The simplest way of turning Nmap into a vulnerability scanner is to run scripts from the vuln
NSE category that check for specific vulnerabilities. Currently, there are 66 scripts available, targeting popular applications, products, protocols, and services. While this number may not be that impressive, the vulnerability exploitation capabilities of NSE can save us countless hours when developing exploits from scratch.
Some of the key aspects of using NSE for vulnerability detection are as follows:
Host information gathered during scans can be accessed via the Nmap API
NSE scripts can generate additional host information through advanced fingerprinting during runtime
NSE scripts can share valid credentials found during execution among other scripts
NSE provides several network protocol libraries, and they are ready to use
The
vuln
NSE library provides a simple interface to create well-organized vulnerability reportsNSE offers robust parallelism support and error handling...