How to use Nmap for vulnerability assessment
Using the “Nmap Scripting Engine”
I don’t think I need to explain what is Nmap: probably the most famous and used portscanner in the known universe.
Nmap has a lot of feature, and one of them is a built-in script interpreter called NSE (“Nmap Scripting Engine“) which allows developers to write extensions for Nmap.
Using this feature, Marc Ruef developed a script which adds a basic vulnerability scanner feature to Nmap.
The script does not perform a vulnerability scan by itself, but using the fingerprinting feature (-sV), it can detect the running applications and versions and use this informations to lookup keys in some vulnerability datasources:
- scipvuldb.csv — https://vuldb.com
- cve.csv — http://cve.mitre.org
- osvdb.csv — http://www.osvdb.org
- securityfocus.csv — http://www.securityfocus.com/bid/
- securitytracker.csv — http://www.securitytracker.com
- xforce.csv — http://xforce.iss.net
- expliotdb.csv — http://www.exploit-db.com
- openvas.csv — http://www.openvas.org
Installation and usage are pretty simple:
Installation
Please install the files into the following folder of your Nmap installation:
Nmap\scripts\vulscan\*Usage
You have to run the following minimal command to initiate a simple vulnerability scan:
nmap -sV --script=vulscan/vulscan.nse www.example.comI suggest you use git so you can periodically update the script with the latest versions of vulnerability databases:
git clone https://github.com/scipag/vulscan.git