diff --git a/docs/refguide.xml b/docs/refguide.xml index 771500d21..3e220e903 100644 --- a/docs/refguide.xml +++ b/docs/refguide.xml @@ -1990,116 +1990,32 @@ way. Nmap Scripting Engine (NSE) Nmap Scripting Engine (NSE) - - The Nmap Scripting Engine (NSE) combines the efficiency of Nmap's - network handling with the versatility of the lightweight scripting language - Lua, - Lua programming language - thus providing innumerable - opportunities. A more extensive documentation of the NSE (including its - API) can be found - at . - in . - The target of the NSE is to provide Nmap with a flexible infrastructure - for extending its capabilities and offering its users a simple way of - creating customized tests. Uses for the NSE include (but definitely are - not limited to): - - Nmap Scripting Engine (NSE)uses of - - version script category - Enhanced version detection (category - version)—While Nmap already offers its Service and - Version detection system, which is unmatched in terms of efficiency and - scope, this power has its downside when it comes to services requiring more - complex probes. The Skype Protocol version 2 for instance can be identified - by sending 2 independent probes to it, which the built-in system is not laid - out for: a simple NSE script can do the job and update the port's service - information. - - - - malware script category - backdoor script category - Malware-detection (category malware)—Both attackers - and worms often leave backdoors—be it in form of SMTP-servers listening on - uncommon ports mostly used by spammers for mail relay, or in form of an - FTP-server giving crackers access to critical data. A few lines of Lua code - can help to identify those loopholes easily. - - - vuln script category - Vulnerability Detection (category - vuln)—NSE's capacity in detecting risks ranges - from testing whether an SMTP server supports relaying mail from arbitrary - domains to testing whether an HTTP server is vulnerable to directory - traversal attacks. - - - - auth script category - Determination of Authentication Credentials (category - auth)—NSE can be used for determining authentication - credentials on the target's services, with a common method being brute-force - attack. - - - - safe script category - intrusive script category - discovery script category - Network Discovery and Information Gathering - (categories safe, intrusive and - discovery)—By providing you with a scripting language - and a really efficient asynchronous network API on the one hand and the - information gathered during earlier stages of a scan on the other hand the - NSE is suited to write client programs for the services listening on a - target machine. These clients may collect information like: listings of - available NFS/SMB/RPC shares, the number of channels of an irc-network or - currently logged on users. - + The Nmap Scripting Engine (NSE) is one of Nmap's most + powerful and flexible features. It allows users to write (and + share) simple scripts (using the Lua programming language, Lua programming language) to automate a wide variety of + networking tasks. Those scripts are executed in parallel with the + speed and efficiency you expect from Nmap. Users can rely on the + growing and diverse set of scripts distributed with Nmap, or write + their own to meet custom needs. + + Tasks we had in mind when creating the system include + network discovery, more sophisticated version detection, + vulnerability detection. NSE can even be used for vulnerability + exploitation. To reflect those different uses and to simplify the choice of which - scripts to run, each script contains a field associating it with one or more - of the above mentioned categories. To maintain the matching from scripts to - categories a file called - script.dbscript.db - is installed along - with the distributed scripts. Therefore, if you, for example, want to see if - a machine is infected by any worm Nmap provides a script for you can simply - run nmap --script=malware target-ip and check the output - afterwards. The version scripts are always run - implicitly when a script-scan is requested. The - script.db is a Lua-script itself and can be updated - through the option. - + scripts to run, each script contains a field associating it with one or more categories. Currently defined categories are +safe, intrusive, malware, version, discovery, vuln, auth, and default. These are all described at + at . + in . + - - An NSE script basically is a chunk of Lua-code which has (among some - informational fields, like name, id and categories) 2 functions: a test - whether the particular script should be run against a certain host or port - (called a - hostrulehostrule script variable - or portruleportrule script variable - respectively) and an - actionaction script variable - to be carried out if the test - returns true. Scripts have access to most information gathered by Nmap - during earlier stages. For each host this includes the IP address, hostname and (if - available) operating system. If a script is targeted at a port it has access - to the portnumber, the protocol (tcp, udp or ssl), the service running - behind that port, and optionally information from a version-scan. - NSE scripts by convention have an nse extension. Although - you are not required to follow this for the moment, this may change in the - future. Nmap will issue a warning if a file has any other extension. - More extensive documentation on the NSE, including a description of its API - can be found - at . - in . - - + The Nmap Scripting Engine is described in detail +at +in and is controlled by the following options: + @@ -2144,6 +2060,8 @@ by default. Scripts are indexed in a database stored in scripts in each category. A single script may be in several categories. +Malicious scripts are not run in a sandbox and thus could damage your system or invade your privacy. Never run scripts from third parties unless you trust the authors or have carefully audited the scripts yourself. + diff --git a/docs/scripting.xml b/docs/scripting.xml index a30e3264e..1e0e7be8f 100644 --- a/docs/scripting.xml +++ b/docs/scripting.xml @@ -13,13 +13,7 @@ growing and diverse set of scripts distributed with Nmap, or write their own to meet custom needs. - The Nmap project would like to thank - Diman TodorovTodorov, Diman - for his excellent work building the initial NSE implementation and - writing much of this documentation. - Stoiko IvanovIvanov, Stoiko - also contributed greatly. The tasks we had in mind when - creating the system are: + Tasks we had in mind when creating the system include: @@ -428,6 +422,9 @@ The database lists all of the scripts in each category. A single script may be in several categories. +Malicious scripts are not run in a sandbox and thus could damage your system or invade your privacy. Never run scripts from third parties unless you trust the authors or have carefully audited the scripts yourself. + +