# Nmap Scripts

## Find Scripts

Find script related to a service your interested in, example here is ftp

```
locate .nse | grep [port name]

Example: 
locate .nse | grep ftp
```

```
ls /usr/share/nmap/scripts | grep smb
```

Typically NSE scripts that scans for vulnerabilities are at

```
ls -l /usr/share/nmap/scripts/
```

* you can use this scripts with `--script=<ScriptName>` ,
* it also support wildcard entries

## Help manual for scripts

What does a script do?

```
nmap --script-help [script name]

Example:
nmap --script-help ftp-anon
```

## Vulnerability Scanning

We can scan for vulnerability Scanning nmap scripts:

```
nmap --script vuln [ip target]
```

## Scan With All Scripts

&#x20;Scan a target using all NSE scripts. May take an hour to complete.

```
nmap -p 80 --script=all [ip target]
```

```
nmap -p 80 --script=*vuln* [ip target]
# Scan a target using all NSE vuln scripts.
```

```
nmap -p 80 --script=http*vuln* [ip target]
# Scan a target using all HTTP vulns NSE scripts.
```

## Scan with particular Script

```
nmap -p 21 --script=ftp-anon [ip target]/24
# Scan entire network for FTP servers that allow anonymous access.
```

## Scan entire network with script

```
nmap -p 80 --script=http-vuln-cve2010-2861 [ip target]/24
# Scan entire network for a directory traversal vulnerability. It can even retrieve admin's password hash.
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gabb4r.gitbook.io/oscp-notes/nmap-scripts.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.