Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,710 --> 00:00:06,580 And map script engine or NSC. 2 00:00:06,630 --> 00:00:14,880 So what do you suppose script scanning would be so and map is indeed a software for Port scanning purposes 3 00:00:14,880 --> 00:00:15,950 right. 4 00:00:15,960 --> 00:00:23,490 It can also be used for pen test purposes using its advanced features and map has started to be developed 5 00:00:23,490 --> 00:00:30,210 as a port scanning tool and today it has exceeded itself with its vulnerability and exploitation features 6 00:00:32,130 --> 00:00:40,450 so the in map scripting engine or NFC is one of N maps more powerful and flexible features so it allows 7 00:00:40,450 --> 00:00:48,040 users to write and share simple scripts to automate a wide range of network scanning tasks these scripts 8 00:00:48,040 --> 00:00:54,010 are then executed in parallel with the speed and efficiency that we would expect from any map. 9 00:00:55,830 --> 00:01:02,690 Users can use scripts distributed within map or write themselves to meet their specific needs 10 00:01:05,350 --> 00:01:16,570 NSC consist of scripts in these following categories defined categories of broadcast brute default discovery 11 00:01:17,080 --> 00:01:30,940 dos exploit external fuzzier intrusive malware safe version and Von so the category names are not case 12 00:01:30,940 --> 00:01:40,840 sensitive and well let me just briefly describe each category so these scripts handle authentication 13 00:01:40,840 --> 00:01:49,060 information or bypasses it on the target system instead of scripts that use brute force attacks to identify 14 00:01:49,060 --> 00:01:52,560 credentials they are placed in this brute category. 15 00:01:56,080 --> 00:02:03,320 Broadcast scripts in this category typically discover hosts that are not listed on the command line 16 00:02:03,330 --> 00:02:11,190 by publishing to the local network use the new target script variable to allow these scripts to automatically 17 00:02:11,310 --> 00:02:14,360 add hosts that they discovered to the end map scan. 18 00:02:14,360 --> 00:02:14,700 Q 19 00:02:17,990 --> 00:02:24,570 So these scripts use brute force attacks to estimate the authentication information of a remote server 20 00:02:25,500 --> 00:02:33,720 and map HDP brute Oracle brute as an MP brute etc. including many scripts that enforce the protocol 21 00:02:35,630 --> 00:02:43,820 discovery these scripts attempt to discover more about the network by querying global records as an 22 00:02:43,820 --> 00:02:48,260 MP enabled devices directory services and so on and so forth. 23 00:02:49,980 --> 00:03:00,980 So D OS scripts in this category can cause denial of service sometimes it is done to test the vulnerability 24 00:03:00,980 --> 00:03:02,500 for denial of service method. 25 00:03:02,530 --> 00:03:09,980 But more generally it is undesirable because of the side effect required to test a conventional vulnerability. 26 00:03:11,310 --> 00:03:14,580 In other words these test sometimes crash sensitive services 27 00:03:17,300 --> 00:03:27,470 exploit these scripts are intended to actively exploit a vulnerability external scripts in this category 28 00:03:27,470 --> 00:03:31,910 can send data to a third party database or another network resource. 29 00:03:32,910 --> 00:03:40,260 For example who is IP establishes a connection to the WHO is servers to obtain information about the 30 00:03:40,260 --> 00:03:41,290 destinations. 31 00:03:41,300 --> 00:03:48,940 Address the operators of the third party database probably record everything that comes into them. 32 00:03:49,010 --> 00:03:56,980 So this will log your IP address and the destination address most scripts that do not fall into this 33 00:03:56,980 --> 00:04:02,500 category contain absolute traffic between the scanning computer and the client 34 00:04:05,620 --> 00:04:13,520 fuzzier scripts in this category are designed to send unexpected or random fields by the server software 35 00:04:13,550 --> 00:04:21,150 and each package although the technique is useful for finding undiscovered errors and vulnerabilities 36 00:04:21,150 --> 00:04:22,180 in software. 37 00:04:22,440 --> 00:04:28,700 It runs both slowly and uses a lot of bandwidth. 38 00:04:28,720 --> 00:04:35,350 An example of a script in this category is DNS Fuzz which slightly bombs a DNS server with incorrect 39 00:04:35,350 --> 00:04:40,770 domain requests until the server crashes or a user defined time limit expires. 40 00:04:42,360 --> 00:04:52,150 Intrusive these scripts cannot be classified into a secure category because the risks may be high enough 41 00:04:52,150 --> 00:04:55,570 to destroy the target system. 42 00:04:55,680 --> 00:05:04,220 It can fully exploit the resources that means bandwidth CPE you ram of the target system therefore they 43 00:05:04,220 --> 00:05:09,400 are perceived as unwanted processes by system administrators. 44 00:05:09,530 --> 00:05:19,520 As you may very well imagine malware these scripts test whether the target platform is affected by malware 45 00:05:19,610 --> 00:05:21,710 or back doors. 46 00:05:21,710 --> 00:05:29,750 For example S.M. T.P. strange port which monitors as MTBE servers running on unusual port numbers and 47 00:05:29,870 --> 00:05:33,520 off spoof which identifies similar fraud numbers. 48 00:05:33,680 --> 00:05:42,850 It give a fake answer before receiving a query both of these behaviors are usually caused by malware 49 00:05:42,850 --> 00:05:49,080 infection safe scripts that are not designed to crash. 50 00:05:49,080 --> 00:05:55,800 Services use large amounts of bandwidth or other resources or exploit vulnerabilities. 51 00:05:56,890 --> 00:06:03,850 They're are less likely to harm remote administrators but we cannot guarantee that they will never cause 52 00:06:03,850 --> 00:06:05,340 adverse reactions. 53 00:06:05,410 --> 00:06:13,240 As with other and map features so most of them are performing general network discovery scripts in this 54 00:06:13,240 --> 00:06:19,930 category are not classified for security but all other unsafe scripts should be placed as intrusive 55 00:06:21,820 --> 00:06:28,810 version so scripts in this particular category aren't extension of the version detection feature and 56 00:06:28,810 --> 00:06:33,650 cannot be explicitly selected their selected run. 57 00:06:33,710 --> 00:06:41,950 Only when version detection as a V is requested outputs are indistinguishable from version detection 58 00:06:41,950 --> 00:06:46,250 output and do not generate servers or hosts script results. 59 00:06:49,220 --> 00:06:58,070 Vollmann these scripts check for specific known vulnerabilities and typically report results only if 60 00:06:58,070 --> 00:06:58,880 they are found. 61 00:07:00,730 --> 00:07:11,000 Default so this is used with a C or the a parameter scripts defined in the default category are speed 62 00:07:11,300 --> 00:07:22,050 usefulness verbosity reliability intrusiveness privacy script equals can be used with a default parameter 63 00:07:25,870 --> 00:07:35,330 so in map script files in the scripts folder if you don't know the folder name you can list all the 64 00:07:35,330 --> 00:07:41,080 scripts when you run locate NSC on the command line. 65 00:07:41,290 --> 00:07:48,550 If you're looking for a specific script for a specific topic then just type it into the command line 66 00:07:50,370 --> 00:07:50,910 if you want to. 67 00:07:50,900 --> 00:07:52,490 You can always edit the scripts. 68 00:07:52,500 --> 00:07:54,730 You can review them make change it. 69 00:07:54,940 --> 00:08:02,600 For example if we are looking for DNS related scripts we just need to type in the command line. 70 00:08:42,800 --> 00:08:47,160 Current NSC scripts are available at any map dot org. 71 00:08:48,510 --> 00:08:55,790 You can view all scripts and usage patterns at this address and that dot org. 72 00:08:55,910 --> 00:09:05,570 And as a doc so in map since NSC is open source it's constantly updated. 73 00:09:05,600 --> 00:09:10,690 Therefore it is necessary to update the script database before scanning with scripts. 74 00:09:10,690 --> 00:09:10,880 Yeah 75 00:09:46,310 --> 00:09:50,200 so to do this you just run the command script update. 76 00:09:52,770 --> 00:09:56,360 Now there are a few parameters to use in the script within map. 77 00:09:58,110 --> 00:10:01,480 And I'll show you a few of them and map. 78 00:10:01,490 --> 00:10:09,940 See if we only use the SC parameter and map scans for each IP in port with scripts defined in the default 79 00:10:09,940 --> 00:10:12,380 category and map. 80 00:10:12,420 --> 00:10:12,850 Script. 81 00:10:12,860 --> 00:10:14,170 Script name target. 82 00:10:15,010 --> 00:10:22,200 So in this case and map will scan with the specified script so if you want to get help with a script 83 00:10:22,890 --> 00:10:25,640 we can use and map script help. 84 00:10:25,740 --> 00:10:33,390 Script name and map scripts can be used with other parameters as well with a script that we use here 85 00:10:33,420 --> 00:10:42,570 must be compatible with the service that we scan might not seem obvious but so let's write a few examples 86 00:10:42,570 --> 00:10:44,370 of any map commands. 9969