How to use Nmap for vulnerability assessment

Using the “Nmap Scripting Engine”


I don’t think I need to explain what is Nmap: probably the most famous and used portscanner in the known universe.

Nmap has a lot of feature, and one of them is a built-in script interpreter called NSE (“Nmap Scripting Engine“) which allows developers to write extensions for Nmap.
Using this feature, Marc Ruef developed a script which adds a basic vulnerability scanner feature to Nmap.


The script does not perform a vulnerability scan by itself, but using the fingerprinting feature (-sV), it can detect the running applications and versions and use this informations to lookup keys in some vulnerability datasources:


Installation and usage are pretty simple:

Installation

Please install the files into the following folder of your Nmap installation:

Nmapscriptsvulscan*

Usage

You have to run the following minimal command to initiate a simple vulnerability scan:

nmap -sV --script=vulscan/vulscan.nse www.example.com

I suggest you use git so you can periodically update the script with the latest versions of vulnerability databases:

git clone https://github.com/scipag/vulscan.git

More information and downloads

https://github.com/scipag/vulscan

Comments