Scanning For Vulnerabilities With Nmap Using Nmap-Vulners Script

Nmap-Vulners is a script that searches for your target’s vulnerabilities. Nmap produces the targets running versions and services. Nmap-Vulners then takes your targets running services and versions and runs them against known CVE’s from multiple databases such as OpenVAS (Nessus), Exploit-DB, MITRE CVE, OSVDB, SecurityFocus, SecurityTracker, IBM X-Force. It then produces all CVE’s based on your targets running services and versions.

  • Install Nmap-Vulners
  1. cd /usr/share/nmap/scripts/

  2. git clone https://github.com/vulnersCom/nmap-vulners.git

  • Using Nmap with Nmap-Vulners Script
  1. nmap --script nmap-vulners -sV IP
    Additionally you can specify port
  2. nmap --script nmap-vulners -sV -pPORT IP
    Or search the target URL
  3. nmap --script nmap-vulners -sV www.TargetUrl.com
  • Here is an example of how it works.
  1. nmap --script nmap-vulners -sV www.vulnweb.com
    Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-06 19:08 PDT Nmap scan report for www.vulnweb.com (176.28.50.165)Host is up (0.28s latency).rDNS record for 176.28.50.165: rs202995.rs.hosteurope.de Not shown: 988 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp ProFTPD 1.3.3e | vulners: | cpe:/a:proftpd:proftpd:1.3.3e:
    |_ CVE-2011-4130 9.0 https://vulners.com/cve/CVE-2011-4130
    22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu7.1 (Ubuntu Linux; protocol 2.0)
    | vulners:
    | cpe:/a:openbsd:openssh:5.3p1:
    | CVE-2016-10708 5.0 https://vulners.com/cve/CVE-2016-10708
    | CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
    | CVE-2018-15473 5.0 https://vulners.com/cve/CVE-2018-15473
    |_ CVE-2016-0777 4.0 https://vulners.com/cve/CVE-2016-0777
    25/tcp filtered smtp
    53/tcp open domain (unknown banner: none)
    | fingerprint-strings:
    | DNSVersionBindReqTCP:
    | version
    | bind
    |_ none
    80/tcp open http nginx 1.4.1
    |_http-server-header: nginx/1.4.1
    106/tcp open pop3pw poppassd
    110/tcp open pop3 Courier pop3d
    143/tcp open imap Plesk Courier imapd
    465/tcp open ssl/smtps?
    993/tcp open ssl/imaps?
    995/tcp open ssl/pop3s?
    8443/tcp open http lighttpd
    |_http-server-header: sw-cp-server

4 Likes

Install was very simple, Script Runs great. Thank you

3 Likes

@MoUsE I am glad you find it useful. :sunglasses:

cool, i particularly like the nmap ssh,irc,brute .nse scripts, Hack until it hurts

This looks interesting thank you for sharing the info.

Edit:
The only thing that is odd to me is that if you don’t add the -sV option it doesn’t tell you much.
Why it wasn’t added in the script in the first place is what I wonder.