Handy Nmap Scripts

FlagWhat Does it Do?Why Does that Matter?When to Use it? Purpose
Checks the host for SMBv1 signing
If SMB signing is not enabled & required it suggests the host is vulnerable to pass-the-hash attacks
When you see p137, 445 or if there is NBNS/LLMNR traffic on the network
Vulnerability Analysis
Checks the host for SMBv2 signing
If SMB signing is not enabled & required it suggests the host is vulnerable to pass-the-hash attacks
When you see p137, 445 or if there is NBNS/LLMNR traffic on the network
Vulnerability Analysis
Fingerprints specifics about SMB versions
Older versions of SMB are riddled with RCE vulnerabilities (i.e, Eternal Blue)
When analyzing Windows server infrastructure
Vulnerability Analysis
Basic vulnerability scanning against the vulners.com database
You can obfuscate this much more than something like OpenVas
When you have a large amount of data to analyze and need to automate the research process
Vulnerability AnalysisQuality of Life
Enumerates the specific version and build of on prem MS exchange servers
Older exchange servers have several significant exploits available
Anytime you see on prem exchange
Vulnerability Analysis
Enumerates network file shares on a host
It may be possible to mount those shares and parse through potentially sensitive data
When you see p2049
Vulnerability Analysis
Identified instances of Jenkins on the network
Older version of Jenkins have tons of vulnerabilities
As part of initial attack surface analysis
Host DiscoveryVulnerability Analysis