On This Page

Automating Exploitation with Nmap Scripting Engine

Josh Amishav-Zlatin | July 24-25


The Nmap Scripting Engine (NSE) is one of Nmap's most under-used and misunderstood features. Whether your probing a DNS server, brute-forcing SNMP or exploiting the latest CVE vulnerability via MSRPC, NSE makes automating vulnerability scanning easy. It doesn't matter if you're a defender, attacker, or something in between, Nmap NSE will save you time and let you focus your energy on issues that can't be automated.

Course Syllabus:

Day 1:
  • Nmap and NSE
  • Lua Primer
  • NSE Script Internals
  • Applications of NSE
  • NSE Data Files
  • Advanced Network Reconnaissance
  • Automating Advanced Brute Force Attacks

Day 2
  • Formatting Output
  • Binary Data and Network Sockets
  • Raw Packet Manipulation
  • Parallelism in Nmap
  • Vulnerability Scanning Using NSE
  • Advanced Lua Exploit Development
  • Capture the Flag

Who Should Take this Course

Pen Testers, Security Team Members, System Administrators.

Student Requirements

To get the most out of this course, participants should have a reasonable understanding of Linux and Windows command line concepts as well as a basic understanding of programming concepts.

What Students Should Bring

  • A working laptop (Windows, Mac or Linux) to run a 64-bit VMware VM
  • MINIMUM 2048 MB RAM required.
  • Wired network adapter
  • 20 GB free Hard disk space
  • VirtualBox Installed

What Students Will Be Provided With

  • Student Virtual Machine
  • Lab instructions and solutions


Josh Amishav-Zlatin is a security researcher focused on exploit development, penetration testing and web application defense. At his day job, he develops customized exploits based on the Nmap Script Engine to help clients integrate continuous security checks within their networks. Josh also develops specialized Modsecurity rulesets to quickly patch vulnerabilities discovered during pen testing engagements. He has over 15 years of experience in the IT security industry, working with both financial and government clients to help secure their critical applications.