What Are the Script Categories in Nmap Scripting Engine?


Scott Campbell

The Nmap Scripting Engine is a powerful tool that allows users to automate and extend the functionality of Nmap, the popular network scanning tool. With the help of scripts, users can perform a wide range of tasks, from detecting vulnerabilities to gathering information about network devices.

When it comes to scripting in Nmap, scripts are organized into different categories based on their functionality. These categories provide an easy way to navigate and find the right script for a specific task. Let’s dive into each category and explore what they have to offer:

1. auth
This category includes scripts related to authentication mechanisms.

These scripts can be used to test different authentication methods, such as HTTP basic and NTLM authentication. They are useful for identifying misconfigurations or vulnerabilities related to authentication.

2. broadcast
Scripts in this category are designed to send broadcast messages across the network and analyze the responses. They can be used to discover hosts that respond to certain broadcast messages or gather information about network services running on those hosts.

3. brute
As the name suggests, this category focuses on brute-force attacks.

The scripts included here can be used to test weak or default passwords on various services, such as FTP, Telnet, SSH, and more. It’s important to note that brute-forcing without proper authorization is illegal and unethical.

4. default
The default category contains scripts that are enabled by default when running Nmap scans with script scanning enabled (-sC). These scripts cover a wide range of tasks, including service discovery, vulnerability detection, and information gathering.

5. discovery
Scripts in this category are specifically designed for host discovery purposes. They help identify active hosts on a given network by using different techniques like ICMP echo requests, ARP requests, or even SNMP queries.

6. dos
Denial-of-Service (DoS) attacks can have a devastating impact on network resources.

The scripts in this category test the vulnerability of a network device to various types of DoS attacks, such as ICMP flood, SYN flood, or UDP flood. It’s important to use these scripts responsibly and only on authorized systems.

7. exploit
Exploit scripts are used to identify vulnerabilities in specific services or applications and exploit them to gain unauthorized access or perform other malicious activities. These scripts should only be used for ethical hacking and penetration testing with proper authorization.

8. external
This category includes scripts that interact with external APIs or web services. They can be used to gather information from popular web services like Google, Shodan, or VirusTotal, providing valuable insights into the Target infrastructure.

9. fuzzer
Fuzzing is a technique used to find software vulnerabilities by sending random or malformed data as input. Scripts in this category automate the process of fuzzing and help identify potential weaknesses in network services.

These are just a few of the many categories available in the Nmap Scripting Engine. Each category contains multiple scripts that can be combined and customized for specific scanning needs. By leveraging the power of scripting, users can extend Nmap’s capabilities and perform advanced network reconnaissance tasks efficiently.

In conclusion, understanding the different script categories in the Nmap Scripting Engine is essential for maximizing its potential. Whether you’re looking to discover hosts, test authentication mechanisms, detect vulnerabilities, or automate various tasks, there’s a script category tailored to your needs. However, it’s crucial to use these scripts responsibly and ethically while respecting privacy and legal boundaries.

  • Auth – Scripts for testing authentication mechanisms
  • Broadcast – Scripts for sending broadcast messages across the network
  • Brute – Scripts for brute-forcing weak passwords
  • Default – Scripts enabled by default for script scanning
  • Discovery – Scripts for host discovery
  • DoS – Scripts for testing denial-of-service vulnerabilities
  • Exploit – Scripts for identifying and exploiting vulnerabilities
  • External – Scripts that interact with external APIs or web services
  • Fuzzer – Scripts for fuzzing network services to find vulnerabilities


The Nmap Scripting Engine’s script categories provide a convenient way to organize and navigate the vast number of scripts available. By understanding the purpose of each category, users can efficiently leverage the power of scripting to automate tasks, detect vulnerabilities, and gather valuable information about network devices. Remember to use these scripts responsibly and ethically, adhering to legal boundaries and obtaining proper authorization before performing any scanning or testing activities.

Discord Server - Web Server - Private Server - DNS Server - Object-Oriented Programming - Scripting - Data Types - Data Structures

Privacy Policy