# Nmap Scripts

### Find Script <a href="#find-scripts" id="find-scripts"></a>

Find script related to a service your interested in, example here is ftp

```
locate .nse | grep [port name]

Example: 
locate .nse | grep ftp
```

```
ls /usr/share/nmap/scripts | grep smb
```

Typically NSE scripts that scans for vulnerabilities are at

```
ls -l /usr/share/nmap/scripts/
```

* you can use this scripts with `--script=<ScriptName>` ,
* it also support wildcard entries

## Help manual for scripts <a href="#help-manual-for-scripts" id="help-manual-for-scripts"></a>

What does a script do?

```
nmap --script-help [script name]

Example:
nmap --script-help ftp-anon
```

## Vulnerability Scanning <a href="#vulnerability-scanning" id="vulnerability-scanning"></a>

Default vulnerabilities Scanning nmap scripts:

```
nmap --script vuln [ip target]
```

## Scan With All Scripts <a href="#scan-with-all-scripts" id="scan-with-all-scripts"></a>

&#x20;Scan a target using all NSE scripts.&#x20;

> May take an hour to complete.

```
nmap -p 80 --script=all [ip target]
```

```
nmap -p 80 --script=*vuln* [ip target]
# Scan a target using all NSE vuln scripts.
```

```
nmap -p 80 --script=http*vuln* [ip target]
# Scan a target using all HTTP vulns NSE scripts.
```

## Scan with particular Script <a href="#scan-with-particular-script" id="scan-with-particular-script"></a>

```
nmap -p 21 --script=ftp-anon [ip target]/24
# Scan entire network for FTP servers that allow anonymous access.
```

## Scan entire network with script <a href="#scan-entire-network-with-script" id="scan-entire-network-with-script"></a>

```
nmap -p 80 --script=http-vuln-cve2010-2861 [ip target]/24
# Scan entire network for a directory traversal vulnerability. It can even retrieve admin's password hash.
```