Nmap Scripting Engine – Windows Scans

Nmap Usage

Nmap needs the following information port number, script name, any script arguments (optional), and the IP of the target.

nmap -p <port> –script <script-same> –script-args <script arguemens> <target IP>

SMB OS discovery

nmap -p 139,445 –script smb-os-discovery

SMB signing check

nmap -p137,139,445 –script smb-security-mode

IIS web server name disclosure

nmap -p 80 –script http-iis-short-name-brute

MS08-067 (netapi) vulnerability check

nmap -p 445 –script smb-vuln-ms08-067

Checking all smb vulnerability scripts

nmap -p 445 –script smb-vuln-*

Netbios and MAC address lookup

nmap -sU -p137 –script nbstat

Enumerating user accounts

nmap -p 139,445 –script smb-enum-users

Enumerating window shares

nmap -p 139,445 –script smb-enum-shares –script-args smbusername=vagrant,smbpassword=vagrant

SMB loging brute force

nmap -p 445 –script smb-brute –script-args userdb=unamelist.txt,passdb=testlist.txt

Finding domain controllers

nmap -p 389 -sV <target>

Detecting shadow brokers double pulsar smb

nmap -p 445 –script smb-double-pulsar-backdoor

Resources: https://nmap.org/nsedoc/scripts Book: Nmap: Network Exploration and Security Auditing Cookbook ISBN 978-1-78646-745-4