With the popularity of WordPress as a publishing platform, security testing is an important part of ensuring the installation is secure. Nmap has a couple of NSE scripts specifically for the testing of WordPress installations. Using those scripts as a base I have developed a couple more that expand the capabilities of using Nmap to […]
Tag Archives | nmap
7 Nmap NSE Scripts for Recon
As with any security testing, make sure you fully understand what the script will do and how it might affect a target system. Only test systems you have permission to scan! Information Gathering 1. DNS Brute Force Find sub-domains with this script. Detecting sub-domains associated with an organizations domain can reveal new targets when performing […]
Parse Nmap XML to get SSL Certificate details
Extract SSL certificate details from a range of IP addresses using Nmap XML and a simple python script. The python script parses the Nmap XML output from the ssl-cert.nse script and produces csv output with the target SSL certificate details. When compiling Nmap you will need to have the libssl-dev package installed as Nmap nse […]
List all IPs in Subnet with Nmap
testsystem:~$ nmap -sL -n 192.168.1.0/30 Starting Nmap 6.25 ( http://nmap.org ) at 2014-05-17 23:33 EST Nmap scan report for 192.168.1.0 Nmap scan report for 192.168.1.1 Nmap scan report for 192.168.1.2 Nmap scan report for 192.168.1.3 Nmap done: 4 IP addresses (0 hosts up) scanned in 0.00 seconds In the second example the results are piped […]
Testing Heartbleed with the Nmap NSE script
Everywhere is buzzing with news of the Heartbleed vulnerability in OpenSSL. If you are living under a rock and have missed it just turn on the mainstream news. Not that you will get much detail there… this is a quick tutorial to show you how to test for the vulnerability using a handy Nmap NSE […]
Nessus, OpenVAS and Nexpose VS Metasploitable
In this high level comparison of Nessus, Nexpose and OpenVAS I have made no attempt to do a detailed metric based analysis. The primary reason for this is that it would be time consuming and difficult to get a conclusive result. This is due to the large differences in not only detection but also categorization […]
Security Testing WordPress
A couple of wordpress security assessment tools have popped up over the past couple of months, this has to be a good thing with the number of WordPress installations sky-rocketing. First of course there is the HackerTarget.com scan, externally facing and coming in at a fairly high level. The system downloads some of your pages, […]
BackTrack used by the NSA
As highlighted over on the backtrack site. It appears the NSA are one of the users of the excellent security testing Linux Distribution that is Back Track. That is almost as cool as Nmap being used in the Matrix. The National Security Agency and the Central Security Service tested the five U.S. service academies during […]
Metasploit vs Snort as Snorby
Recently I stumbled acorss Snorby, an excellent easy to use implementation of Snort. It is a new web interface for Snort that is very pretty, but also simple. An excellent introduction to Intrusion Detection Systems, that is not going to scare anyone away. Now how to I get hold of this I hear you cry…. […]
Nmap 5.21 released and rolled out
A new year, and new updates. We have rolled out the latest version of Nmap to all our scan servers. Happy scanning in 2010. Latest version includes performance improvements, new OS finger printing and a new traceroute engine.