312-50V10 · Question #260
Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?
The correct answer is C. NMAP scripting engine. The NMAP Scripting Engine (NSE) is the built-in feature that extends NMAP into a multi-protocol vulnerability scanner covering services like SMB, HTTP, and FTP.
Question
Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?
Options
- AMetasploit scripting engine
- BNessus scripting engine
- CNMAP scripting engine
- DSAINT scripting engine
How the community answered
(19 responses)- A5% (1)
- B5% (1)
- C89% (17)
Why each option
The NMAP Scripting Engine (NSE) is the built-in feature that extends NMAP into a multi-protocol vulnerability scanner covering services like SMB, HTTP, and FTP.
Metasploit uses its own independent module and scripting framework for exploitation and is a separate tool not integrated into NMAP.
Nessus uses its own proprietary scripting language NASL and operates as a standalone scanner; it has no scripting integration with NMAP.
The NMAP Scripting Engine (NSE) is a native NMAP component that enables users to run Lua-based scripts against discovered hosts and services. NSE ships with hundreds of scripts targeting specific protocols including SMB, HTTP, and FTP to detect known vulnerabilities and misconfigurations. This transforms NMAP from a port scanner into a basic vulnerability scanner without requiring any external product.
SAINT is an independent commercial vulnerability scanner with its own engine and has no scripting relationship with NMAP.
Concept tested: NMAP Scripting Engine (NSE) for multi-vector vulnerability scanning
Source: https://nmap.org/book/nse.html
Topics
Community Discussion
No community discussion yet for this question.