NMAP Scripting Engine Introduction With HTTP-Enumeration

Presented at ToorCon San Diego 13 (2011), Oct. 9, 2011, 4:30 p.m. (20 minutes)

I will cover the basics of the nmap scripting engine, the lua programming language and detail how the http-enum script can easily turn nmap into a web application version identifier and/or vulnerability scanner.

It will be presumed the audience is already familiar with nmap, HTTP, and some sort of object oriented programming.

Presenters:

• Robert Rowley
  Abuse team member as well as web application security extraordinaire for DreamHost.com, a shared and virtual hosting provider for over one million websites and hundreds of thousands of customers. DreamHost provides the unique environment which requires providing increased security for an extremely broad range of websites and customers, all without being intrusive to their hosting experience. Founding member of Irvine Underground, a computer security group out of Irvine, California since 2002. I am also listed in the credentials for the topic I will be discussing: http://nmap.org/svn/nselib/data/http-fingerprints.lua

Similar Presentations:

• DEF CON 31 (2023) / These Port Scans are Trash: Improving Nmap by Writing New Scripts and Libraries Workshop
• DerbyCon 1.0 (2011) / Advanced Nmap Scripting: Make Nmap work for you!
• ToorCon San Diego 12 (2010) / Beginner's Guide to the nmap Scripting Engine