How to use Nmap for vulnerability assessment

Using the “Nmap Scripting Engine”

I don’t think I need to explain what is Nmap: probably the most famous and used portscanner in the known universe.

Nmap has a lot of feature, and one of them is a built-in script interpreter called NSE (“Nmap Scripting Engine“) which allows developers to write extensions for Nmap.
Using this feature, Marc Ruef developed a script which adds a basic vulnerability scanner feature to Nmap.

The script does not perform a vulnerability scan by itself, but using the fingerprinting feature (-sV), it can detect the running applications and versions and use this informations to lookup keys in some vulnerability datasources:

Installation and usage are pretty simple:


Please install the files into the following folder of your Nmap installation:



You have to run the following minimal command to initiate a simple vulnerability scan:

nmap -sV --script=vulscan/vulscan.nse

I suggest you use git so you can periodically update the script with the latest versions of vulnerability databases:

git clone

More information and downloads