Greenbone: Task: Running Nmap scripts

Home » Learning Center » Task: Running Nmap scripts

Page as PDF
Page content»

Task: Running Nmap scripts

Nmap is the most widely used de-facto standard tool of the security experts for network exploration. Nmap integrates a LUA scripting engine and dozens of scripts with various detection routines.

Greenbone Security Manager (GSM) integrates Nmap as core element for the phase of network exploration. For security experts the GSM also provides access to special abilities of Nmap such as the NSE scripts.

Greenbone Security Manager allows to run Nmap Scripting Engine (NSE) to extend the results of network exploration. This also allows to manage results of NSE scripts in the very same way as the other NVT's are managed, for example regarding annotation, severity overrides, filtering, reporting, etc.

Execute simple network scanning with NSE

top^

You can import nmap-nse.xml to quickly get a ready to run scan configuration. You can then skip the following phase and directly go to Running the scan.

In the next step, we will create a new empty scan configuration and enable NSE manually to illustrate the whole process. Default configurations already include NSE but its execution is controlled by a global parameter which is off by default.

Click to edit your configuration.

Select the Nmap NSE family to enable the execution of the NSE scripts for this configuration. Save the configuration.

NSE scripts are now considered for execution but won't run unless you explicitly turn them on. In your scan configuration panel, click the icon in front of Nmap NSE to get the list of related NVTs. The first one, called Launch Nmap NSE Tests, is the one that controls the execution of the others. Click its icon to access its configuration.

Set the Launch Nmap NSE Tests parameter to "yes" and save the configuration.

Running the scan

top^

Now that your scan configuration is ready, you can add the target(s). NSE scripts are non-authenticated checks. You don't need to supply credentials to execute them.

Then create the actual task, and start the scan by clicking .

You can check the results by clicking and refresh the display with at any time during the scan.

When the status changes to "Done" the complete report is available.

Parameter tuning

top^

Some NSE scripts can be tuned via parameters. The defaults are conservative or simply empty. It is possible to tune the scripts to increase the scan performance and accuracy.

Go back to the scan configuration page and import the NSE scan configuration again. You will have a second entry you can edit now. Click the edit icon in front of the scan configuration, then the one in front of the "Nmap NSE" category. You can then adjust the parameters for each script. Some parameters may need experience and/or deep understanding of the scripts to be chosen correctly. You can refer to the NSE reference portal.

The following screenshot illustrates the setting of such a parameter. Here we supply the SNMP community string to use to gather system description.