An advanced Nmap script designed to detect potential vulnerabilities in network services. This article delves into the technical specifics, requirements, and operational details of the script, providing a comprehensive guide for enhancing your network’s security.
Learn how to effectively use CVEScannerV2 to identify vulnerabilities across various services and versions.
Nmap script that provides information about probable vulnerabilities based on discovered services.
The current implementation take care of the following cases:
cpe
AND version
: vulnerabilities affecting version
and vulnerabilities affecting a range of versions that include version
.cpe
AND version range
: vulnerabilities affecting versions between version range
(included).cpe
but NO version
: vulnerabilities that affect every version of the product.cpe
and version
returned from Nmap, HTTP detection is used.cpe
: HTTP detection is used.extra/http-paths-vulnerscom.json
, comparing the request headers/body with the regexes in extra/http-regex-vulnerscom.json
.Nmap library shortport is used to detect if port matches HTTP/SSL.
In order to run cvescannerv2 script, you need the following files present in your working directory
cve.db
extra/http-paths-vulnerscom.json
extra/http-regex-vulnerscom.json
extra/product-aliases.json
In addition, you must have installed lua-sql-sqlite3
(ubuntu) or lua5.4-sql-sqlite3
(alpine) packages
If you don’t have the database cve.db
, you can build it using the script extra/database.py
or download a (semiupdated) copy from CVEScannerV2DB using .sql
files or under Actions->Latest->Summary->Artifacts
This repository is updated every two weeks
pip install -r extra/requirements.txt
python extra/database.py
git clone https://github.com/scmanjarrez/CVEScannerV2DB
cd CVEScannerV2DB && sh build.sh
To run the script, use the following syntax
nmap -sV --script cvescannerv2 <TARGET>
nmap -sV --script cvescannerv2 --script-args log=logfile.log,json=logfile.json <TARGET>
It is possible to modify the behaviour to some extent using the following arguments: db, maxcve, http, maxredirect, log, json, path, regex, aliases, service and version.
For more information click here.
ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…
Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…
SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…
PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…
HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…
What Are Bash Comments? Comments in Bash scripts, are notes in your code that the…