Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Nmap: Network Exploration and Security Auditing Cookbook Network discovery and security scanning at your fingertips

Product type Paperback

Published in May 2017

Publisher

ISBN-13 9781786467454

Length 416 pages

Edition 2nd Edition

Languages

Lua

Tools

Nmap

Concepts

Penetration Testing

Author (1):

Paulino Calderon

View More author details

Table of Contents (18) Chapters

Preface

1. Nmap Fundamentals

2. Network Exploration FREE CHAPTER

3. Reconnaissance Tasks

4. Scanning Web Servers

5. Scanning Databases

6. Scanning Mail Servers

7. Scanning Windows Systems

8. Scanning ICS SCADA Systems

9. Optimizing Scans

10. Generating Scan Reports

11. Writing Your Own NSE Scripts

12. HTTP, HTTP Pipelining, and Web Crawling Configuration Options

13. Brute Force Password Auditing Options

Brute modes

14. NSE Debugging

15. Additional Output Options

16. Introduction to Lua

17. References and Additional Reading

Configuring the NSE library httpspider

The scripts http-unsafe-output-escaping and http-phpself-xss depend on
the library httpspider. This library can be configured to increase its coverage and overall behavior.

For example, the library will only crawl 20 pages by default, but we can set the argument httpspider.maxpagecount accordingly for bigger sites:

$nmap -p80 --script http-phpself-xss --script-args httpspider.maxpagecount=200 <target>

Another interesting argument is httpspider.withinhost, which limits the web crawler to a given host. This is turned on by default, but you could use the following command to disable this behavior:

$nmap -p80 --script http-phpself-xss --script-args httpspider.withinhost=false <target>

We can also set the maximum depth of directories we want to cover. By default, this value is only 3, so if you notice that the web server has deeply nested files, especially when pretty...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (1)

Paulino Calderon

Paulino Calderon (@calderpwn on Twitter) is the cofounder of Websec, a company offering information security consulting services based in Mexico and Canada. When he is not traveling to a security conference or conducting on-site consulting for Fortune 500 companies, he spends peaceful days in Cozumel, a beautiful small island in the Caribbean, learning new technologies, conducting big data experiments, developing new tools, and finding bugs in software. Paulino is active in the open source community, and his contributions are used by millions of people in the information security industry. In 2011, Paulino joined the Nmap team during the Google Summer of Code to work on the project as an NSE developer. He focused on improving the web scanning capabilities of Nmap, and he has kept contributing to the project since then. In addition, he has been a mentor for students who focused on vulnerability detection during the Google Summer of Code 2015 and 2017. He has published Nmap 6: Network Exploration and Security Auditing Cookbook and Mastering the Nmap Scripting Engine, which cover practical tasks with Nmap and NSE development in depth. He loves attending information security conferences, and he has given talks and participated in workshops in dozens of events in Canada, the United States, Mexico, Colombia, Peru, Bolivia, and Curacao.

See other products by Paulino Calderon