Building Custom Scans for Real World Enterprise Network


Date
Event
Location
Goa, India

Pentesters largely uses Nmap. Some uses it very smartly way beyond than a port scanner. The rich set of scripts called as NSEs made this scanner an inevitable tool in a pentesters box. This allows you to use Nmap for vulnerability discovery, exploitation and a lot more other things as well. This research is a tool to develop Nmap script more effectively. It makes necessary environment for the Nmap script development based on the underlying OS. The current challenges in developing Nmap Script are following:

  • Most of the cases, development happens in generic console editor which don’t understand LUA and Nmap library in one code window
  • The syntax needs to be referred in respective wiki of Nmap NSE and LUA
  • Debugging custom NSE code needs to be specified with a lot more nmap options

Halcyon gives following features to overcome above-mentioned challenges and beyond.

  • It can understand both LUA and Nmap library
  • Allows code completion
  • Easily builder as it supports LUA and NSE syntax highlighting
  • One click debug and run. Lot of debugging switches can be set through the GUI.
  • Easy navigation to scripts and related libraries. This allows a script writer to modify existing libraries, data files, wordlist etc.