vulscan – Vulnerability Scanning with Nmap

Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB.

vulscan - Vulnerability Scanning with Nmap
vulscan – Vulnerability Scanning with Nmap

There are the following pre-installed databases available:

  • scipvuldb.csv | http://www.scip.ch/en/?vuldb
  • cve.csv | http://cve.mitre.org
  • osvdb.csv | http://www.osvdb.org
  • securityfocus.csv | http://www.securityfocus.com/bid/
  • securitytracker.csv | http://www.securitytracker.com
  • xforce.csv | http://xforce.iss.net
  • expliotdb.csv | http://www.exploit-db.com
  • openvas.csv | http://www.openvas.org

Keeping the database updated will help to detect and uncover new vulnerabilities. If the version detection was able to identify the software version and the vulnerability database is providing such details, also this data is matched.

Version detection of vulscan is only as good as Nmap version detection and the vulnerability database entries are. Some databases do not provide conclusive version information, which may lead to a lot of false-positives (as can be seen for Apache servers).

You can read more and download the tool over here: https://www.computec.ch/projekte/vulscan/

Share