Nmap can be used as a vulnerability scanner with the help of some NSE scripts. While this is not Nmap's main objective, the vulnerability detection scripts available are great. The NSE Script vuln
library manages and unifies the output of the vulnerability checks performed by the Nmap Scripting Engine.
This recipe will show you how to make Nmap report the vulnerability checks performed during a scan.
Launch the NSE scripts in the vuln
category against your target:
$nmap -sV --script vuln <target>
If you are lucky, you will see a vulnerability report:
PORT STATE SERVICE REASON 306/tcp open mysql syn-ack mysql-vuln-cve2012-2122: VULNERABLE: Authentication bypass in MySQL servers. State: VULNERABLE IDs: CVE:CVE-2012-2122 Description: When a user connects to MariaDB/MySQL, a token (SHA over a password and a random scramble string) is calculated and compared...