Flan Scan is a lightweight network vulnerability scanner. With Flan Scan you can easily find open ports on your network, identify services and their version, and get a list of relevant CVEs affecting your network.
It is a wrapper over Nmap and the vulners script which turns Nmap into a full-fledged network vulnerability scanner. Flan Scan makes it easy to deploy Nmap locally within a container, push results to the cloud, and deploy the scanner on Kubernetes.
Getting Started
$ docker –version
shared/ips.txt
. $ make build
$ make start
When the scan finishes you will find a Latex report of the summarizing the scan in shared/reports
. You can also see the raw XML output from Nmap in shared/xml_files
.
Also Read – RE:TERNAL : Repo Containing Docker-Compose Files & Setup Scripts
Custom Nmap Configuration
By default Flan Scan runs the following Nmap command:
$ nmap -sV -oX /shared/xml_files -oN – -v1 $@ –script=vulners/vulners.nse <ip-address>
The -oX
flag adds an XML version of the scan results to the /shared/xml_files
directory and the -oN -
flag outputs “normal” Nmap results to the console. The -v1
flag increases the verbosity to 1 and the -sV
flag runs a service detection scan (aside from Nmap’s default port and SYN scans). The --script=vulners/vulners.nse
is the script that matches the services detected with relevant CVEs.
Nmap also allows you to run UDP scans and to scan IPv6 addresses. To add these and other flags to Scan Flan’s Nmap command after running make build
run the container and pass in you Nmap flags like so:
$ docker run -v $(shell pwd)/shared:/shared flan_scan <Nmap-flags>
Pushing Results to the Cloud
Flan Scan currently supports pushing Latex reports and raw XML Nmap output files to a GCS Bucket or to an AWS S3 Bucket. Flan Scan requires 2 environment variables to push results to the cloud.
The first is upload
which takes one of two values gcp
or aws
. The second is bucket
and the value is the name of the S3 or GCS Bucket to upload the results to. To set the environment variables, after running make build
run the container setting the environment variables like so:
$ docker run –name \
-v $(pwd)/shared:/shared \
-e upload= \
-e bucket= \
flan_scan
Below are some examples for adding the necessary AWS or GCP authentication keys as environment variables in container. However, this can also be accomplished with a secret in Kubernetes that exposes the necessary environment variables or with other secrets management tools.
Example GCS Bucket Configuration
Copy your GCS private key for a service account to the /shared
file
$ cp <path-to-local-gcs-key>/key.json shared/
Run the container setting the GOOGLE_APPLICATION_CREDENTIALS
environment variable as the path to the GCS Key
$ docker run –name \
-v $(pwd)/shared:/shared \
-e upload=gcp \
-e bucket= \
-e GOOGLE_APPLICATION_CREDENTIALS=/shared /key.json
flan_scan
Example AWS S3 Bucket Configuration
Set the AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
environment variables to the corresponding variables for your S3 service account.
docker run –name \
-v $(pwd)/shared:/shared \
-e upload=aws \
-e bucket= \
-e AWS_ACCESS_KEY_ID= \
-e AWS_SECRET_ACCESS_KEY= \
flan_scan
Deploying on Kubernetes
When deploying Flan Scan to a container orchestration system, such as Kubernetes, you must ensure that the container has access to a file called ips.txt
at the directory /
.
In Kubernetes, this can be done with a ConfigMap which will mount a file on your local filesystem as a volume that the container can access once deployed. The kustomization.yaml
file has an example of how to create a ConfigMap called shared-files
. This ConfigMap is then mounted as a volume in the deployment.yaml
file.
Here are some easy steps to deploy Flan Scan on Kubernetes:
ips.txt
file in kustomization.yaml
and then run kubectl apply -k .
.kubectl get configmap
to make sure the ConfigMap was created properly.deployment.yaml
.kubectl apply -f deployment.yaml
to launch a deployment running Flan Scan.Flan Scan should be running on Kubernetes successfully!
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…