```bash sudo nmap -sC target_ip_addr #performs default NSE scripts sudo nmap --script <category> target_ip_addr #performs specific NSE script category sudo nmap --script <script_name>, <script_name>, ... target_ip_addre #performs list of defined scripts ``` | Category | Description | | --------- | ------------------------------------------------------------------------------- | | auth | determination of authentication creds | | broadcast | used for host discovery by broadcasting | | brute | executes scripts that try to login to respective service by brute-forcing creds | | default | default scripts using `-sC` option | | discovery | evaluation of accessible services | | dos | used to check services fore DOS vulns; **warning:** may harm services | | exploit | used to exploit known vulns for scanned ports | | external | use external services for further processing | | fuzzer | identifies vulns and unexpected packet handling by sending different fields | | intrusive | intrusice scripts that may harm target | | malware | checks is some malware infects target system | | safe | defensive scripts that do not perform intrusive or destructive access | | version | extension of service detection | | vuln | identification of specific vulns | ## example defined scripts - banner - smtp-commands