1 00:00:00,600 --> 00:00:03,960 And map, script, engine or NSC. 2 00:00:06,610 --> 00:00:09,520 So what do you suppose script scanning would be? 3 00:00:11,200 --> 00:00:15,180 So an map is indeed a software for port scanning purposes, right? 4 00:00:15,850 --> 00:00:20,500 It can also be used for pen test purposes using its advanced features. 5 00:00:21,750 --> 00:00:27,570 And MAP has started to be developed as a board scanning tool, and today it has exceeded itself with 6 00:00:27,570 --> 00:00:30,240 its vulnerability and exploitation features. 7 00:00:32,070 --> 00:00:38,520 So the unmap scripting engine, or NSC, is one of end maps, more powerful and flexible features. 8 00:00:39,900 --> 00:00:46,260 So it allows users to write and share simple scripts to automate a wide range of network scanning tasks. 9 00:00:47,490 --> 00:00:53,340 These scripts are then executed in parallel with the speed and efficiency that we would expect from 10 00:00:53,350 --> 00:01:02,700 any map so users can use scripts distributed within MAP or write themselves to meet their specific needs. 11 00:01:05,240 --> 00:01:09,070 NSC consist of scripts in these following categories. 12 00:01:10,450 --> 00:01:22,300 Defined categories of broadcast, brute default, discovery, dos exploit, external foser, intrusive 13 00:01:22,960 --> 00:01:26,800 malware, safe version and von. 14 00:01:28,330 --> 00:01:36,610 So the category names are not case sensitive and, well, let me just briefly describe each category 15 00:01:37,570 --> 00:01:44,830 off so these scripts handle authentication information or bypasses it on the target system. 16 00:01:45,880 --> 00:01:52,590 Instead of scripts that use brute force attacks to identify credentials, they are placed in this category. 17 00:01:56,050 --> 00:01:56,830 Broadcast. 18 00:01:58,250 --> 00:02:04,100 Scripts in this category typically discover hosts that are not listed on the command line by publishing 19 00:02:04,100 --> 00:02:05,060 to the local network. 20 00:02:06,600 --> 00:02:13,110 Use the new target script variable to allow these scripts to automatically add hosts that they discovered 21 00:02:13,110 --> 00:02:14,340 to the end map scan. 22 00:02:14,340 --> 00:02:14,730 Q. 23 00:02:17,970 --> 00:02:24,600 So these scripts use brute force attacks to estimate the authentication information of a remote server 24 00:02:25,410 --> 00:02:33,120 and map, http, brute, oracle, brute, S&P, brute, etc., including many scripts that enforce the 25 00:02:33,120 --> 00:02:33,720 protocol. 26 00:02:35,570 --> 00:02:36,230 Discovery. 27 00:02:37,640 --> 00:02:44,750 These scripts attempt to discover more about the network by querying Global Records as an MP enabled 28 00:02:44,750 --> 00:02:48,280 devices, directory services and so on and so forth. 29 00:02:49,940 --> 00:02:51,140 So, Dossey. 30 00:02:52,640 --> 00:02:56,060 Scripts in this category can cause denial of service. 31 00:02:57,370 --> 00:03:04,210 Sometimes it is done to test the vulnerability for denial of service method, but more generally it 32 00:03:04,210 --> 00:03:09,980 is undesirable because of the side effect required to test the conventional vulnerability. 33 00:03:11,230 --> 00:03:14,590 In other words, these tests sometimes crash sensitive services. 34 00:03:17,210 --> 00:03:22,760 Exploit these scripts are intended to actively exploit a vulnerability. 35 00:03:24,410 --> 00:03:25,070 External. 36 00:03:26,260 --> 00:03:33,580 Scripts in this category can send data to a third party database or another network resource, for example, 37 00:03:33,880 --> 00:03:41,230 who is IP establishes a connection to the who is servers to obtain information about the destination's 38 00:03:41,230 --> 00:03:41,860 address. 39 00:03:43,450 --> 00:03:49,330 The operators of the third party database probably record everything that comes into them, so this 40 00:03:49,330 --> 00:03:52,720 will log your IP address and the destination address. 41 00:03:54,400 --> 00:04:01,720 Most scripts that do not fall into this category contain absolute traffic between the scanning computer 42 00:04:01,720 --> 00:04:02,530 and the client. 43 00:04:05,560 --> 00:04:06,100 Foser. 44 00:04:07,240 --> 00:04:13,750 Scripts in this category are designed to send unexpected or random fields by the server software and 45 00:04:13,750 --> 00:04:14,410 each package. 46 00:04:16,230 --> 00:04:22,830 Although the technique is useful for finding undiscovered errors and vulnerabilities in software, it 47 00:04:22,830 --> 00:04:26,520 runs both slowly and uses a lot of bandwidth. 48 00:04:28,600 --> 00:04:35,350 An example of a script in this category is DNS Fuzz, which slightly bombs a DNS server with incorrect 49 00:04:35,350 --> 00:04:40,480 domain requests until the server crashes or a user defined time limit expires. 50 00:04:42,240 --> 00:04:43,080 Intrusive. 51 00:04:44,200 --> 00:04:45,040 These grip's. 52 00:04:46,420 --> 00:04:53,500 Cannot be classified into a secure category because the risks may be high enough to destroy the target 53 00:04:53,500 --> 00:04:54,000 system. 54 00:04:55,590 --> 00:05:02,460 We can fully exploit the resources that means bandwidth, CPU ram of the target system. 55 00:05:03,440 --> 00:05:10,700 Therefore, they are perceived as unwanted processes by system administrators, as you may very well 56 00:05:10,700 --> 00:05:11,060 imagine. 57 00:05:13,390 --> 00:05:14,110 Malware. 58 00:05:15,110 --> 00:05:22,400 These scripts test whether the target platform is affected by malware or back doors, for example, 59 00:05:22,430 --> 00:05:31,400 SMTP, Strange Port, which monitors SMTP servers running on unusual port numbers and off spoof, which 60 00:05:31,400 --> 00:05:33,290 identifies similar fraud numbers. 61 00:05:33,620 --> 00:05:36,800 They give a fake answer before receiving a query. 62 00:05:38,390 --> 00:05:43,400 Both of these behaviors are usually caused by malware infection. 63 00:05:45,180 --> 00:05:53,400 Safe scripts that are not designed to crash services use large amounts of bandwidth or other resources 64 00:05:53,400 --> 00:05:55,590 or exploit vulnerabilities. 65 00:05:56,770 --> 00:06:03,850 They're less likely to harm remote administrators, but we cannot guarantee that they will never cause 66 00:06:03,850 --> 00:06:07,000 adverse reactions, as with other inmate features. 67 00:06:07,930 --> 00:06:11,440 So most of them are performing general network discovery. 68 00:06:12,640 --> 00:06:18,880 Scripts in this category are not classified for security, but all other unsafe scripts should be placed 69 00:06:18,880 --> 00:06:19,990 as intrusive. 70 00:06:21,790 --> 00:06:28,810 Version, so scripts in this particular category are an extension of the version detection feature and 71 00:06:28,810 --> 00:06:31,240 cannot be explicitly selected. 72 00:06:32,440 --> 00:06:37,690 They're selected run only one version detection as vete is requested. 73 00:06:38,870 --> 00:06:45,790 Outputs are indistinguishable from version detection output and do not generate service or host script 74 00:06:45,790 --> 00:06:46,290 result. 75 00:06:49,160 --> 00:06:58,220 Von, these scripts check for specific known vulnerabilities and typically report results only if they 76 00:06:58,220 --> 00:06:58,910 are found. 77 00:07:00,700 --> 00:07:01,270 Default. 78 00:07:02,940 --> 00:07:11,940 So this is used with a C or the A parameter scripts defined in the default category are speed, usefulness, 79 00:07:12,240 --> 00:07:16,590 verbosity, reliability, intrusiveness, privacy. 80 00:07:18,220 --> 00:07:22,090 Script equals can be used with a default parameter, 81 00:07:25,810 --> 00:07:30,580 so enmasse script files in the script folder. 82 00:07:32,720 --> 00:07:39,720 If you don't know the full name, you can list all the scripts when you run, locate NSC on the command 83 00:07:39,720 --> 00:07:45,240 line if you're looking for a specific script for a specific topic. 84 00:07:47,010 --> 00:07:48,590 Then just type it into the command line. 85 00:07:50,270 --> 00:07:55,670 If you want to, you can always edit the scripts, you can review them, make changes, for example, 86 00:07:55,670 --> 00:07:58,490 if we are looking for DNS related scripts. 87 00:07:59,770 --> 00:08:01,780 We just need to type in the command line. 88 00:08:42,740 --> 00:08:46,940 Current NSC scripts are available at unmap dot org. 89 00:08:48,410 --> 00:08:51,290 You can view all scripts and usage patterns and. 90 00:08:53,130 --> 00:08:56,940 This address in that dog and IDOC. 91 00:08:58,450 --> 00:08:59,380 So unmap. 92 00:09:00,350 --> 00:09:08,240 Since NASA is open source, it's constantly updated, therefore it is necessary to update the script 93 00:09:08,240 --> 00:09:10,650 database before scanning the scripts. 94 00:09:10,670 --> 00:09:10,940 Yeah. 95 00:09:46,280 --> 00:09:50,000 So to do this, you just run the command script update. 96 00:09:52,670 --> 00:09:56,300 Now, there are a few parameters to scan the script within Matt. 97 00:09:57,980 --> 00:09:59,750 And I'll show you a few of them. 98 00:10:00,780 --> 00:10:02,130 And AC. 99 00:10:03,110 --> 00:10:10,700 If we only use the SC parameter and map scans for IP and port with scripts defined in the default category. 100 00:10:11,830 --> 00:10:14,140 And map, script, script, name, target. 101 00:10:14,950 --> 00:10:18,670 So in this case and map will scan with the specified script. 102 00:10:20,540 --> 00:10:26,330 So if you want to get help with a script, we can use and map, script, help, script name. 103 00:10:27,420 --> 00:10:30,320 And maps, graphs can be used with other parameters as well. 104 00:10:31,830 --> 00:10:36,240 So the script that we use here must be compatible with the service that we scan. 105 00:10:37,150 --> 00:10:38,560 Might not seem obvious, but. 106 00:10:40,860 --> 00:10:44,370 So let's write a few examples of and commands.