Mastering the Nmap Scripting Engine
Presented by Fyodor and David Fifield at Defcon & Black Hat USA 2010
Summary
Most hackers can use Nmap for simple port scanning and OS detection, but the Nmap Scripting Engine (NSE) takes scanning to a whole new level. Nmap's high-speed networking engine can now spider web sites for SQL injection vulnerabilities, brute-force crack and query MSRPC services, find open proxies, and more. Nmap includes more than 130 NSE scripts for network discovery, vulnerability detection, exploitation, and authentication cracking.
Rather than give a dry overview of NSE, Fyodor and Nmap co-maintainer David Fifield demonstrate practical solutions to common problems. They have scanned millions of hosts with NSE and discuss vulnerabilities found on enterprise networks and how Nmap can be used to quickly detect those problems on your own systems. Then they demonstrate how easy it is to write custom NSE scripts by writing one from scratch and using it to hack a webcam. All in 38 minutes, as given live at Defcon 18!
Presentation Video
Presentation video is available in several formats. The most convenient is probably this 38-minute Youtube video of our Defcon presentation:
The video can be downloaded in QuickTime format: standard size (640x320; 47MB) or HD (1200x600; 131MB).
We also gave the presentation at the Black Hat Briefings USA 2010. That version is about twice as long (73 minutes) and contains a bit more information. The main additions are a section introducing our Icons of the Web (favicon) project and a section showing off recent Nmap news and developments. You can watch a Flash version on Vimeo or download the video in standard size (640x320; 93MB) or HD (1200x600; 259MB).
Slides and Audio
The presentations include many live demos, so you will miss out on a lot of you only read the slides or listen to the audio.
Presentation slides (PDF): Defcon, Black Hat
Presentation MP3 audio: Defcon (18MB), Black Hat (35MB)
Other Presentations
If you enjoyed this talk, you might enjoy other talks listed on Fyodor's Nmap Presentation Page. Or head to the main pages of Insecure.Org or Nmap.Org.