nerdexam
EC-Council

312-50V11 · Question #260

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?

The correct answer is C. NMAP scripting engine. Nmap extends its capabilities into vulnerability scanning through its own built-in Nmap Scripting Engine (NSE), which provides scripts targeting protocols like SMB, HTTP, and FTP.

Vulnerability Analysis

Question

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?

Options

  • AMetasploit scripting engine
  • BNessus scripting engine
  • CNMAP scripting engine
  • DSAINT scripting engine

How the community answered

(29 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    90% (26)
  • D
    3% (1)

Why each option

Nmap extends its capabilities into vulnerability scanning through its own built-in Nmap Scripting Engine (NSE), which provides scripts targeting protocols like SMB, HTTP, and FTP.

AMetasploit scripting engine

Metasploit has its own separate scripting and module framework; it is not integrated into or used by Nmap for scanning.

BNessus scripting engine

Nessus uses its own proprietary Nessus Attack Scripting Language (NASL) engine, which is entirely separate from Nmap and not callable by it.

CNMAP scripting engineCorrect

The Nmap Scripting Engine (NSE) is Nmap's native scripting framework that allows users to write and run Lua-based scripts to automate a wide range of network tasks including vulnerability detection. NSE includes script categories such as 'vuln' and 'exploit' with ready-made scripts for services like SMB (e.g., ms17-010), HTTP, and FTP, making it the correct resource for extending Nmap into a basic multi-vector vulnerability scanner.

DSAINT scripting engine

SAINT (Security Administrator's Integrated Network Tool) is an independent commercial vulnerability scanner with its own engine that has no integration with Nmap.

Concept tested: Nmap Scripting Engine for vulnerability scanning

Source: https://nmap.org/book/nse.html

Topics

#NMAP scripting engine#NSE#vulnerability scanning#SMB HTTP FTP vectors

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice