eBook - ePub
Mastering the Nmap Scripting Engine
Paulino Calderon Pale
This is a test
Partager le livre
- 244 pages
- English
- ePUB (adapté aux mobiles)
- Disponible sur iOS et Android
eBook - ePub
Mastering the Nmap Scripting Engine
Paulino Calderon Pale
DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations
Foire aux questions
Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier lâabonnement ». Câest aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via lâapplication. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă la bibliothĂšque et Ă toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode dâabonnement : avec lâabonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă 12 mois dâabonnement mensuel.
Quâest-ce que Perlego ?
Nous sommes un service dâabonnement Ă des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă toute une bibliothĂšque pour un prix infĂ©rieur Ă celui dâun seul livre par mois. Avec plus dâun million de livres sur plus de 1 000 sujets, nous avons ce quâil vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Ăcouter sur votre prochain livre pour voir si vous pouvez lâĂ©couter. Lâoutil Ăcouter lit le texte Ă haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, lâaccĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Mastering the Nmap Scripting Engine est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă Mastering the Nmap Scripting Engine par Paulino Calderon Pale en format PDF et/ou ePUB ainsi quâĂ dâautres livres populaires dans Computer Science et Cyber Security. Nous disposons de plus dâun million dâouvrages Ă dĂ©couvrir dans notre catalogue.
Informations
Sujet
Computer ScienceSous-sujet
Cyber SecurityMastering the Nmap Scripting Engine
Table of Contents
Mastering the Nmap Scripting Engine
Credits
About the Author
Acknowledgments
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Introduction to the Nmap Scripting Engine
Installing Nmap
Building Nmap from source code
Keeping Nmap up to date
Running NSE scripts
Script categories
NSE script selection
Selecting by script name or category
Selecting by filename or folder
Advanced script selection with expressions
NSE script arguments
Loading script arguments from a file
Forcing the execution of NSE scripts
Debugging NSE scripts
Scan phases and NSE
NSE script rules
Applications of NSE scripts
Information-gathering
Collecting UPNP information
Finding all hostnames resolving to the same IP address
Advanced host discovery
Discovering hosts with broadcast pings
Listening to your LAN to discover targets
Password auditing
Brute-forcing MySQL passwords
Brute-forcing SMTP passwords
Vulnerability scanning
Detecting insecure MySQL server configurations
Detecting web servers vulnerable to slow denial-of-service attacks
Detecting SSL servers vulnerable to CVE-2014-3566
Setting up a development environment
Halcyon IDE
Adding new scripts
Summary
2. Lua Fundamentals
Quick notes about Lua
Comments
Dummy assignments
Indexes
Semantics
Coercion
Safe language
Booleans
Flow control structures
Conditional statements â if-then, else, and elseif
Loops â while
Loops â repeat
Loops â for
Data types
String handling
Character classes
Magic characters
Patterns
Captures
Repetition operators
Concatenation
Finding substrings
String repetition
String length
Formatting strings
Splitting and joining strings
Common data structures
Tables
Arrays
Linked lists
Sets
Queues
Custom data structures
http-enum database
http-default-accounts
I/O operations
Modes
Opening a file
Reading a file
Writing a file
Closing a file
Coroutines
Creating a coroutine
Executing a coroutine
Determining the running coroutine
Getting the status of a coroutine
Yielding a coroutine
Metatables and metamethods
Arithmetic metamethods
Relational metamethods
Summary
3. NSE Data Files
Locating your data directory
Data directory search order
Username and password lists used in brute-force attacks
Username dictionaries
Password dictionaries
Web application auditing data files
http-fingerprints.lua
http-sql-errors.lst
http-web-files-extensions.lst
http-devframework-fingerprints.lua
http-folders.txt
vhosts-default.lst
wp-plugins.lst
DBMS-auditing data files
mysql-cis.audit
oracle-default-accounts.lst
oracle-sids
Java Debug Wire Protocol data files
JDWPExecCmd.java
JDWPSystemInfo.class
Other NSE data files
mygroupnames.db
rtsp-urls.txt
snmpcommunities.lst
ssl-ciphers
ssl-fingerprints
ike-fingerprints.lua
tftplist.txt
Other Nmap data files
Summary
4. Exploring the Nmap Scripting Engine API and Libraries
Understanding the structure of an NSE script
Other NSE script fields
Author
License
Dependencies
A sample NSE script
Exploring environment variables
Accessing the Nmap API
NSE arguments
Host table
Port table
Exception handling in NSE scripts
The NSE registry
Writing NSE libraries
Extending the functionality of an NSE library
NSE modules in C/C++
Exploring other popular NSE libraries
stdnse
openssl
target
shortport
creds
vulns
http
Summary
5. Enhancing Version Detection
Understanding version detection mode in NSE
Phases of version detection
Adjusting the rarity level of a version scan
Updating the version probes database
Taking a closer look at the file format
Excluding scanned ports from version detection
Using fallbacks to match other version probes
Getting to know post-processors
Nmap Scripting Engine
SSL
Writing your own version detection scripts
Defining the category of a version detection script
Defining the portrule of a version detection script
Updating the port version information
Setting the match confidence level
Examples of version detection scripts
NSE script â modbus-discover
NSE script â ventrilo-info
NSE script â rpc-grind
Summary
6. Developing Brute-force Password-auditing Scripts
Working with the brute NSE library
Selecting a brute mode
Implementing the Driver class
Passing library and user options
Returning valid accounts via Account objects
Handling execution errors gracefully with the Error class
Reading usernames and password lists with the unpwdb NSE library
Managing user credentials found during scans
Writing an NSE script to launch password-auditing attacks against the MikroTik RouterOS API
Summary
7. Formatting the Script Output
Output formats and Nmap Scripting Engine
XML structured output
Implementing structured output in your scripts
Printing verbosity messages
Including debugging information
The weakness of the grepable format
NSE script output in the HTML report
Summary
8. Working with Network Sockets and Binary Data
Work...