Building Custom Scans for Real World Enterprise Network
Pentesters largely uses Nmap. Some uses it very smartly way beyond than a port scanner. The rich set of scripts called as NSEs made this scanner an inevitable tool in a pentesters box. This allows you to use Nmap for vulnerability discovery, exploitation and a lot more other things as well. This research is a tool to develop Nmap script more effectively. It makes necessary environment for the Nmap script development based on the underlying OS. The current challenges in developing Nmap Script are following:
- Most of the cases, development happens in generic console editor which don’t understand LUA and Nmap library in one code window
- The syntax needs to be referred in respective wiki of Nmap NSE and LUA
- Debugging custom NSE code needs to be specified with a lot more nmap options
- Halcyon gives following features to overcome above-mentioned challenges and beyond.
It can understand both LUA and Nmap library
- Allows code completion
- Easily builder as it supports LUA and NSE syntax highlighting
- One click debug and run. Lot of debugging switches can be set through the GUI.
- Easy navigation to scripts and related libraries. This allows a script writer to modify existing libraries, data files, wordlist etc.