Vulnerability Analysis

CVEScannerV2 – Enhancing Network Security With Nmap Vulnerability Detection Script

An advanced Nmap script designed to detect potential vulnerabilities in network services. This article delves into the technical specifics, requirements, and operational details of the script, providing a comprehensive guide for enhancing your network’s security.

Learn how to effectively use CVEScannerV2 to identify vulnerabilities across various services and versions.

Nmap script that provides information about probable vulnerabilities based on discovered services.

Contents:

  • Technical details
  • Requirements
    • Optional
  • Execution
    • Output
  • Errors and fixes
    • Blocked IP
    • Missing luasql
  • Docker container
  • Acknowledgements
  • License

Technical Details

The current implementation take care of the following cases:

  • If Nmap detects:
    • cpe AND version: vulnerabilities affecting version and vulnerabilities affecting a range of versions that include version.
    • cpe AND version range: vulnerabilities affecting versions between version range (included).
    • cpe but NO version: vulnerabilities that affect every version of the product.
    • If no vulnerabilities were found with cpe and version returned from Nmap, HTTP detection is used.
    • NO cpe: HTTP detection is used.
  • HTTP detection:
    • Used only if port matches HTTP/SSL/UPnP.
    • An HTTP GET request is sent for every combination of path and extension in extra/http-paths-vulnerscom.json, comparing the request headers/body with the regexes in extra/http-regex-vulnerscom.json.
    • Finally, the home page html is analyzed in search for library paths. The script tries to obtain the name and version from library location; then does an HTTP GET to that path in order to inspect the code of the library and analyze the starting commenot looking for the version.

Nmap library shortport is used to detect if port matches HTTP/SSL.

Requirements

In order to run cvescannerv2 script, you need the following files present in your working directory

  • CVE database: cve.db
  • Paths file: extra/http-paths-vulnerscom.json
  • Regex file: extra/http-regex-vulnerscom.json
  • Product-aliases file: extra/product-aliases.json

In addition, you must have installed lua-sql-sqlite3 (ubuntu) or lua5.4-sql-sqlite3 (alpine) packages

Optional

If you don’t have the database cve.db, you can build it using the script extra/database.py or download a (semiupdated) copy from CVEScannerV2DB using .sql files or under Actions->Latest->Summary->Artifacts

This repository is updated every two weeks

pip install -r extra/requirements.txt
python extra/database.py
git clone https://github.com/scmanjarrez/CVEScannerV2DB
cd CVEScannerV2DB && sh build.sh

Execution

To run the script, use the following syntax

nmap -sV --script cvescannerv2 <TARGET>
nmap -sV --script cvescannerv2 --script-args log=logfile.log,json=logfile.json <TARGET>

It is possible to modify the behaviour to some extent using the following arguments: db, maxcve, http, maxredirect, log, json, path, regex, aliases, service and version.

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

5 days ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

6 days ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

6 days ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

6 days ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

6 days ago

How to Create Directories in Linux with the mkdir Command

Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…

6 days ago