Apart from being the most powerful port scanner, nmap also has its own Nmap Scripting Engine (NSE) which greatly extends its functionality and can turn nmap
into a lightweight vulnerability scanner. Invoking scripts is really easy to do and is done with the --script
option:
nmap --script <script name> <target>
Nmap comes with a bunch of scripts by default, all of which are stored under /usr/share/nmap/scripts
in Kali Linux and are index in a database file called scripts.db
. These scripts are divided into several categories, but the ones which matter for vulnerability scanning are under the vuln
category.
To view the categories of a specific script, one can use the following command:
cat /usr/share/nmap/scripts/script.db | grep <script>
You might have noticed that the same script can belong to multiple categories. The safe
category contains scripts which are safe to run and will not damage the target system, while scripts in the intrusive
category may crash the target.
One can also install custom scripts from the Internet, usually found on GitHub. Once you have downloaded the .nse
file, you need to place it in /usr/share/nmap/scripts/
and run the following command to update Nmap's script database:
sudo nmap --script-updatedb
Blindly executing unknown NSE scripts may compromise your system. You should always inspect the script's code and verify that it is not doing anything malicious on your host.