200 CHAPTER 7 Scanner scripting activities in a penetration test, without necessarily needing to resort to additional tools. In particular, Netcat, Nmap, and Nessus/OpenVAS are a few of the tools that lend themselves well to this type of customization and/or automation. We can alter or add to the behavior of Nmap through the use of Lua scripts with relative ease via the Nmap Scripting Engine (NSE). NSE scripts can allow us to add entirely new functionality to Nmap, for example, the variety of password brute forcing tools/scripts that ship with it, but are not a part of its core functionality. The output from Nmap can also be used to drive other tools as a source of input, where those tools do not have such functionality on their own. Nessus and OpenVAS also lend themselves well to customization through the use of the Nessus Attack Scripting Language (NASL). NASL, very similarly to NSE, allows us to alter the functionality of Nessus and OpenVAS, or add new functionality to them entirely. Netcat, although not directly alterable without making changes to the source code of the application itself, is sufficiently versatile as to be most useful from a scripting standpoint. We can easily control Netcat through shell scripting, such as we might do in a bash shell. Netcat can allow us to send files, run simple network services, forward ports, and a great number of other similar tasks. Netcat is truly the Swiss Army knife of all TCP/IP tools. Endnotes [1] Lyon G. Nmap-service-probes file format. Nmap.org. [Online] 2011. [Cited: April 17, 2011.] http://nmap.org/book/vscan-fileformat.html. [2] Lyon G. NSE Libraries. Nmap.org. [Online] 2011. [Cited: April 19, 2011.] http://nmap. org/book/nse-library.html. [3] Tenable Network Security. Plugins. Tenable Network Security. [Online] 2011. [Cited: April 17, 2011.] www.nessus.org/plugins/.