NSE

Nmap Scripting Engine (NSE)

Tasks we had in mind when creating the system include network discovery, more sophisticated version detection, vulnerability detection. NSE can even be used for vulnerability exploitation.

each script contains a field associating it with one or more categories.

categories are auth, broadcast, default. discovery, dos, exploit, external, fuzzer, intrusive, malware, safe, version, and vuln

https://nmap.org/book/nse-usage.html#nse-categories

https://nmap.org/book/nse.html Chapter 9. Nmap Scripting Engine

-sC  --script=default
部分脚本具有侵扰性

 + 强制运行
 all  specify every script in Nmap's database.运行所有

--script <filename>|<category>|<directory>/|<expression>[,...] 自己指定script

nmap --script "http-*"

nmap --script "not intrusive"	Loads every script except for those in the intrusive category.

nmap --script "default or safe" 等于 nmap --script "default,safe"

nmap --script "default and safe" 	Loads those scripts that are in both the default and safe categories.

nmap --script "(default or safe or intrusive) and not http-*" 
Loads scripts in the default, safe, or intrusive categories, except for those whose names start with http-.

--script-args <n1>=<v1>,<n2>={<n3>=<v3>},<n4>={<v4>,<v5>}
	name=value pairs. 
	
	--script-args 'user=foo,pass=",{}=bar",whois={whodb=nofollow+ripe},xmpp-info.server_name=localhost'. 

--script-args-file <filename> 从文件读取参数

逗号、换行符、--script-args 分隔变量

--script-help <filename>|<category>|<directory>|<expression>|all[,...]

 nmap --script-help ftp-anon.

--script-trace 打印执行脚本的输入和输出信息。可能会有不可打印的字符。

与 --packet-trace 同，just one ISO layer higher

--script-updatedb 更新