Tools

Nmap NSE Scripts for Enterprise Scanning

Tyler R.

Feb 14, 2008 — 1 min read

The Nmap Scripting Engine has matured significantly. Version 4.50 added dozens of new scripts and the framework is now stable enough for enterprise use.

Why NSE Over Standalone Tools

Before NSE, enterprise scanning meant running Nmap for discovery, then piping results to Nessus. NSE lets you combine discovery and basic vulnerability checks in a single pass.

Script Categories

NSE scripts fall into categories: auth, broadcast, brute, default, discovery, dos, exploit, external, fuzzer, intrusive, malware, safe, version, and vuln. For enterprise scanning, I stick to safe, version, and discovery.

Custom Scripts for Windows Environments

I wrote three custom scripts. The first checks for SMB signing configuration. The second enumerates domain trusts via LDAP. The third detects outdated SSL/TLS configurations on IIS servers.

Performance Considerations

NSE scripts add overhead to each host scan. On our enterprise network of approximately 12,000 live hosts, running the default script scan adds about 3 hours. Selective script execution keeps the overhead manageable.

Active Directory Delegation: A Security Audit Checklist

Active Directory delegation is one of those features that every Windows admin uses but few audit properly. It is also a common source of privilege escalation paths. The Problem When an administrator delegates permissions in AD, those permissions are stored as Access Control Entries on the target objects. Over time,

Nmap Cheat Sheet: The Complete Command Reference

Nmap is the standard tool for network discovery and security auditing. Whether you are mapping a small home lab or scanning a class B network, the same core commands apply. This nmap cheat sheet is a structured reference covering the commands and options I use most frequently, organized by task

Where Have All the Good Fingerprinters Gone?

OS fingerprinting has been a fundamental reconnaissance technique since the mid-1990s. Nmap, p0f, and xprobe2 all approach the problem differently, but they share a common challenge: the fingerprint databases are not keeping up with the operating systems they need to identify. I spent last week testing the latest versions of

The Severity of Vulnerabilities

I have been looking at how vendors classify vulnerability severity and I keep finding discrepancies between what the vendor says and what the CVSS score suggests. Take the most recent batch of Microsoft patches. Two of the vulnerabilities rated as Important by Microsoft score above 8.0 on the CVSS