Summary  
This chapter explains how to extend a core application’s capabilities by using Lua-based code modules organized into functional categories, and how to select and execute these modules via command-line options for targeted tasks.  

General domain of usage  
Network security scanning.

**Video description:** This video demonstrates how to use the Nmap Scripting Engine (NSE) to enhance your network scans. You will see how to select and run different categories of NSE scripts, interpret their output, and apply them for both reconnaissance and vulnerability assessment.

The **Nmap Scripting Engine (NSE)** is one of Nmap's most powerful features, allowing you to automate a wide range of network discovery and security tasks. NSE scripts extend Nmap’s core functionality, making it possible to perform advanced reconnaissance, vulnerability detection, and even exploitation in some cases. 

NSE scripts are organized into categories based on their intended purpose, such as `discovery` for gathering information about hosts and services, `vuln` for checking known vulnerabilities, and `safe` for scripts that are unlikely to disrupt the target. Other categories include `default`, which contains scripts considered both useful and non-intrusive, and `auth`, `intrusive`, `malware`, and more. 

By selecting scripts from these categories, you can tailor your scans to suit your specific objectives and risk tolerance.

NSE scripts are written in the Lua programming language and are executed by Nmap during a scan. Each script is designed to interact with network services in a specific way, such as probing for additional service details, testing for vulnerabilities, or gathering information that standard scanning techniques might miss. You should use NSE scripts when you want to go beyond simple port and service detection—for example, when you want to identify known security issues, enumerate users, or retrieve banner information. NSE scripts can be run individually, by category, or as part of a default set, providing flexibility and depth to your scanning process. Choosing the right scripts helps you balance thoroughness with stealth and safety, ensuring you gather the information you need without causing unnecessary disruption to the target.

```
# Example: Running the default NSE scripts on a target host
# This command uses Nmap to scan 192.168.1.1 and executes all scripts in the "default" category

# Command to run in your terminal:
nmap --script=default 192.168.1.1
```

The `--script=default` option tells Nmap to run all scripts classified as "default," which typically includes scripts that are both **safe** and **useful** for additional information gathering. These scripts might check for common vulnerabilities, enumerate services, or collect metadata, providing you with a richer set of scan results than a basic port scan alone. Using this option is a great way to enhance your reconnaissance without taking on the risk of running more aggressive or intrusive scripts.

What is the purpose of the --script option in Nmap?

A comprehensive theoretical course on using Nmap for network enumeration, covering host discovery, port scanning, service and OS detection, NSE scripting, and practical reconnaissance techniques. Designed for cybersecurity learners seeking to master Nmap's capabilities through clear explanations, command examples, and real-world scenarios.

This section introduces the concept of network enumeration, its importance in cybersecurity, and provides a foundational understanding of Nmap, its features, and basic usage.

This section delves into advanced host discovery methods, port scanning strategies, and practical command usage for effective reconnaissance.

This section covers advanced Nmap features for service enumeration, operating system detection, and the use of Nmap Scripting Engine (NSE) for in-depth reconnaissance.

Using Nmap Scripting Engine (NSE)