Top 25 Nmap NSE Scripts Every Ethical Hacker Should Know in 2025!

Nmap's NSE (Nmap Scripting Engine) is one of the most powerful tools in a cybersecurity professional's arsenal. With over 600 built-in scripts, NSE allows ethical hackers to automate information gathering, vulnerability detection, brute force attacks, and service enumeration.

Below are the top 25 NSE scripts that are essential for every ethical hacker and penetration tester in 2025.

Top 25 NSE Scripts:

1. http-enum – Enumerates common web paths and directories
2. http-vuln-cve2006-3392 – Checks for vulnerable versions of PHP
3. ftp-anon – Checks for anonymous FTP login access
4. ssh-brute – Attempts SSH password brute-force
5. dns-brute – Performs DNS subdomain brute-forcing
6. smb-os-discovery – Gathers OS info over SMB
7. smb-vuln-ms17-010 – Detects EternalBlue vulnerability
8. vulners – Integrates vulnerability database scan
9. default – Runs a set of default scripts (safe for reconnaissance)
10. rdp-enum-encryption – Analyzes RDP encryption methods
11. http-title – Grabs the title of a web page
12. mysql-empty-password – Detects empty MySQL root passwords
13. smtp-open-relay – Checks if SMTP is an open relay
14. snmp-info – Collects SNMP system info
15. rdp-ntlm-info – Gathers NTLM hash and OS info from RDP
16. http-headers – Displays HTTP response headers
17. ssl-cert – Extracts SSL certificate information
18. ssl-enum-ciphers – Lists SSL supported ciphers
19. http-auth – Detects HTTP authentication methods
20. ssh-hostkey – Retrieves SSH host keys
21. http-methods – Enumerates supported HTTP methods (e.g., PUT, DELETE)
22. http-vuln-cve2014-3704 – Drupal SQL injection vulnerability
23. http-slowloris – Checks for DoS Slowloris vulnerability
24. http-dombased-xss – Tests for DOM-based XSS vulnerabilities
25. imap-capabilities – Checks available IMAP capabilities

Script Categories in NSE:

Nmap scripts are categorized as:

• auth – Authentication bypass or brute-force
• broadcast – Discovery of hosts and services
• default – Default set of safe recon scripts
• discovery – Gather more data about target
• exploit – Exploit known vulnerabilities
• external – Rely on external resources
• fuzzer – Test services for unexpected behavior
• intrusive – May be detectable and risky
• malware – Detect signs of malware
• vuln – Identify known vulnerabilities

NSE Script Path (Linux):

/usr/share/nmap/scripts/

 Pro Tip:

Use nmap --script-updatedb after adding new scripts to update the NSE script database.

Final Words

Knowing how to use these top NSE scripts gives you a massive edge in penetration testing and vulnerability assessments. They allow you to automate critical security tasks and provide in-depth insight into target systems.

Keep learning, practicing, and always scan responsibly within legal boundaries.