OffSec
cd /usr/share/nmap/scripts/
|
|
cd /usr/share/nmap/scripts/
kali@kali:/usr/share/nmap/scripts$ cat script.db | grep "\"vuln\"" Entry { filename = "afp-path-vuln.nse", categories = { "exploit", "intrusive", "vuln", } } Entry { filename = "broadcast-avahi-dos.nse", categories = { "broadcast", "dos", "intrusive", "vuln", } } Entry { filename = "clamav-exec.nse", categories = { "exploit", "vuln", } } Entry { filename = "distcc-cve2004-2687.nse", categories = { "exploit", "intrusive", "vuln", } } Entry { filename = "dns-update.nse", categories = { "intrusive", "vuln", } } ... Listing 94 - The Nmap script database Each entry has a file name and categories. The file name represents the name of the NSE script in the NSE directory. Some of the standard NSE scripts are quite outdated. Fortunately, the vulners 337 script was integrated, which provides current vulnerability information about detected service versions from the Vulners Vulnerability Database . 338 The script itself has the categories safe , vuln , and external . Before we start our first vulnerability scan with the NSE, we will examine the Nmap --script parameter. This parameter is responsible for determining which NSE scripts get executed in a scan. The arguments for this parameter can be a category, a Boolean expression, a comma- separated list of categories, the full or wildcard-specified name of a NSE script in script.db, or an absolute path to a specific script. Let’s start with an Nmap scan using all of the NSE scripts from the vuln category. The command we’ll use contains the previously mentioned --script parameter with the vuln argument, which specifies all of the scripts with this category. Furthermore, we’ll provide -sV to activate the Nmap’s service detection capabilities. Finally, we’ll use -p to only scan port 443. kali@kali:~$ Yüklə Dostları ilə paylaş:
|