From SecWiki
Jump to: navigation, search

Nmap videos and slides

The purpose of this page is to collect all Nmap related presentations.


Nmap: Scanning the Internet

Author: Fyodor (@nmap)

Location:Black Hat and Defcon 2008


The Nmap Security Scanner was built to efficiently scan large networks, but Nmap's author Fyodor took this to a new level by scanning millions of Internet hosts during the Summer of 2008 as part of the Worldscan project. In this presentation given at the Black Hat Briefings and Defcon (August 2008), he presents the most interesting findings and empirical statistics from these scans, along with practical advice for improving your own scan performance. An overview of new Nmap features is also provided, including the Nmap Scripting Engine, Zenmap UI, new performance options, Ncat, and Ndiff. Most of these features are now available in Nmap 4.75 and later

Video: http://vimeo.com/1701091

Advanced network scanning with nmap 6

Author: Henri

Location:Libre Software Meeting 2012, Geneva


Nmap version 6 was released in March 2012. In this talk, I present the project, its development and some of the cool features of Nmap 6.

Slides: http://schedule2012.rmll.info/IMG/pdf/2012_rmll_nmap.pdf

Nmap Scripting Engine

Mastering the Nmap Scripting Engine

Author: Fyodor (@nmap) and David Fifield

Location: Defcon & Black Hat USA 2010


Rather than give a dry overview of NSE, Fyodor and Nmap co-maintainer David Fifield demonstrate practical solutions to common problems. They have scanned millions of hosts with NSE and discuss vulnerabilities found on enterprise networks and how Nmap can be used to quickly detect those problems on your own systems. Then they demonstrate how easy it is to write custom NSE scripts by writing one from scratch and using it to hack a webcam.

Video: http://vimeo.com/15655756

Nmap NSE Hacking for IT Security Professionals

Author: Marc Ruef (@mruef)

Location:Hashdays 2010


Nmap is without doubt one of the most important tools in security testing. Initially developed as portscanner, the introduction of NSE (Nmap Scripting Language) enhanced the software heavily. NSE scripts allow to create additional tests, which may provide the functionality of a vulnerability scanner. Basic data collected by nmap and additional network requests can be used to determine software products and security flaws. The talk is discussing the possibilities of NSE scripting, the improvement of professional scanning (with a customer-based example) and current development in the field of NSE programming (my httprecon-nse port and vulscan module). Administrators and auditors will see the their benefits of automated testing.

Slides: https://www.hashdays.ch/assets/files/slides/ruef_nmap_nse_hacking.pdf

Video: http://www.youtube.com/watch?v=cHzS4L7_C3s&feature=player_embedded

Nmap NSE

Author: Paulino Calderon (@calderpwn)

Location: Reunión de la Comunidad Underground de México

Abstract: Overview of Nmap NSE, examples of usage and how to write your own NSE scripts.

Language: Spanish

Slides: https://github.com/cldrn/nmap-nse-scripts/raw/master/workshops/nmap-nse.odp

Advanced Nmap Scripting: Make Nmap work for you!

Author: Ron Bowes (@iagox86)

Location: Derbycon (Louisville, Kentucky)

Date: October 2, 2011


The Nmap Scripting Engine, or NSE, has brought Nmap's power to an unprecedented level. More than just a portscanner, Nmap's Scripting Engine has the speed and power to scan thousands of hosts in parallel, quickly and with amazing results. Whether building packets from the ground up (such as probing DHCP or finding sniffers) or using high-level protocols (such as MSRPC or AFS), NSE makes it easy. In this highly technical presentation, the audience will be introduced to some interesting NSE scripts, be shown in detail how they work, and learn how to write their own from scratch. Learn how to make Nmap work for you!

Nmap Scripting Engine introduction with http-enumeration

Author: Robert Rowley (@iamlei)

Location: Toorcon San Diego, CA

Date: October 11, 2011


This fast talk (18 minutes) covers the basics of the nmap scripting engine, the lua programming language and detail how the http-enum script can easily turn nmap into a web application version identifier, web vulnerability scanner, and more. It goes over my experience with NSE and how fast it was to get started and have valid contributions to the NMAP projects.

It will be presumed the audience is already familiar with nmap, HTTP, and some sort of object oriented programming.

Slides: http://runfrom.us/nse-http-enumeration.odp

Video: http://vimeo.com/30407522

Nmap Scripting Engine

Author: Hani Benhabiles (@kroosec)

Location: BSides Algiers (Algiers, Algeria)

Date: May 5, 2012

Abstract: This presentation is about the Nmap Scripting Engine commonly known as NSE, why was it added, its scripts general architecture, some already powerful and useful scripts that already ship with Nmap and how one can easily extend Nmap by writing a script from scratch.

Slides: http://www.slideshare.net/Shellmates/bsides-algiers-nmap-scripting-engine-hani-benhabiles