Using the “Nmap Scripting Engine”

I don’t think I need to explain what is Nmap: probably the most famous and used portscanner in the known universe.

Nmap has a lot of feature, and one of them is a built-in script interpreter called NSE (“Nmap Scripting Engine“) which allows developers to write extensions for Nmap. Using this feature, Marc Ruef developed a script which adds a basic vulnerability scanner feature to Nmap.

The script does not perform a vulnerability scan by itself, but using the fingerprinting feature (-sV), it can detect the running applications and versions and use this informations to lookup keys in some vulnerability datasources:

  • scipvuldb.csv — https://vuldb.com
  • cve.csv — http://cve.mitre.org
  • osvdb.csv —
  • securityfocus.csv —
  • securitytracker.csv — http://www.securitytracker.com
  • xforce.csv —
  • expliotdb.csv — http://www.exploit-db.com
  • openvas.csv —

Installation and usage are pretty simple:

Installation

Please install the files into the following folder of your Nmap installation:

`Nmap\scripts\vulscan\*`

Usage

You have to run the following minimal command to initiate a simple vulnerability scan:

`nmap -sV --script=vulscan/vulscan.nse www.example.com`

I suggest you use git so you can periodically update the script with the latest versions of vulnerability databases:

git clone .git

More information and downloads

-