The Nmap Scripting Engine is perfect for detecting vulnerabilities, and for this reason there are already several exploitation scripts included with Nmap. Not too long ago, each developer used his own criteria of what output to include when reporting these vulnerabilities. To address this issue and unify the output format and the amount of information provided, the library vulns
was introduced.
This recipe will teach you how to report vulnerabilities correctly in your NSE scripts by using the library vulns
.
The correct way to report vulnerabilities in NSE is through the library vulns
. Let's review the process of reporting a vulnerability:
Load the library
vulns
(Nmap 6.x format):local vulns = require "vulns"
Create a
vuln
object table. Pay special attention to thestate
field:local vuln = { title = "<TITLE GOES HERE>", state = vulns.STATE.NOT_VULN, references = {"<URL1>", "URL2"}, ...