Using NSE is a crucial part of automating system and
vulnerability scans. It requires the following syntax:
nmap -Pn --script vuln hostnameExample 14-3 shows an example of a vulnerability scan
for a device on my home network.
Example 14-3 Using the Nmap Scripting EngineClick here to view code image
$ nmap -Pn --script vuln 10.168.243.179
Starting Nmap 7.80 ( https://nmap.org ) at
2019-12-08 22:18 PST
Pre-scan script results:
| broadcast-avahi-dos:
| Discovered hosts:
| 224.0.0.251
| After NULL UDP avahi packet DoS (CVE-2011-
1002).
|_ Hosts are all up (not vulnerable).
Illegal character(s) in hostname -- replacing
with '*'
Nmap scan report for RX-
V677*B9772F.hsd1.ca.domain.net (10.168.243.179)
Host is up (0.029s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
|_clamav-exec: ERROR: Script execution failed
(use -d to debug)
| http-csrf:
| Spidering limited to: maxdepth=3;
maxpagecount=20; withinhost=RX-
V677*B9772F.hsd1.ca.domain.net
| Found the following possible CSRF
vulnerabilities:
|
| Path: http://RX-
V677*B9772F.hsd1.ca.domain.net:80/
| Form id: recoveryform
|_ Form action: /Config/avr_recovery.cgi
|_http-dombased-xss: Couldn't find any DOM
based XSS.
| http-fileupload-exploiter:
|
| Couldn't find a file-type field.
|
| Couldn't find a file-type field.