Nmap Scripting Engine

While Nmap offers many capabilities as a network discovery tool, adding new functionality can be a difficult process. The normal approach is to parse Nmap output and pass the relevant results to another tool or custom script. This works, but it can be slow and merging the output of both tools is a pain.

The object of this project is to enhance Nmap with scripting capabilities so users can easily customize Nmap to meet their particular needs. This can be done with an Nmap Attack Scripting Language. We won't really call this NASL, but the goal is similar to the way Nessus is extended with NASL scripts.

This doesn't mean Nmap is going to become a full-fledged comprehensive vulnerability scanner like Nessus. While some vulnerability detection scripts may be valuable, there are also many discovery scripts we would like to have which are more general-purpose than detecting a flaw in a certain application. Examples might be "attempt to fetch SNMP information by trying a few dozen popular community strings", or "check if this service is an open proxy", or "read the /robots.txt and main page title for the detected web server", or "look up the AS number for this IP", or "Look up the whois contact for this IP".


If you think of other important features/requirements for this document, or feel it should be changed in other ways, please post your suggestions to nmap-dev. Labels such as "should" or "would be nice" denote less-critical features that can be worked on last, while "musts" have to be met unless we agree to make changes. Here are the proposed features and infrastructure requirements for the new Nmap scripting engine: