Mastering the Nmap Scripting Engine

Black Hat USA 2010

Presented by: David Fifield, Fyodor Vaskovitch
Date: Wednesday July 28, 2010
Time: 16:45 - 18:00
Location: Augustus 5+6
Track: Malware Fingerprinting

Most security practitioners can use Nmap for simple port scanning and OS detection, but the Nmap Scripting Engine (NSE) takes scanning to a whole new level. Nmap's high-speed networking engine can now spider web sites for SQL injection vulnerabilities, brute-force crack and query MSRPC services, find open proxies, and more. Nmap includes more than 125 NSE scripts for network discovery, vulnerability detection, exploitation, and authentication cracking.

Rather than give a dry overview of NSE, Fyodor and Nmap co-maintainer David Fifield demonstrate practical solutions to common problems. They have scanned millions of hosts with NSE and will discuss vulnerabilities found on enterprise networks and how Nmap can be used to quickly detect those problems on your own systems. Then they demonstrate how easy it is to write custom NSE scripts to meet the needs of your network. Finally they take a quick look at recent Nmap developments and provide a preview of what is soon to come. This presentation does not require any NSE experience, but it wouldn't hurt to read http://nmap.org/book/nse.html.

Fyodor Vaskovitch

Insecure.Org Fyodor Vaskovich (known to his family as Gordon Lyon) authored the open source Nmap Security Scanner in 1997 and continues to coordinate its development. He also maintains the Insecure.Org, Nmap.Org, SecLists.Org, and SecTools.Org security resource sites and has authored seminal papers on remote operating system detection and stealth port scanning. He is a founding member of the Honeynet project, former president of Computer Professionals for Social Responsibility (CPSR), and author or co-author of the books *"Nmap Network Scanning", "Know Your Enemy:Honeynets" and "Stealing the Network: How to Own a Continent."*

David Fifield

has been working on the Nmap security scanner and its associated tools for several years. He wrote the Ndiff scan comparison utility and has been active in the maintenance and enhancement of the Ncat network tool and the Zenmap GUI, as well as certain subsystems of Nmap such as the scripting engine. Much of his time has been spent improving Nmap's performance and accuracy. He has spoken previously about Nmap at the FOSDEM and LinuxTag conferences.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats