Nmap is the go to port scanner for attackers, defenders, and administrators, and the 598 Nmap Scripting Engine scripts make Nmap a great lightweight vulnerability scanner. But have you ever needed to scan for something when there are no scripts available? Would you like to be able to write your own checks for configuration problems or less publicized vulnerabilities? Tune in to learn the basics of writing your own NSE scripts. After we cover some basic concepts, and discuss a few useful tools, we'll go through the process of creating an NSE script to scan for the Webmin backdoor that was released as a Zero Day vulnerability at DefCon last year.