The Nmap Scripting Engine (NSE) is a powerful feature within nmap that allows this portscanner to be used like a vulnerability scanner. Simple scripts are created in the Lua programming language and can be used to automate different actions. These actions may include gathering version details, discovering data, checking for known vulnerabilities and more.

The available scripts can be found in /usr/share/nmap/scripts and have a .nse file extension. A default selection of these can be called with a Script Scan, or users are able to call appropriate scripts individually.

The syntax to trigger a Script Scan is

nmap -sC <IP address>

The above command will perform a script scan using the default set of scripts. When a port is identified as open, nmap will trigger the appropriate script in an attempt to enumerate as much information as possible.

The syntax to trigger only a specific script is

nmap -sT --script=<script name>

It is not important what type of scan is used by nmap, as long as the tool can identify a live port it will then attempt to use the chosen script to enumerate more information.

It is possible to run more than one script at once by chaining them together with commas, or to use all scripts of a certain type by using the wildcard “*” character, e.g.

Nmap -sT --script=smb* <IP address>

‍