NMAP Scripting Engine Introduction With HTTP-Enumeration

Presented at ToorCon San Diego 13 (2011), Oct. 9, 2011, 4:30 p.m. (20 minutes)

I will cover the basics of the nmap scripting engine, the lua programming language and detail how the http-enum script can easily turn nmap into a web application version identifier and/or vulnerability scanner. It will be presumed the audience is already familiar with nmap, HTTP, and some sort of object oriented programming.


  • Robert Rowley
    Abuse team member as well as web application security extraordinaire for DreamHost.com, a shared and virtual hosting provider for over one million websites and hundreds of thousands of customers. DreamHost provides the unique environment which requires providing increased security for an extremely broad range of websites and customers, all without being intrusive to their hosting experience. Founding member of Irvine Underground, a computer security group out of Irvine, California since 2002. I am also listed in the credentials for the topic I will be discussing: http://nmap.org/svn/nselib/data/http-fingerprints.lua

Similar Presentations: