Script vulners
Script types:
portrule
Categories:
vuln, safe, external
Download: https://svn.nmap.org/nmap/scripts/vulners.nse
Script Summary
For each available CPE the script prints out known vulns (links to the correspondent info) and correspondent CVSS scores.
Its work is pretty simple:
- work only when some software version is identified for an open port
- take all the known CPEs for that software (from the standard nmap -sV output)
- make a request to a remote server (vulners.com API) to learn whether any known vulns exist for that CPE
- if no info is found this way, try to get it using the software name alone
- print the obtained info out
NB: Since the size of the DB with all the vulns is more than 250GB there is no way to use a local db. So we do make requests to a remote service. Still all the requests contain just two fields - the software name and its version (or CPE), so one can still have the desired privacy.
Script Arguments
- vulners.mincvss
Limit CVEs shown to those with this CVSS score or greater.
- slaxml.debug
See the documentation for the slaxml library.
- smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
- http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent
See the documentation for the http library.
Example Usage
nmap -sV --script vulners [--script-args mincvss=<arg_val>] <target>
Script Output
53/tcp open domain ISC BIND DNS | vulners: | ISC BIND DNS: | CVE-2012-1667 8.5 https://vulners.com/cve/CVE-2012-1667 | CVE-2002-0651 7.5 https://vulners.com/cve/CVE-2002-0651 | CVE-2002-0029 7.5 https://vulners.com/cve/CVE-2002-0029 | CVE-2015-5986 7.1 https://vulners.com/cve/CVE-2015-5986 | CVE-2010-3615 5.0 https://vulners.com/cve/CVE-2010-3615 | CVE-2006-0987 5.0 https://vulners.com/cve/CVE-2006-0987 |_ CVE-2014-3214 5.0 https://vulners.com/cve/CVE-2014-3214
Requires
Author:
License: Same as Nmap--See https://nmap.org/book/man-legal.html