In this lesson, we’ll delve deeper into the NSE and look at a few common NSE scripts used during a pen testing audit.

Script categories

The NSE groups its scripts into different categories to make it easier for users to select scripts based on their goals. The categories are as follows:

  • Default: These scripts are considered useful for basic scanning and are safe to run. These are the scripts that run when we use the -sC flag or --script=default.

  • Safe: These scripts are classified as nonintrusive and unlikely to crash services or systems.

  • Intrusive: These scripts are more aggressive and might be risky to run against target networks.

  • Discovery: These scripts are useful for discovering more about the network. This can include enumerating users, collecting device information, etc.

  • Vuln: These scripts check for known security vulnerabilities.

  • Exploit: These scripts are designed to exploit known vulnerabilities. Exercise extreme caution when using these.

  • Auth: These scripts check for authentication-related issues, such as weak passwords or default credentials.

  • Brute: These scripts perform brute-force attacks. These are highly aggressive and should be used carefully.

  • Malware: These scripts check for signs of malware infections on the target.

  • Broadcast: These scripts target broadcast domains and are often useful for discovering more hosts or services on the network.

  • Version: These scripts try to determine the version of services running on target hosts.

  • Dos: These scripts check for denial of service (DoS) vulnerabilities. These are generally considered very intrusive.

Common Nmap scripts

Let’s look at some popular Nmap scripts that pen testers use.

The http-title script

This script extracts the title tags from HTTP services running on the target server.

The http-title script in NSE is designed to retrieve the title of a web server’s index page. When we browse a website, the page’s title is typically what appears on the tab in our web browser. This title often provides an initial clue about the content or function of the website.

For example, if the title includes the word admin, it might be some sort of administrative interface. If the title mentions a specific application or service, it can help identify what is running on that server. Here’s the syntax to run the http-title script:

Get hands-on with 1200+ tech skills courses.