1 00:00:00,300 --> 00:00:06,750 ‫In the end, map lectures, we have seen no port scan, also known as ping scan, different ways of 2 00:00:06,750 --> 00:00:14,010 ‫scanning ports since scan, also known as half open scanning TCP scan, also known as TCP Connect Scan, 3 00:00:14,730 --> 00:00:20,640 ‫UDP, scan service and version detection and operating system detection. 4 00:00:21,650 --> 00:00:28,970 ‫Now let's deep dive and then map the map scripting engine, or NSC, is one of the maps most powerful 5 00:00:28,970 --> 00:00:35,030 ‫and flexible features, it allows users to write simple scripts to automate a wide variety of networking 6 00:00:35,030 --> 00:00:35,480 ‫tasks. 7 00:00:36,050 --> 00:00:40,990 ‫Now, those scripts are then executed in parallel with the speed and efficiency you would expect from 8 00:00:41,000 --> 00:00:41,120 ‫end. 9 00:00:41,750 --> 00:00:48,200 ‫Users can rely on the growing and diverse set of scripts distributed within MAP or write their own to 10 00:00:48,200 --> 00:00:49,610 ‫meet customer needs. 11 00:00:50,650 --> 00:00:52,120 ‫So I'll show you a couple of things here. 12 00:00:52,570 --> 00:00:57,820 ‫Scripts are written in the embedded LUA programming language version five DOT three. 13 00:00:59,150 --> 00:01:05,840 ‫And as he is activated with the S uppercase Casey option or script, if you wish to specify a custom 14 00:01:05,840 --> 00:01:13,310 ‫set of scripts and results are integrated into unmap normal and XML output, the default place of unmap 15 00:01:13,320 --> 00:01:19,130 ‫embedded scripts is user share and map scripts. 16 00:01:20,800 --> 00:01:27,670 ‫And as he was designed to be versatile with the following tasks in mind, network discovery, now this 17 00:01:27,670 --> 00:01:30,340 ‫is the most powerful part of unmap, right? 18 00:01:30,520 --> 00:01:37,660 ‫Examples include looking up who is data based on the target domain, querying ripe for the target IP 19 00:01:37,660 --> 00:01:43,930 ‫to determine ownership, S&P queries and listing available SMB shares and services. 20 00:01:44,770 --> 00:01:46,780 ‫More sophisticated version detection. 21 00:01:47,660 --> 00:01:53,090 ‫The unmap version detection system is able to recognize thousands of different services through its 22 00:01:53,090 --> 00:01:58,610 ‫probe and regular expression, signature based matching system, but it cannot recognize everything. 23 00:01:58,940 --> 00:02:05,600 ‫For example, identifying the Skype version to service requires two independent probes which version 24 00:02:05,600 --> 00:02:08,030 ‫detection isn't flexible enough to handle. 25 00:02:08,540 --> 00:02:14,840 ‫And Map could also recognize more S&P services, if it's right, a few hundred different community names 26 00:02:14,840 --> 00:02:15,730 ‫by brute force. 27 00:02:16,250 --> 00:02:21,410 ‫But neither of these tasks are well suited to traditional and mapped version detection. 28 00:02:21,710 --> 00:02:25,340 ‫But both are easily accomplished with NFC. 29 00:02:26,850 --> 00:02:28,440 ‫Vulnerability detection. 30 00:02:29,350 --> 00:02:35,080 ‫When a new vulnerabilities discovered, you often want to scan your networks, quickly, identify vulnerable 31 00:02:35,080 --> 00:02:44,470 ‫systems before the bad guys do, while in MAP isn't a comprehensive vulnerability scanner, NFC is powerful 32 00:02:44,470 --> 00:02:47,740 ‫enough to handle even demanding vulnerability checks. 33 00:02:48,750 --> 00:02:54,960 ‫Remember when the Heartbleed bug affected hundreds of thousands of systems worldwide and maps developers 34 00:02:54,960 --> 00:03:01,320 ‫responded with the SSL Heartbleed detection script within just under two days. 35 00:03:02,810 --> 00:03:04,310 ‫Back door detection. 36 00:03:05,290 --> 00:03:10,510 ‫Many attackers in some automated worms live back doors to enable later entry. 37 00:03:11,080 --> 00:03:15,880 ‫Some of these can be detected by an MABS regular expression based version detection. 38 00:03:16,240 --> 00:03:23,110 ‫But more complex worms and back doors require Nessie's advanced capabilities to reliably detect them. 39 00:03:24,550 --> 00:03:26,770 ‫Vulnerability, exploitation. 40 00:03:28,310 --> 00:03:34,190 ‫As a general scripting language, NSC can even be used to exploit vulnerabilities rather than just find 41 00:03:34,190 --> 00:03:34,370 ‫them. 42 00:03:34,370 --> 00:03:39,290 ‫But of course, it's not as powerful as exploit frameworks such as Métis Boy.