vulners NSE Script


For each available CPE the script prints out known vulns (links to the correspondent info) and correspondent CVSS scores. Its work is pretty simple: * work only when some software version is identified for an open port * take all the known CPEs for that software (from the standard nmap -sV output) * make a request to a remote server (vulners.com API) to learn whether any known vulns exist for that CPE * if no info is found this way, try to get it using the software name alone * print the obtained info out NB: Since the size of the DB with all the vulns is more than 250GB there is no way to use a local db. So we do make requests to a remote service. Still all the requests contain just two fields - the software name and its version (or CPE), so one can still have the desired privacy. ## Script Arguments #### vulners.mincvss Limit CVEs shown to those with this CVSS score or greater. #### slaxml.debug See the documentation for the [slaxml](<../lib/slaxml.html#script-args>) library. #### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername See the documentation for the [smbauth](<../lib/smbauth.html#script-args>) library. #### http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent See the documentation for the [http](<../lib/http.html#script-args>) library. ## Example Usage nmap -sV --script vulners [--script-args mincvss=<arg_val>] <target> ## Script Output 53/tcp open domain ISC BIND DNS | vulners: | ISC BIND DNS: | CVE-2012-1667 8.5 https://vulners.com/cve/CVE-2012-1667 | CVE-2002-0651 7.5 https://vulners.com/cve/CVE-2002-0651 | CVE-2002-0029 7.5 https://vulners.com/cve/CVE-2002-0029 | CVE-2015-5986 7.1 https://vulners.com/cve/CVE-2015-5986 | CVE-2010-3615 5.0 https://vulners.com/cve/CVE-2010-3615 | CVE-2006-0987 5.0 https://vulners.com/cve/CVE-2006-0987 |_ CVE-2014-3214 5.0 https://vulners.com/cve/CVE-2014-3214 ## Requires * [http](<../lib/http.html>) * [json](<../lib/json.html>) * [string](<>) * [table](<>) * [nmap](<../lib/nmap.html>) * [stdnse](<../lib/stdnse.html>) * * *