This chapter introduced the NSE, which can be one of the most useful, versatile, and engaging features of the Nmap tool suite. We should now be able to launch scans that do more than just port and service versions—Nmap scripts can actually interact with the services listening, and in some cases can even exploit vulnerabilities!

In this chapter, we covered the history of the NSE, how NSE works, how to find existing scripts to use, and how to run scripts using the NSE.

In the next chapter, we will learn how to write a basic Nmap script using Lua. Although many, many scripts already exist for a huge variety of tasks, custom in-house uses may require writing one of our own.