nmap-vulners
vulscan
nmap-vulners | vulscan | |
---|---|---|
7 | 3 | |
3,087 | 3,319 | |
- | 1.4% | |
0.0 | 3.4 | |
over 1 year ago | 10 months ago | |
Lua | Lua | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nmap-vulners
-
Researchers Discover 40k-Strong EOL Router, IoT Botnet
This problem is only worsening. I recommend running nmap vulners or flan on a cron at home against your network.
I found multiple CVEs in my brand new (2023) router. They were running old versions of dropbear SSH, dnsmasq that had vulns.
Most routers are just cobbled together from years-old OpenWRT releases or worse.
I also found vulns on a brother printer, a smart plug, wifi-enabled air filter.
Everything in your house that has wifi probably has a vuln on it.
https://github.com/vulnersCom/nmap-vulners
https://github.com/cloudflare/flan
I urge everyone to check you'll definitely find a CVE
-
Scanning ports and finding network vulnerabilities using nmap
Few people know that nmap is not just for reconnaissance work. Among other things, it allows finding vulnerabilities based on scripts prepared by the community and the tool's developers. Examples include nmap-vulners, vulscan or already prepared scripts that are installed along with nmap.
-
Alternative to Tenable Nessus software
if you’re just doing it personally for the sake you could grab the vulners script for nmap and use that.
-
This script analyses the Nmap XML scanning results, parses each CPE context and correlates to search CVE on NIST. You can use that to find public vulnerabilities in services.
Nice! Much like vulners.
- Windows Volnurability Report
-
Automated tool/way of searching vulnerability databases?
Here's the answer you're actually looking for: https://github.com/vulnersCom/nmap-vulners
- Nmap error Vulscan
vulscan
-
Scanning ports and finding network vulnerabilities using nmap
Few people know that nmap is not just for reconnaissance work. Among other things, it allows finding vulnerabilities based on scripts prepared by the community and the tool's developers. Examples include nmap-vulners, vulscan or already prepared scripts that are installed along with nmap.
- Using Sn1per, what next?
- Windows Volnurability Report
What are some alternatives?
Vision2 - Nmap's XML result parse and NVD's CPE correlation to search CVE.
openvas-scanner - This repository contains the scanner component for Greenbone Community Edition.
Vision - Nmap's XML result parse and NVD's CPE correlation to search CVE
GVM-Docker - Greenbone Vulnerability Management Docker Image with OpenVAS
vulnerablecode - A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
haproxy-auth-request - auth-request allows you to add access control to your HTTP services based on a subrequest to a configured HAProxy backend.
h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.
Nginx-Lua-Anti-DDoS - A Anti-DDoS script to protect Nginx web servers using Lua with a HTML Javascript based authentication puzzle inspired by Cloudflare I am under attack mode an Anti-DDoS authentication page protect yourself from every attack type All Layer 7 Attacks Mitigating Historic Attacks DoS DoS Implications DDoS All Brute Force Attacks Zero day exploits Social Engineering Rainbow Tables Password Cracking Tools Password Lists Dictionary Attacks Time Delay Any Hosting Provider Any CMS or Custom Website Unlimited Attempt Frequency Search Attacks HTTP Basic Authentication HTTP Digest Authentication HTML Form Based Authentication Mask Attacks Rule-Based Search Attacks Combinator Attacks Botnet Attacks Unauthorized IPs IP Whitelisting Bruter THC Hydra John the Ripper Brutus Ophcrack unauthorized logins Injection Broken Authentication and Session Management Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Security Misconfiguration Cross-Site Scripting (XSS) Insecure Deserializati
faraday - Open Source Vulnerability Management Platform
iotvas-nmap - This is a NSE script that uses IoTVAS API and enables NMAP port scanner to perform connected device discovery and security risk assessment
luash - Extensible Lua terminal emulator
rtc - Lua script to executable compiler