Phil Young - Improving Nmap by Writing New Scripts and Libraries

Max Class Size: 30

Abstract:

Does anyone know how old Nmap is? If you guessed 20 years old, you’d be wrong! It’s been around since 1997 when it was first released in Phrack magazine. Since the beginning, it's been through multiple iterations and an entire community has developed around it. One of the most important additions to Nmap was the ability to add custom scripts. Changing Nmap from a simple port scanner to the swiss army knife of network scanners. Oftentimes, when zero days pop up, someone will write an nmap script to identify vulnerable servers within minutes. If you’ve ever wondered how people write Nmap scripts, what it would take to write your own and how you can use them, this workshop is for you.

Attendees in this workshop will learn how to understand and update the Nmap probe file, how to write Lua scripts (which Nmap scripting uses), how to write Nmap scripts to supplement the probe file, interact with custom services and ultimately write multiple Nmap scripts to do fun stuff with ports. Once attendees have a firm grasp of the Nmap scripting engine they will be introduced to writing Nmap libraries for use by their various scripts. This workshop contains many instructor lead labs so that attendees can see their code in action. To make this workshop worthwhile, a custom service running on a port has been created which the labs will allow you to probe and identify as the course goes on.

Nmap is the workhorse behind the scenes for so many pentesters, but the resources for writing scripts are limited. The hope is that by offering this workshop, more people will be able to write Nmap scripts for the betterment of all hackingkind.

Skill Level: Beginner

Prerequisites for students: Some basic understanding of how to write code (python, C, Lua, etc), how to use the Linux command line.

Materials or Equipment students will need to bring to participate: A laptop capable of running a linux VM

Bio:

Philip Young, aka Soldier of FORTRAN, is a leading expert in all things mainframe hacking. Having spoken and taught at conferences around the world, including DEFCON, RSA, BlackHat and keynoting at both SHARE and GSE Europe, he has established himself as the thought leader in mainframe penetration testing. Since 2013 Philip has released tools to aid in the testing of mainframe security and contributed to multiple opensource projects including Nmap, allowing those with little mainframe capabilities the chance to test their mainframes. He created the Nmap TN3270 library which enabled Nmap to scan and fingerprint z/OS mainframes and SNA networks. His hope is that through education others will create new libraries and scripts to force corporations to fix their shit.