nerdexam
EC-Council

312-50V10 · Question #260

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?

The correct answer is C. NMAP scripting engine. The NMAP Scripting Engine (NSE) is the built-in feature that extends NMAP into a multi-protocol vulnerability scanner covering services like SMB, HTTP, and FTP.

Vulnerability Analysis

Question

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?

Options

  • AMetasploit scripting engine
  • BNessus scripting engine
  • CNMAP scripting engine
  • DSAINT scripting engine

How the community answered

(19 responses)
  • A
    5% (1)
  • B
    5% (1)
  • C
    89% (17)

Why each option

The NMAP Scripting Engine (NSE) is the built-in feature that extends NMAP into a multi-protocol vulnerability scanner covering services like SMB, HTTP, and FTP.

AMetasploit scripting engine

Metasploit uses its own independent module and scripting framework for exploitation and is a separate tool not integrated into NMAP.

BNessus scripting engine

Nessus uses its own proprietary scripting language NASL and operates as a standalone scanner; it has no scripting integration with NMAP.

CNMAP scripting engineCorrect

The NMAP Scripting Engine (NSE) is a native NMAP component that enables users to run Lua-based scripts against discovered hosts and services. NSE ships with hundreds of scripts targeting specific protocols including SMB, HTTP, and FTP to detect known vulnerabilities and misconfigurations. This transforms NMAP from a port scanner into a basic vulnerability scanner without requiring any external product.

DSAINT scripting engine

SAINT is an independent commercial vulnerability scanner with its own engine and has no scripting relationship with NMAP.

Concept tested: NMAP Scripting Engine (NSE) for multi-vector vulnerability scanning

Source: https://nmap.org/book/nse.html

Topics

#NMAP scripting engine#NSE#vulnerability scanning#SMB HTTP FTP scanning

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice