Version discovery is essential to penetration testers as they can use version strings to find public security vulnerabilities affecting a scanned service. The Nmap Scripting Engine allows us to match popular vulnerability databases with the services versions obtained from our scan.
This recipe shows how to list public security advisories that could possibly affect a service discovered with Nmap.
To accomplish this task, we use the NSE script vulscan
. This script is not included in the official Nmap repository, so you need to install it manually before continuing.
To install it, download the latest version of vulscan
from my GitHub repository:
https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/vulscan.nse
Copy the script vulscan.nse
in your local script folder ($NMAP_INSTALLATION/scripts/
). Then, create the files cve.csv
, scipvuldb.csv
, and exploitdb.csv
inside your data directory ($NMAP_INSTALLATION/nselib/data
).
Now...