MS17-010 Vulnerability - Scanning using NMAP on KALI Linux

MS17-010 is a severe SMB Server vulnerability affecting all Windows operating systems, which was made public in March 2017. It allows remote code execution on the victim computer and was exploited by WannaCry, Petya and Bad Rabbit Ransomware (and many other...)
For more information, check the Microsoft Security Bulletin MS17-010:

Nmap ("Network Mapper") is a free and open source license utility for network discovery and security auditing, which is installed by default on Kali Linux.
Check the NMAP website for more information:

NMAP Scripting Engine (or NSE) allows users to write scripts for NMAP and share them.
NSE scripts can be used for network discovery, vulnerability detection, vulnerability exploitation, OS version detection, Backdoor detection and so on ...
For more information on NSE, check the links below:

In the video below we will use NMAP and a NSE script called "smb-vuln-ms17-010", in order to identify computers affected by the MS17-010 vulnerability.

List of commands used during this video:
nmap --script-updatedb
This command updates the NSE scripts.
locate *.nse
This command displays a full path-name list of NSE scripts (files having "nse" extension).
locate *vuln*.nse
This command displays a full path-name list of NSE scripts which contain the string "vuln" into the name. (These are scripts used for vulnerability detection)
nmap -v -p445 --script smb-vuln-ms17-010 <IP_Address or IP_Range>
This commands scans an IP address or an IP range of addresses on port 445 (SMB Server port), using the "smb-vuln-ms17-010" NSE script. The "-v" option increases the verbosity level.

Check also my other post on detecting the MS17-010 vulnerability by using Metasploit.


Popular Posts

MS17-010 Vulnerability - Using EternalBlue exploit module in Metasploit

Generating shellcode - using msfvenom to generate a binary payload

MS17-010 Vulnerability - Scanning using Metasploit on KALI Linux