# What is nmap? ## Nmap Scripting Engine (NSE) Collection of scripts for penetration testing enumeration ``` # good practice to update script's database before running NSEs sudo nmap --script-updatedb # find existing NSEs in your computer locate *.nse # read NSE help file, note might be outdated, check nmap.org for latest documentation nmap --script-help <scriptname without extension> # basic syntax to use NSE nmap --script <scriptname> <IP Address> <Flags> # example to scan this IP using 'ft-anon' at port 21, verbose output nmap --script=ftp-anon 192.168.221.132 -p 21 -sV -sC # flag to run script in default category -sV # good practice to use this flag to avoid missing information ``` **Example: running 'ftp-anon' NSE on target msf1 (IP address saved in shell)** ![[nmap_nse_example_ftpanon.png]] **Example: running 'ssh-run' NSE on target msf1 with arguments** ![[nmap_nse_example_sshrun.png]] ## Types of NSE ![[nmap_nse_categories.png]] **Intrusive** scripts have a high chance of crashing the target system **safe** is the opposite **vuln** focuses mainly on vulnerability assessment