• Subscribe to the low volume list for updates.

Archives of #nmap

WordPress Security Testing with Nmap

With the popularity of WordPress as a publishing platform, security testing is an important part of ensuring the installation is secure. Nmap has a couple of NSE scripts specifically for the testing of WordPress installations. Using those scripts as a base I have developed a couple more that expand the capabilities of using Nmap to […]
Read More
4 years ago

7 Nmap NSE Scripts for Recon

As with any security testing, make sure you fully understand what the script will do and how it might affect a target system. Only test systems you have permission to scan! Information Gathering 1. DNS Brute Force Find sub-domains with this script. Detecting sub-domains associated with an organizations domain can reveal new targets when performing […]
Read More
4 years ago

Parse Nmap XML to get SSL Certificate details

Extract SSL certificate details from a range of IP addresses using Nmap XML and a simple python script. The python script parses the Nmap XML output from the ssl-cert.nse script and produces csv output with the target SSL certificate details. When compiling Nmap you will need to have the libssl-dev package installed as Nmap nse […]
Read More
4 years ago

List all IPs in Subnet with Nmap

testsystem:~$ nmap -sL -n 192.168.1.0/30 Starting Nmap 6.25 ( http://nmap.org ) at 2014-05-17 23:33 EST Nmap scan report for 192.168.1.0 Nmap scan report for 192.168.1.1 Nmap scan report for 192.168.1.2 Nmap scan report for 192.168.1.3 Nmap done: 4 IP addresses (0 hosts up) scanned in 0.00 seconds In the second example the results are piped […]
Read More
4 years ago

Testing Heartbleed with the Nmap NSE script

Everywhere is buzzing with news of the Heartbleed vulnerability in OpenSSL. If you are living under a rock and have missed it just turn on the mainstream news. Not that you will get much detail there... this is a quick tutorial to show you how to test for the vulnerability using a handy Nmap NSE […]
Read More
4 years ago

Nessus, OpenVAS and Nexpose VS Metasploitable

In this high level comparison of Nessus, Nexpose and OpenVAS I have made no attempt to do a detailed metric based analysis. The primary reason for this is that it would be time consuming and difficult to get a conclusive result. This is due to the large differences in not only detection but also categorization […]
Read More
6 years ago

Security Testing WordPress

Our scan does not perform brute forcing of accounts, passwords or plugins. Brute Forcing is more appropriate in a targeted pen-test or black-box vulnerability assessment. Simply put brute forcing: Plugins is achieved by testing URL's: http://myexampleblog.cm/wp-content/plugins/$pluginname Usernames can be brute forced with a POST request to the login form (Incorrect username) Passwords can be brute […]
Read More
7 years ago

Metasploit vs Snort as Snorby

Recently I stumbled acorss Snorby, an excellent easy to use implementation of Snort. It is a new web interface for Snort that is very pretty, but also simple. An excellent introduction to Intrusion Detection Systems, that is not going to scare anyone away. Now how to I get hold of this I hear you cry.... […]
Read More
8 years ago

Nmap Cheat Sheet

Nmap Target Selection Scan a single IP nmap 192.168.1.1 Scan a host nmap www.testhostname.com Scan a range of IPs nmap 192.168.1.1-20 Scan a subnet nmap 192.168.1.0/24 Scan targets from a text file nmap -iL list-of-ips.txt These are all default scans, which will scan 1000 TCP ports. Host discovery will take place. Nmap Port Selection Scan […]
Read More
9 years ago