Nmap Scripting: The Ultimate Weapon

Presented at CactusCon 12 (2024), Feb. 17, 2024, 1:30 p.m. (245 minutes).

Nmap is still the #1 network scanning tool and one of the most important additions to Nmap was the ability to add custom scripts. Oftentimes, when zero days pop up, someone will write an Nmap script to identify vulnerable servers within minutes. If you’ve ever wondered how people write Nmap scripts, what it would take to write your own and how you can use them, this workshop is for you. Attendees in this workshop will learn how to understand and update the Nmap probe file, how to write Lua scripts (which Nmap scripting uses), how to write Nmap scripts to supplement the probe file, interact with custom services and ultimately write multiple Nmap scripts to do fun stuff with ports. Once attendees have a firm grasp of the Nmap scripting engine they will be introduced to writing Nmap libraries for use by their various scripts. This workshop contains many instructor lead labs so that attendees can see their code in action. To make this workshop worthwhile, a custom service running on a port has been created which the labs will allow you to probe and identify as the course goes on. Nmap is the workhorse behind the scenes for so many pentesters, but the resources for writing scripts are limited. The hope is that by offering this workshop, more people will be able to write Nmap scripts for the betterment of all hackingkind.

Presenters:

  • Philip Young / Soldier of FORTRAN - Hacking the Gibson since 1993   as Soldier of FORTRAN
    Philip Young, Director of Mainframe Penetration Testing Services at NetSPI is an oldschool hacker. He started out on with an Amiga 500 and a modem and never looked back, cutting his teeth on Datapac (the Canadian X.25 network) he eventually grew to searching the internet for interesting things. Later in his career he started taking a serious look at mainframe cybersecurity and realized how far behind mainframes had fallen when compared to their more open system (Windows/Linux). At that point he made it his lifes mission to raise awareness and produce tooling to aid in the testing of these critical resources to help keep them safe. Since then he has given talks around the world at places like BlackHat, DEFCON, RSA, has taught multiple workshops and was even under investigation by the Swedish secret police. In addition he has released countless opensources tools to pentest mainframes.

Links:

Similar Presentations: