Vulscan - Advanced Vulnerability Scanning with Nmap
Vulscan is a module which enhances Nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB.
Installation
Install the files into the following folder of your Nmap installation:Nmap\scripts\vulscan\*Usage
You have to run the following minimal command to initiate a simple vulnerability scan:nmap -sV --script=vulscan/vulscan.nse www.example.comThere are the following pre-installed databases available at the moment:
- scipvuldb.csv - https://vuldb.com
- cve.csv - http://cve.mitre.org
- osvdb.csv - http://www.osvdb.org
- securityfocus.csv - http://www.securityfocus.com/bid/
- securitytracker.csv - http://www.securitytracker.com
- xforce.csv - http://xforce.iss.net
- expliotdb.csv - http://www.exploit-db.com
- openvas.csv - http://www.openvas.org
You can execute Vulscan with the following argument to use a single database:
--script-args vulscandb=your_own_database It is also possible to create and reference your own databases. This requires to create a database file, which has the following structure:
<id>;<title> The vulnerability databases are updated and assembled on a regular basis. If you want to update your databases, go to the following web site and download these files:
- http://www.computec.ch/projekte/vulscan/download/cve.csv
- http://www.computec.ch/projekte/vulscan/download/exploitdb.csv
- http://www.computec.ch/projekte/vulscan/download/openvas.csv
- http://www.computec.ch/projekte/vulscan/download/osvdb.csv
- http://www.computec.ch/projekte/vulscan/download/scipvuldb.csv
- http://www.computec.ch/projekte/vulscan/download/securityfocus.csv
- http://www.computec.ch/projekte/vulscan/download/securitytracker.csv
- http://www.computec.ch/projekte/vulscan/download/xforce.csv
Copy the files into the Vulscan folder:
/vulscan/Version Detection
If the version detection was able to identify the software version and the vulnerability database is providing such details, also this data is matched.Disabling this feature might introduce false-positive but might also eliminate false-negatives and increase performance slightly. If you want to disable additional version matching, use the following argument:
--script-args vulscanversiondetection=0Version detection of Vulscan is only as good as Nmap version detection and the vulnerability database entries are. Some databases do not provide conclusive version information, which may lead to a lot of false-positives (as can be seen for Apache servers).
Match Priority
The script is trying to identify the best matches only. If no positive match could be found, the best possible match (with might be a false-positive) is put on display.If you want to show all matches, which might introduce a lot of false-positives but might be useful for further investigation, use the following argument:
--script-args vulscanshowall=1Interactive Mode
The interactive mode helps you to override version detection results for every port. Use the following argument to enable the interactive mode:--script-args vulscaninteractive=1Source: www.effecthacking.com
Vulscan - Advanced Vulnerability Scanning with Nmap
Reviewed by Anonymous
on
12:24 AM
Rating:
Reviewed by Anonymous
on
12:24 AM
Rating:
