Vulnerability Analysis

CVEScannerV2 – Enhancing Network Security With Nmap Vulnerability Detection Script

An advanced Nmap script designed to detect potential vulnerabilities in network services. This article delves into the technical specifics, requirements, and operational details of the script, providing a comprehensive guide for enhancing your network’s security.

Learn how to effectively use CVEScannerV2 to identify vulnerabilities across various services and versions.

Nmap script that provides information about probable vulnerabilities based on discovered services.

Contents:

  • Technical details
  • Requirements
    • Optional
  • Execution
    • Output
  • Errors and fixes
    • Blocked IP
    • Missing luasql
  • Docker container
  • Acknowledgements
  • License

Technical Details

The current implementation take care of the following cases:

  • If Nmap detects:
    • cpe AND version: vulnerabilities affecting version and vulnerabilities affecting a range of versions that include version.
    • cpe AND version range: vulnerabilities affecting versions between version range (included).
    • cpe but NO version: vulnerabilities that affect every version of the product.
    • If no vulnerabilities were found with cpe and version returned from Nmap, HTTP detection is used.
    • NO cpe: HTTP detection is used.
  • HTTP detection:
    • Used only if port matches HTTP/SSL/UPnP.
    • An HTTP GET request is sent for every combination of path and extension in extra/http-paths-vulnerscom.json, comparing the request headers/body with the regexes in extra/http-regex-vulnerscom.json.
    • Finally, the home page html is analyzed in search for library paths. The script tries to obtain the name and version from library location; then does an HTTP GET to that path in order to inspect the code of the library and analyze the starting commenot looking for the version.

Nmap library shortport is used to detect if port matches HTTP/SSL.

Requirements

In order to run cvescannerv2 script, you need the following files present in your working directory

  • CVE database: cve.db
  • Paths file: extra/http-paths-vulnerscom.json
  • Regex file: extra/http-regex-vulnerscom.json
  • Product-aliases file: extra/product-aliases.json

In addition, you must have installed lua-sql-sqlite3 (ubuntu) or lua5.4-sql-sqlite3 (alpine) packages

Optional

If you don’t have the database cve.db, you can build it using the script extra/database.py or download a (semiupdated) copy from CVEScannerV2DB using .sql files or under Actions->Latest->Summary->Artifacts

This repository is updated every two weeks

pip install -r extra/requirements.txt
python extra/database.py
git clone https://github.com/scmanjarrez/CVEScannerV2DB
cd CVEScannerV2DB && sh build.sh

Execution

To run the script, use the following syntax

nmap -sV --script cvescannerv2 <TARGET>
nmap -sV --script cvescannerv2 --script-args log=logfile.log,json=logfile.json <TARGET>

It is possible to modify the behaviour to some extent using the following arguments: db, maxcve, http, maxredirect, log, json, path, regex, aliases, service and version.

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Install Pip on Ubuntu 18.04: Python 3 and Python 2 Setup Guide

Pip is the official package manager for Python and the standard way to install libraries from…

2 days ago

Install R on Ubuntu 18.04 from CRAN: Statistical Computing Setup

R is an open-source programming language and environment built for statistical computing and data visualization. It…

2 days ago

Install Jenkins on Ubuntu 18.04: CI/CD Server Setup Guide

Jenkins is an open-source automation server that makes it easy to build CI/CD pipelines. Continuous integration…

2 days ago

Install Android Studio on Ubuntu 18.04 with Snap and OpenJDK 8

Android Studio is the official IDE for Android development, built on JetBrains' IntelliJ IDEA platform. It…

2 days ago

Install and Configure GitLab on Ubuntu 18.04 with Omnibus

GitLab is a web-based, open-source Git repository manager written in Ruby. It includes built-in tools for…

2 days ago

Install Anaconda on Ubuntu 18.04: Python Data Science Setup Guide

Anaconda is the most widely used Python distribution for data science and machine learning. It bundles…

3 days ago