Nmap plugin and http-vulners-regex¶
Nmap plugin¶
The NSE script uses the information about known services to provide vulnerability intelligence. Note that it is already included into the standard Nmap NSE library.
Dependencies¶
Nmap libraries:
http
json
string
http-vulners-regex
Keep in mind that the script depends on the information about the software versions, so it only works with a -sV flag.
NB: Now the script can be run without the -sV flag if done so simultaneously with the http-vulners-regex script.
Installation¶
Locate the Nmap scripts in your system
- for *nix system it might be
~/.nmap/scripts/ or $NMAPDIR - for Mac it might be
/usr/local/Cellar/nmap/<version>/share/nmap/scripts/ - for Windows it might be
C:\Program Files (x86)\nmap\scripts
Copy the provided script (vulners.nse) into that directory.
Run nmap --script-updatedb to update the Nmap script DB.
Usage¶
Use it as plainly and directly as possible:
nmap -sV --script vulners [--script-args mincvss=<arg_val>] <target>
It is KISS after all.
http-vulners-regex¶
The NSE script scans HTTP responses and identifies CPEs for the mentioned software. It can therefore boost the efficiency of the main vulners script.
Or with the paths:
Dependencies¶
Nmap libraries:
http
json
string
stdnse
shortport
table
Installation¶
Locate the Nmap scripts in your system
- for *nix system it might be
~/.nmap/ or $NMAPDIR - for Mac it might be
/usr/local/Cellar/nmap/<version>/share/nmap/ - for Windows it might be
C:\Program Files (x86)\nmap\
Copy the provided script (http-vulners-regex.nse) into <nmap_dir>/scripts/.
Copy the provided json with the regexes to <nmap_dir>/nselib/data/.
Copy the provided txt file with the default paths to <nmap_dir>/nselib/data/. Note that you can specify your own file via command line.
Run nmap --script-updatedb to update the Nmap script DB.
Usage¶
Apply as an ordinary NSE script:
nmap --script http-vulners-regex.nse [--script-args paths={"/"}] <target>