Hey Ricardo,
Hopefully I can add some clarification.
The Kali Linux box that I'm working with in the Pentest+ series is a virtual machine running on VMware Fusion. Because of that, when I'm in Kali and run an nmap scan that requires low-level privileges to the TCP/IP stack or access to the physical network adapter, Fusion has to pass that request on to Mac OS, which then prompts the user for authentication before access to those resources is granted. That is why you see a Mac OS authentication prompt.
Now for the --script vuln
scan you're running.
When you run --script vuln
, nmap fires up the Nmap Scripting Engine(NSE) and from there is directed to run certain NSE scripts that pertain to known vulnerabilities. The one we're seeing in your screenshot is http-enum
. In my Kali box that script is found in /usr/share/nmap/scripts/http-enum.nse
This looks for some basic http vulnerabilities and is very much like a stripped-down version of Nikto. Alas, there isn't any easy way to have these scans run with supplied credentials. Alternatively, you CAN perform credentialed scans with tools like Nikto. That being said, I advise that for deeper enumeration and vulnerability scanning of web applications, you use a tool that is focused towards that end (like Nikto, Skipfish, GoBuster, etc), and then after more enumeration you focus down on specific web technologies found therein (like scanning Wordpress sites using WPscan).
You can also create your own NSE scripts if you have knowledge of the Lua programming language. Then you can just write your own credentialed scanner and add it to the script repository and the world will thank you!
Nmap is a great tool and can do a lot of stuff (like some vulnerability scanning and exploitation), but it is really meant to be a discovery/enumeration tool and not so much a vulnerability exploitation framework.
Cheers,
Daniel Lowrie