Profile picture
Daniel Miller ✝ @bonsaiviking
, 19 tweets, 13 min read Read on Twitter
#Nmap comes with 586 #NSE scripts. 148 of them are default (-sC) or version (-sV) scripts. The rest (438) have to be invoked directly or by category, so many folks don't use them. Here are my top 18 NSE scripts you should run in 2018: #DiscoveringNSE
#DiscoveringNSE 1/18: Fingerprint 100s of web apps and embedded devices with http-enum. Got Nikto? http-enum uses that fingerprint file, too. nmap.org/nsedoc/scripts… Found a device with a web interface? Check for default creds with http-default-accounts. nmap.org/nsedoc/scripts…
#DiscoveringNSE 2/18: Import a list of targets to scan directly from the XML output of another scan with targets-xml. Lots of scripts that discover new addresses let you scan them in the same command with --script-args newtargets nmap.org/nsedoc/scripts…
#DiscoveringNSE 3/18: Enumerate subdomains with dns-brute. Brute-force resolve common hostnames and SRV records against discovered DNS servers. nmap.org/nsedoc/scripts…
#DiscoveringNSE 4/18: All 38 scripts in the "broadcast and safe" categories. Find targets & discover services like ATAoE, DB2, DHCP, DNSSD, Dropbox, NetBIOS, OSPF2, UPnP, WPAD, and XDMCP on your local LAN: --script 'broadcast and safe' nmap.org/nsedoc/categor…
#DiscoveringNSE 5/18: Use Hollywood-style byte-by-byte bruteforce to find #IPv6 PTR DNS records with dns-ip6-arpa-scan. nmap.org/nsedoc/scripts…
#DiscoveringNSE 6/18: IPv6 network address ranges are absurdly large. Find and scan #IPv6 targets on your local LAN with targets-ipv6-multicast-* scripts. nmap.org/nsedoc/scripts…
#DiscoveringNSE 7/18: Find internal/private IP addresses leaked in some HTTP services and SSL certificates with http-bigip-cookie, ssl-cert-intaddr, http-internal-ip-disclosure nmap.org/nsedoc/scripts…
#DiscoveringNSE 8/18: Hack the Gibson or other IBM mainframe systems with scripts by @mainframed767: tn3270-screen, tso-enum, tso-brute, vtam-enum, cics-info, cics-enum, cics-user-enum, cics-brute nmap.org/nsedoc/scripts…
#DiscoveringNSE 9/18: Shameless self-promotion: I've done a bunch to improve auth support for #VNC scripts, adding Apple Remote Desktop, VeNCrypt, Tight, and TLS types. Enumerate with vnc-info, brute force with vnc-brute, grab screen info with vnc-title. nmap.org/nsedoc/scripts…
#DiscoveringNSE 10/18: Check general web security with fast scripts & deep spiders like http-security-headers, http-cookie-flags, http-crossdomainxml, http-csrf, http-errors, http-dombased-xss, http-fileupload-exploiter, http-rfi-spider nmap.org/nsedoc/scripts…
#DiscoveringNSE 11/18: Formidible SSH security checks with new libssh2-based scripts: ssh-publickey-acceptance, ssh-run, ssh-auth-methods, ssh-brute nmap.org/nsedoc/scripts…
#DiscoveringNSE 12/18: Enumerate all SMB versions with smb-protocols. nmap.org/nsedoc/scripts… Then take advantage of awesome new SMB2 support by @calderpwn: smb2-vuln-uptime, smb2-capabilities, smb2-security-mode, smb2-time nmap.org/nsedoc/scripts…
#DiscoveringNSE 13/18: The "external" NSE category contains scripts that query third-party services. Use shodan-api to query @shodanhq with Nmap: nmap.org/nsedoc/scripts… (Other fun external scripts: http-xssed, http-google-malware, targets-asn, asn-query)
#DiscoveringNSE 14/18: Geolocate your targets and plot them on @googlemaps, thanks to @mak_kolybabi. Run one of the ip-geolocation scripts along with ip-geolocation-map-kml (or use your API key with -google or -bing). nmap.org/nsedoc/scripts…
#DiscoveringNSE 15/18: NSE has 73 #BruteForce credential testing scripts. Why not check out http-form-brute, which can handle all sorts of complicated CSRF and cookie schemes, and works great against Django, Wordpress, MediaWiki, Joomla, and Drupal. nmap.org/nsedoc/scripts…
#DiscoveringNSE 16/18: Spider a site for emails, IP addresses, #creditcard numbers, SSN, or write your own custom patterns with http-grep nmap.org/nsedoc/scripts…
#DiscoveringNSE 17/18: Check for weak TLS/SSL configurations everywhere, even SMTP, RDP, VNC, etc. with ssl-enum-ciphers (Related scripts include ssl-dh-params, ssl-heartbleed, ssl-poodle, tls-ticketbleed, etc.) nmap.org/nsedoc/scripts…
#DiscoveringNSE 18/18: Keep up with the latest big #vulnerabilities like #Struts RCE (http-vuln-cve2017-5638), Intel #AMT privesc (http-vuln-cve2017-5689), MS17-010 (smb-vuln-ms17-010), and lots more. nmap.org/nsedoc/scripts…
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Daniel Miller ✝
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#Nmap #NSE #DiscoveringNSE #IPv6 #VNC #BruteForce #creditcard #vulnerabilities #Struts #AMT

Related threads

Profile picture
Here I will outline the affect of homelessness and drug abuse in mostly Democratic run states. It is a crisis on the largest magnitude and these American citizens do matter! Here is the top homeless cities of the United States in order!

statista.com/chart/6949/the…
Remember 1 is the worse and 10 is the best. This list only shows 10 major cities.... here we go!
1. Andrew Coumo - Governor of New York - Democrat
As of 2018 New York City, NY has a staggering 78, 676 homeless people in New York City alone- ranking them at the top of the charts.
Read 16 tweets
Profile picture
A SOC that deals in Alerts is doomed. If it deals in 'high fidelity detection analytics' + can show ...
1) what's possible to detect that your tech teams + business MDs care about
2) by implication what gaps exist with existing tech (coverage / config)
... then in with a chance.
In practice what that means is defining 5 things that are highly interesting from a blue/red perspective, and where you would tolerate high false positives because if you see 'an activity' it's worth some precious analyst time to investigate ... for 2 reasons ...
1) To rule out that badness is happening
2) To understand if the analytic can be better tuned to remove the trigger to 'go look at this'
Read 18 tweets
Profile picture
Folks tell me it has helped when I've talked about it, so here goes - as many of you know I've struggled with depression & anxiety for 20 years.

In that time, I've had many myths busted about those two buggers. Here's the top 5... 1/ #WorldSuicidePreventionDay
5. 'You need to be stuck in bed all day to *really* have depression.'

Don't get me wrong - some can really be affected that way. However, you can be severely depressed & very much upright.

I went through a number of jobs, very ill & wondering why I couldn't perform - Duh! 2/
I figured that because I could get out of bed and front up to work, I wasn't Ill.

Never mind that my illness was seriously fatigued, that it was impacting my communication skills - I could barely look people in the eye!
Read 14 tweets
Profile picture
Let's have a quick (long?) chat about web performance.

I have the unique situation of seeing data from billions of performance profiles as we help customers with @raygunio's Real User Monitoring look to improve user experience. #webdev #PerformanceMatters #webperf
1. Many folks still think a synthetic test is a Good Thing. That is, pinging a website from a fixed set of servers. It's better than naught, but it's a pretty poor proxy for real customer experience.

You're measuring data center to data center performance (even if nerfing perf)
2. Even with nerfing perf, you're talking high quality interconnects between DCs. This compares poorly, to say, what an actual user experiences on a 3G phone while roaming around somewhere.

You're not getting realistic numbers.
Read 19 tweets
Profile picture
Folks been asking about the $12B farm bailout. I didn't want to respond until I read it, saw how they were planning to structure the payments.

However, can't seem to find any meaningful info on that. Probably bc the administration hasn't actually decided yet. Oh well here goes.
*Keep in mind that this thread is from 20+ years of working primarily in fruit & vegetable farming, which doesn't get subsidies & is unlikely to see anything from this bailout, & yet somehow continues to survive anyway.
The big burning question that seems to preoccupy people w this bailout is

"Will any of it actually go to small family farmers? Or will it all just go to *trailer narrator voice* B I G A G R I B U S I N E S S?"
Read 25 tweets
Profile picture
Tutorial on how to make a map using QGIS. I'll turn @SenhorRaposa's 2000 Vermont town data into a map showing by how much Gore outran Senator Jeffords (or vice versa) in every town.
Step 1: Download QGIS for your computer, which is available here:
qgis.org/en/site/foruse…
You'll also need some of Census' Tiger/Line County and County Sub shapefiles. The main download page for those is here:
census.gov/cgi-bin/geo/sh…

A direct link to the 2017 VT county sub shapefile is here: ftp://ftp2.census.gov/geo/tiger/TIGER2017/COUSUB/tl_2017_50_cousub.zip
I can't find a 2017 County file by state, so we'll use the 2009 verison here:
ftp://ftp2.census.gov/geo/tiger/TIGER2009/50_VERMONT/tl_2009_50_county.zip
(We could always edit the 17 national county file in QGIS & create a 2017 VT-only county shapefile, but let's keep it simple.)
Read 176 tweets

Trending hashtags

#webperf #sorry #unroll #MockingbirdMedia #lineup #GrassleyMemo #songs #AmericanHolocaust #TinyLivesAtStake #webdev #PoseFX #WorldNGOday #TheBitcoinStandard #a6cee3 #WorldSuicidePreventionDay #BoycottNike #N #PlannedParenthood #SupremeCourt #DestroyTheAadhaar #BuildOurWallNOW #featured #RightToPrivacy #here #WorldAlzheimersDay

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!