An advanced Nmap script designed to detect potential vulnerabilities in network services. This article delves into the technical specifics, requirements, and operational details of the script, providing a comprehensive guide for enhancing your network’s security.

Learn how to effectively use CVEScannerV2 to identify vulnerabilities across various services and versions.

Nmap script that provides information about probable vulnerabilities based on discovered services.

Contents:

  • Technical details
  • Requirements
    • Optional
  • Execution
    • Output
  • Errors and fixes
    • Blocked IP
    • Missing luasql
  • Docker container
  • Acknowledgements
  • License

Technical Details

The current implementation take care of the following cases:

  • If Nmap detects:
    • cpe AND version: vulnerabilities affecting version and vulnerabilities affecting a range of versions that include version.
    • cpe AND version range: vulnerabilities affecting versions between version range (included).
    • cpe but NO version: vulnerabilities that affect every version of the product.
    • If no vulnerabilities were found with cpe and version returned from Nmap, HTTP detection is used.
    • NO cpe: HTTP detection is used.
  • HTTP detection:
    • Used only if port matches HTTP/SSL/UPnP.
    • An HTTP GET request is sent for every combination of path and extension in extra/http-paths-vulnerscom.json, comparing the request headers/body with the regexes in extra/http-regex-vulnerscom.json.
    • Finally, the home page html is analyzed in search for library paths. The script tries to obtain the name and version from library location; then does an HTTP GET to that path in order to inspect the code of the library and analyze the starting commenot looking for the version.

Nmap library shortport is used to detect if port matches HTTP/SSL.

Requirements

In order to run cvescannerv2 script, you need the following files present in your working directory

  • CVE database: cve.db
  • Paths file: extra/http-paths-vulnerscom.json
  • Regex file: extra/http-regex-vulnerscom.json
  • Product-aliases file: extra/product-aliases.json

In addition, you must have installed lua-sql-sqlite3 (ubuntu) or lua5.4-sql-sqlite3 (alpine) packages

Optional

If you don’t have the database cve.db, you can build it using the script extra/database.py or download a (semiupdated) copy from CVEScannerV2DB using .sql files or under Actions->Latest->Summary->Artifacts

This repository is updated every two weeks

pip install -r extra/requirements.txt
python extra/database.py
git clone https://github.com/scmanjarrez/CVEScannerV2DB
cd CVEScannerV2DB && sh build.sh

Execution

To run the script, use the following syntax

nmap -sV --script cvescannerv2 <TARGET>
nmap -sV --script cvescannerv2 --script-args log=logfile.log,json=logfile.json <TARGET>

It is possible to modify the behaviour to some extent using the following arguments: db, maxcve, http, maxredirect, log, json, path, regex, aliases, service and version.

For more information click here.

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here