vulnerscom / nmap-vulners Goto Github PK

View Code? Open in Web Editor NEW

3.1K 3.1K 536.0 1.78 MB

NSE script based on Vulners.com API

License: GNU General Public License v3.0

Lua 100.00%

nmap-vulners's People

Contributors

Stargazers

Watchers

Forkers

d4rk4 jctim zatarra c0dak oxoempire mgcfish codeman655 expertasif seriousm swe-himelrana tkuennen qsdj m00zh33 h1d3r shantanu561993 wilhil 0c0c0f nitesculucian datazource linecode alpha0king rdincel1 benrau87 varunsamineni ss18 mrpointpigeon romannamor9 magnusstubman spencerx ayooshagarwal mehrdad-shokri theralfbrown jack51706 snakelab r0ug3 no-madsoul bravery9 konrado93 lw1988 jaikishantulswani cormoran96 ingyyousseframzy v4n0m nazicc ldsemerenko oshall ksmaheshkumar khonsu4 shellgh05t pacogago k0nficjusz zshell shreateh kcsec mahi0x00 jdiazmx gmmik3 netzeng suresync pabit thespitefuloctopus jjsmida 1337g lxkxc malwar3ninja hmilkovi ykankaya myscanner mrhacker46 lei720 juan157 mendickxiao ktaranov jothatron argosax-reborn wolfwhoami taohexx gdraperi therustylady ossecfile matthiasnehls 0thm4n3 keldorb methos2016 shellsec samyoyo d3viluke wizard2773 wandoelmo iofik rajivraj yuzhoustar 0xjukai w7374520 5cr1p70633k xianglinmao yuhisern7 greatspider135 d1pakda5 exrienz

nmap-vulners's Issues

Can nmap-valners help to check cve for web application?

Dear,
I have a web application created with java. I want to check if there exist any cve problem. I want to make sure if this way is ok?
I started my web application using tomcat,so I get the port for it. Use this tool to scan, I found anything output.
the command I execute like:
nmap --script nmap-vulners,vulscan --script-args vulscandb=scipvuldb.csv -sV -p8080 ip
and get the result like:

no any problem report, So I doubt if there any problem, please also support some sample such like some website I can scan to get the problem report, So I check if the tool is work well.
Please help!

nmap-vulners gives no output

$ nmap --script nmap-vulners -sV 127.0.0.1

Starting Nmap 7.70 ( https://nmap.org ) at 2020-02-20 16:45 IST
Nmap scan report for 10.100.100.166
Host is up (0.00075s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
53/tcp open domain dnsmasq 2.79

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 10.74 seconds

Expected Output
| vulners:
| cpe:/a:thekelleys:dnsmasq:2.79:
|_ CVE-2019-14834 4.3 https://vulners.com/cve/CVE-2019-14834

Please help me why I am not getting the vulnerabilities?
NOTE: I am able to get expected output when I use $nmap --script nmap-vulners -sV <IP_address> remotly from my ubuntu 16.04 PC

http-vulners-regex not working without paths

Without --script-args paths=something http-vulners-regex it will not return any results. It is not even apparent it is sending any traffic to the target.

With --script-args paths=something it will either use that file or when it fails to find that file it uses the default paths file. Traffic is sent as expected; results may follow.

Version info:

root@kali:~# nmap --version
Nmap version 7.80 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.3 openssl-1.1.1d libssh2-1.8.0 libz-1.2.11 libpcre-8.39 nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

Try this:
root@kali:~# nmap -p80 --script http-vulners-regex -d php.testsparker.com

Result (truncated):

PORT STATE SERVICE
80/tcp open http

Nmap done: 1 IP address (1 host up) scanned in 0.95 seconds

The relevant but not-so-helpful -d output:

NSE: Starting http-vulners-regex against php.testsparker.com (107.20.213.223:80).
NSE: Finished http-vulners-regex against php.testsparker.com (107.20.213.223:80).

Then try again with bogus path:

root@kali:~# nmap -p80 --script http-vulners-regex --script-args paths=nosuchfile -d php.testsparker.com

Results:

PORT STATE SERVICE
80/tcp open http
| http-vulners-regex:
| localstart.asp:
|_ cpe:/a:php:php:5.2.6

Nmap done: 1 IP address (1 host up) scanned in 3.78 seconds

Relevant section from -d debug:

NSE: Starting http-vulners-regex against php.testsparker.com (107.20.213.223:80).
NSE: [http-vulners-regex 107.20.213.223:80] Trying to read paths from a specified file nosuchfile
NSE: [http-vulners-regex 107.20.213.223:80] No file found at nselib/data/nosuchfile, using local copy
NSE: [http-vulners-regex 107.20.213.223:80] Failed to open a file with paths
NSE: [http-vulners-regex 107.20.213.223:80] Trying to read paths from a default file http-vulners-paths.txt
NSE: [http-vulners-regex 107.20.213.223:80] Analyze path default.cfm

Minor issue - Typo

nmap-vulners/vulners.nse

Line 157 in 4899a73

stdnse.debug1("Failed to cantact vulners in several attempts.")

It should say Failed to contact vulners in several attempts. but it says cantact

Error #486: Your port specifications are illegal.

./nmapAutomator.sh 10.10.10.160 Vulns

Running Vuln scan on basic ports

Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-28 14:10 CET
Error #486: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
QUITTING!

---------------------Finished all Nmap scans---------------------
Completed in 0 seconds

I guess this is a quick fix but was to lazy so far to check out ur script any idea ?

nmap: vuln scanner [C]: in function 'error'

hello every one i had this problem can any one help

nmap --script vulscan,nmap-vulners -sV ( IP)

Starting Nmap 7.93 ( https://nmap.org ) at 2022-11-14 17:13 CST
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:833: 'nmap-vulners' did not match a category, filename, or directory
stack traceback:
[C]: in function 'error'
/usr/bin/../share/nmap/nse_main.lua:833: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1344: in main chunk
[C]: in ?

Authentication failure

while installing Nmap it asking about password, when I'm entering password it shows Authentication failure.

Rate Limit

Hi,

Is there a rate limit on this nmap plugin (vulners.nse)? If there is a 250GB database, how can I use it locally?

Nmap 7.70 Cannot run the script...

when I use:

➜  Scanner-Tool nmap -v
Starting Nmap 7.70SVN ( https://nmap.org ) at 2018-05-31 10:18 CST
Read data files from: /usr/local/bin/../share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.02 seconds

➜  Scanner-Tool sudo nmap -sV --script vulners 95.163.200.165         
Starting Nmap 7.70SVN ( https://nmap.org ) at 2018-05-31 10:19 CST
NSE: failed to initialize the script engine:
/usr/local/bin/../share/nmap/nse_main.lua:823: 'vulners' did not match a category, filename, or directory
stack traceback:
	[C]: in function 'error'
	/usr/local/bin/../share/nmap/nse_main.lua:823: in local 'get_chosen_scripts'
	/usr/local/bin/../share/nmap/nse_main.lua:1315: in main chunk
	[C]: in ?

QUITTING!

...

Nothing showed up for vulnerabilites, what did i do wrong?

spider@kali:~$ nmap -sV -Pn --version-all --script vulners 192.168.1.11
Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-07 03:13 EDT
Stats: 0:00:50 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 85.71% done; ETC: 03:14 (0:00:07 remaining)
Stats: 0:01:51 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 85.71% done; ETC: 03:15 (0:00:17 remaining)
Stats: 0:03:17 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 100.00% done; ETC: 03:16 (0:00:00 remaining)
Nmap scan report for 192.168.1.11
Host is up (0.019s latency).
Not shown: 993 filtered ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows 7 - 10 microsoft-ds (workgroup: WORKGROUP)
554/tcp open rtsp?
2869/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
10243/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
Service Info: Host: ADMIN-PC; OS: Windows; CPE: cpe:/o:microsoft:windows

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 206.31 seconds

I use Kali Linux on a Virutual box and i had downloaded vulners and put the vulners.nse in the scripts folder and i had also downloaded Vulscan and put that in scripts but thats pretty irrelevent, anyway my problem is that i thought by using --scripts vulners i would get a list of vulnerabilites and ways to exploit them.

Thank you!

Vulners

Add severity along with the CVE

It would be very helpful if there is a way we can see the severity/CVSS score of the issue.

False positive regarding vsftpd 2.2.2

21/tcp  open  ftp      vsftpd 2.2.2
| vulners:
|   cpe:/a:vsftpd:vsftpd:2.2.2:
|_	EDB-ID:42965		0.0		https://vulners.com/exploitdb/EDB-ID:42965		*EXPLOIT*

The exploit suggested doesn't match up with the application.

Not detecting vulnerabilities

It's very possible I'm misunderstanding or doing something wrong here, but the script doesn't seem to be detecting a vulnerable HP ilo service for which there are vulners entries:

https://vulners.com/nessus/ILO_AUTH_BYPASS.NASL
https://vulners.com/openvas/OPENVAS:1361412562310140325

nmap run with debug cranked below:

nmap -sV -p443 --script vulners 111.111.111.111 -vvvvv

Starting Nmap 7.60SVN ( https://nmap.org ) at 2018-01-02 14:12 CST
NSE: Loaded 44 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 14:12
Completed NSE at 14:12, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 14:12
Completed NSE at 14:12, 0.00s elapsed
Initiating Ping Scan at 14:12
Scanning 111.111.111.111 [4 ports]
Completed Ping Scan at 14:12, 0.23s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:12
Debugging Increased to 1.
Debugging Increased to 2.
NSOCK INFO [2.9290s] nsock_write(): Write request for 45 bytes to IOD #1 EID 83 [2001:4860:4860::8844:53]
NSOCK INFO [2.9290s] nsock_trace_handler_callback(): Callback: WRITE ERROR [Destination address required (89)] for EID 83 [2001:4860:4860::8844:53]
NSOCK INFO [5.9300s] nsock_write(): Write request for 45 bytes to IOD #2 EID 91 [2001:4860:4860::8888:53]
NSOCK INFO [5.9300s] nsock_trace_handler_callback(): Callback: WRITE ERROR [Destination address required (89)] for EID 91 [2001:4860:4860::8888:53]
NSOCK INFO [8.4290s] nsock_write(): Write request for 45 bytes to IOD #2 EID 99 [2001:4860:4860::8888:53]
NSOCK INFO [8.4290s] nsock_trace_handler_callback(): Callback: WRITE ERROR [Destination address required (89)] for EID 99 [2001:4860:4860::8888:53]
NSOCK INFO [11.4300s] nsock_write(): Write request for 45 bytes to IOD #3 EID 107 [8.8.4.4:53]
NSOCK INFO [11.4300s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 107 [8.8.4.4:53]
NSOCK INFO [11.4400s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 50 [8.8.4.4:53] (102 bytes)
NSOCK INFO [11.4400s] nsock_read(): Read request from IOD #3 [8.8.4.4:53] (timeout: -1ms) EID 114
NSOCK INFO [11.4400s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [11.4400s] nevent_delete(): nevent_delete on event #18 (type READ)
NSOCK INFO [11.4400s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [11.4400s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [11.4400s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [11.4400s] nevent_delete(): nevent_delete on event #114 (type READ)
NSOCK INFO [11.4400s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [11.4400s] nevent_delete(): nevent_delete on event #66 (type READ)
mass_rdns: 11.01s 0/1 [#: 4, OK: 0, NX: 0, DR: 0, SF: 0, TR: 5]
Completed Parallel DNS resolution of 1 host. at 14:12, 11.01s elapsed
DNS resolution of 1 IPs took 11.01s. Mode: Async [#: 4, OK: 0, NX: 1, DR: 0, SF: 0, TR: 5, CN: 0]
Initiating SYN Stealth Scan at 14:12
Scanning 111.111.111.111 [1 port]
Packet capture filter (device enp2s0f0): dst host 222.222.222.222 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 111.111.111.111)))
Discovered open port 443/tcp on 111.111.111.111
Changing global ping host to 111.111.111.111.
Completed SYN Stealth Scan at 14:12, 0.36s elapsed (1 total ports)
Overall sending rates: 5.62 packets / s, 247.49 bytes / s.
Fetchfile found /usr/bin/../share/nmap/nmap-service-probes
Initiating Service scan at 14:12
Scanning 1 service on 111.111.111.111
NSOCK INFO [11.8900s] nsock_iod_new2(): nsock_iod_new (IOD #1)
Starting probes against new service: 111.111.111.111:443 (tcp)
NSOCK INFO [11.8900s] nsock_connect_tcp(): TCP connection requested to 111.111.111.111:443 (IOD #1) EID 8
NSOCK INFO [11.9240s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [111.111.111.111:443]
Service scan sending probe NULL to 111.111.111.111:443 (tcp)
NSOCK INFO [11.9240s] nsock_read(): Read request from IOD #1 [111.111.111.111:443] (timeout: 6000ms) EID 18
NSOCK INFO [17.9270s] nsock_trace_handler_callback(): Callback: READ TIMEOUT for EID 18 [111.111.111.111:443]
Service scan sending probe SSLSessionReq to 111.111.111.111:443 (tcp)
NSOCK INFO [17.9270s] nsock_write(): Write request for 88 bytes to IOD #1 EID 27 [111.111.111.111:443]
NSOCK INFO [17.9270s] nsock_read(): Read request from IOD #1 [111.111.111.111:443] (timeout: 5000ms) EID 34
NSOCK INFO [17.9270s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 27 [111.111.111.111:443]
NSOCK INFO [17.9650s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 34 [111.111.111.111:443] (837 bytes)
Service scan match (Probe SSLSessionReq matched with SSLSessionReq line 12993): 111.111.111.111:443 is ssl.  Version: |OpenSSL||SSLv3|
NSOCK INFO [17.9650s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [17.9650s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [17.9650s] nsock_connect_ssl(): SSL connection requested to 111.111.111.111:443/tcp (IOD #2) EID 41
NSOCK INFO [18.1560s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 41 [111.111.111.111:443]
Service scan sending probe NULL to 111.111.111.111:443 (tcp)
NSOCK INFO [18.1560s] nsock_read(): Read request from IOD #2 [111.111.111.111:443] (timeout: 6000ms) EID 50
NSOCK INFO [24.1620s] nsock_trace_handler_callback(): Callback: READ TIMEOUT for EID 50 [111.111.111.111:443]
Service scan sending probe GetRequest to 111.111.111.111:443 (tcp)
NSOCK INFO [24.1620s] nsock_write(): Write request for 18 bytes to IOD #2 EID 59 [111.111.111.111:443]
NSOCK INFO [24.1630s] nsock_read(): Read request from IOD #2 [111.111.111.111:443] (timeout: 5000ms) EID 66
NSOCK INFO [24.1630s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 59 [111.111.111.111:443]
NSOCK INFO [24.1980s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 66 [111.111.111.111:443] (26 bytes): HTTP/1.1 400 Bad Request..
NSOCK INFO [24.2010s] nsock_read(): Read request from IOD #2 [111.111.111.111:443] (timeout: 4962ms) EID 74
NSOCK INFO [24.2010s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 74 [111.111.111.111:443] (129 bytes)
NSOCK INFO [24.2080s] nsock_read(): Read request from IOD #2 [111.111.111.111:443] (timeout: 4955ms) EID 82
NSOCK INFO [24.2080s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 82 [111.111.111.111:443] [EOF](2 bytes): ..
Service scan match (Probe GetRequest matched with GetRequest line 9692): 111.111.111.111:443 is SSL/http.  Version: |HP Integrated Lights-Out web interface|1.30||
NSOCK INFO [24.2080s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
Completed Service scan at 14:13, 12.32s elapsed (1 service on 1 host)
NSE: Script scanning 111.111.111.111.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 14:13
NSE: Starting http-trane-info M:55faee6e49f8 against 111.111.111.111:443.
NSOCK INFO [24.2100s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [24.2110s] nsock_connect_ssl(): SSL connection requested to 111.111.111.111:443/tcp (IOD #1) EID 9
NSE: Starting http-server-header M:55faee6f4ae8 against 111.111.111.111:443.
NSOCK INFO [24.2110s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [24.2110s] nsock_connect_ssl(): SSL connection requested to 111.111.111.111:443/tcp (IOD #2) EID 17
NSE: Starting vulners M:55faee562a88 against 111.111.111.111:443.
NSOCK INFO [24.2110s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [24.2120s] nsock_connect_ssl(): SSL connection requested to 188.42.174.102:443/tcp (IOD #3) EID 25
NSE: Starting vmware-version M:55faee591ad8 against 111.111.111.111:443.
NSOCK INFO [24.2120s] nsock_iod_new2(): nsock_iod_new (IOD #4)
NSOCK INFO [24.2120s] nsock_connect_ssl(): SSL connection requested to 111.111.111.111:443/tcp (IOD #4) EID 33
NSE: Starting hnap-info M:55faee6f3ac8 against 111.111.111.111:443.
NSOCK INFO [24.5200s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 25 [188.42.174.102:443]
NSOCK INFO [24.5590s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 9 [111.111.111.111:443]
NSOCK INFO [24.5620s] nsock_write(): Write request for 176 bytes to IOD #1 EID 43 [111.111.111.111:443]
NSOCK INFO [24.5620s] nsock_write(): Write request for 182 bytes to IOD #3 EID 51 [188.42.174.102:443]
NSOCK INFO [24.5620s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 43 [111.111.111.111:443]
NSOCK INFO [24.5620s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 51 [188.42.174.102:443]
NSOCK INFO [24.5710s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 33 [111.111.111.111:443]
NSOCK INFO [24.5720s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 17 [111.111.111.111:443]
NSOCK INFO [24.5720s] nsock_read(): Read request from IOD #1 [111.111.111.111:443] (timeout: 7000ms) EID 58
NSOCK INFO [24.5720s] nsock_write(): Write request for 18 bytes to IOD #2 EID 67 [111.111.111.111:443]
NSOCK INFO [24.5720s] nsock_read(): Read request from IOD #3 [188.42.174.102:443] (timeout: 14000ms) EID 74
NSOCK INFO [24.5720s] nsock_write(): Write request for 618 bytes to IOD #4 EID 83 [111.111.111.111:443]
NSOCK INFO [24.5720s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 67 [111.111.111.111:443]
NSOCK INFO [24.5720s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 83 [111.111.111.111:443]
NSOCK INFO [24.5970s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 58 [111.111.111.111:443] (24 bytes): HTTP/1.1 404 Not Found..
NSOCK INFO [24.6220s] nsock_read(): Read request from IOD #1 [111.111.111.111:443] (timeout: 7000ms) EID 90
NSOCK INFO [24.6220s] nsock_read(): Read request from IOD #2 [111.111.111.111:443] (timeout: 7000ms) EID 98
NSOCK INFO [24.6220s] nsock_read(): Read request from IOD #4 [111.111.111.111:443] (timeout: 7000ms) EID 106
NSOCK INFO [24.6220s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 90 [111.111.111.111:443] [EOF](130 bytes)
NSOCK INFO [24.6220s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 98 [111.111.111.111:443] [EOF](157 bytes)
NSOCK INFO [24.6220s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 106 [111.111.111.111:443] [EOF](176 bytes)
NSOCK INFO [24.6720s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSE: [http-trane-info M:55faee6e49f8 111.111.111.111:443] Final http cache size (0 bytes) of max size of 1000000
NSE: [http-trane-info M:55faee6e49f8 111.111.111.111:443] HTTP: Host returns proper 404 result.
NSOCK INFO [24.6720s] nsock_iod_new2(): nsock_iod_new (IOD #5)
NSOCK INFO [24.6720s] nsock_connect_ssl(): SSL connection requested to 111.111.111.111:443/tcp (IOD #5) EID 113
NSOCK INFO [24.6720s] nsock_iod_new2(): nsock_iod_new (IOD #6)
NSOCK INFO [24.6720s] nsock_connect_ssl(): SSL connection requested to 111.111.111.111:443/tcp (IOD #6) EID 121
NSOCK INFO [24.6720s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSE: [vmware-version M:55faee591ad8 111.111.111.111:443] Couldn't download file: /sdk
NSE: Finished vmware-version M:55faee591ad8 against 111.111.111.111:443.
NSOCK INFO [24.6760s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 74 [188.42.174.102:443] [EOF](1084 bytes)
NSOCK INFO [24.7220s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSE: [vulners M:55faee562a88 111.111.111.111:443] Final http cache size (120 bytes) of max size of 1000000
NSOCK INFO [24.7220s] nsock_iod_new2(): nsock_iod_new (IOD #7)
NSOCK INFO [24.7250s] nsock_connect_ssl(): SSL connection requested to 188.42.174.102:443/tcp (IOD #7) EID 129
NSE: [hnap-info M:55faee6f3ac8 111.111.111.111:443] HTTP: Host returns proper 404 result.
NSOCK INFO [24.7250s] nsock_iod_new2(): nsock_iod_new (IOD #8)
NSOCK INFO [24.7250s] nsock_connect_ssl(): SSL connection requested to 111.111.111.111:443/tcp (IOD #8) EID 137
NSOCK INFO [24.9420s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 121 [111.111.111.111:443]
NSOCK INFO [24.9490s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 113 [111.111.111.111:443]
NSOCK INFO [24.9740s] nsock_write(): Write request for 162 bytes to IOD #5 EID 147 [111.111.111.111:443]
NSOCK INFO [24.9740s] nsock_write(): Write request for 40 bytes to IOD #6 EID 155 [111.111.111.111:443]
NSOCK INFO [24.9740s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 147 [111.111.111.111:443]
NSOCK INFO [24.9740s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 155 [111.111.111.111:443]
NSOCK INFO [25.0220s] nsock_read(): Read request from IOD #5 [111.111.111.111:443] (timeout: 7000ms) EID 162
NSOCK INFO [25.0220s] nsock_read(): Read request from IOD #6 [111.111.111.111:443] (timeout: 7000ms) EID 170
NSOCK INFO [25.0230s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 162 [111.111.111.111:443] (152 bytes)
NSOCK INFO [25.0230s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 170 [111.111.111.111:443] (147 bytes)
NSOCK INFO [25.0300s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 129 [188.42.174.102:443]
NSOCK INFO [25.0720s] nsock_read(): Read request from IOD #5 [111.111.111.111:443] (timeout: 7000ms) EID 178
NSE: Finished http-server-header M:55faee6f4ae8 against 111.111.111.111:443.
NSOCK INFO [25.0730s] nsock_write(): Write request for 183 bytes to IOD #7 EID 187 [188.42.174.102:443]
NSOCK INFO [25.0730s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [25.0730s] nsock_iod_delete(): nsock_iod_delete (IOD #6)
NSOCK INFO [25.0730s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 178 [111.111.111.111:443] [EOF](2 bytes): ..
NSOCK INFO [25.0730s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 187 [188.42.174.102:443]
NSOCK INFO [25.0990s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 137 [111.111.111.111:443]
NSOCK INFO [25.0990s] nsock_iod_delete(): nsock_iod_delete (IOD #5)
NSE: [http-trane-info M:55faee6e49f8 111.111.111.111:443] Final http cache size (120 bytes) of max size of 1000000
NSE: Finished http-trane-info M:55faee6e49f8 against 111.111.111.111:443.
NSOCK INFO [25.0990s] nsock_read(): Read request from IOD #7 [188.42.174.102:443] (timeout: 14000ms) EID 194
NSOCK INFO [25.0990s] nsock_write(): Write request for 157 bytes to IOD #8 EID 203 [111.111.111.111:443]
NSOCK INFO [25.0990s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 203 [111.111.111.111:443]
NSOCK INFO [25.1490s] nsock_read(): Read request from IOD #8 [111.111.111.111:443] (timeout: 7000ms) EID 210
NSOCK INFO [25.1490s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 210 [111.111.111.111:443] [EOF](154 bytes)
NSOCK INFO [25.1850s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 194 [188.42.174.102:443] [EOF](1084 bytes)
NSOCK INFO [25.1850s] nsock_iod_delete(): nsock_iod_delete (IOD #7)
NSE: [vulners M:55faee562a88 111.111.111.111:443] Final http cache size (240 bytes) of max size of 1000000
NSOCK INFO [25.1850s] nsock_iod_new2(): nsock_iod_new (IOD #9)
NSOCK INFO [25.1890s] nsock_connect_ssl(): SSL connection requested to 188.42.174.102:443/tcp (IOD #9) EID 217
NSOCK INFO [25.1890s] nsock_iod_delete(): nsock_iod_delete (IOD #8)
NSE: [hnap-info M:55faee6f3ac8 111.111.111.111:443] Final http cache size (240 bytes) of max size of 1000000
NSE: Finished hnap-info M:55faee6f3ac8 against 111.111.111.111:443.
NSOCK INFO [25.4970s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 217 [188.42.174.102:443]
NSOCK INFO [25.4980s] nsock_write(): Write request for 189 bytes to IOD #9 EID 227 [188.42.174.102:443]
NSOCK INFO [25.4980s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 227 [188.42.174.102:443]
NSOCK INFO [25.4980s] nsock_read(): Read request from IOD #9 [188.42.174.102:443] (timeout: 14000ms) EID 234
NSOCK INFO [25.6800s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 234 [188.42.174.102:443] [EOF](1085 bytes)
NSOCK INFO [25.6800s] nsock_iod_delete(): nsock_iod_delete (IOD #9)
NSE: [vulners M:55faee562a88 111.111.111.111:443] Final http cache size (360 bytes) of max size of 1000000
NSE: Finished vulners M:55faee562a88 against 111.111.111.111:443.
Completed NSE at 14:13, 1.47s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 14:13
Completed NSE at 14:13, 0.00s elapsed
Nmap scan report for 111.111.111.111
Host is up, received syn-ack ttl 48 (0.034s latency).
Scanned at 2018-01-02 14:12:38 CST for 26s

PORT    STATE SERVICE  REASON         VERSION
443/tcp open  ssl/http syn-ack ttl 48 HP Integrated Lights-Out web interface 1.30
|_http-server-header: HP-iLO-Server/1.30
Service Info: CPE: cpe:/h:hp:integrated_lights-out:1.30
Final times for host: srtt: 34194 rttvar: 25866  to: 137658

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 14:13
Completed NSE at 14:13, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 14:13
Completed NSE at 14:13, 0.00s elapsed
Read from /usr/bin/../share/nmap: nmap-payloads nmap-service-probes nmap-services.
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 25.69 seconds
           Raw packets sent: 6 (240B) | Rcvd: 2 (88B)

Following : https://null-byte.wonderhowto.com/how-to/easily-detect-cves-with-nmap-scripts-0181925/ is probably what you did there tutorial is awful in my opinion

Following : https://null-byte.wonderhowto.com/how-to/easily-detect-cves-with-nmap-scripts-0181925/ is probably what you did there tutorial is awful in my opinion
you will run into the error "/usr/local/bin/../share/nmap/nse_main.lua:823: 'vulners' did not match a category, filename, or directory
stack traceback:
[C]: in function 'error'
/usr/local/bin/../share/nmap/nse_main.lua:823: in local 'get_chosen_scripts'
/usr/local/bin/../share/nmap/nse_main.lua:1315: in main chunk
[C]: in ?

QUITTING!"
the way I fixed this was by using the command:
cd /usr/share/nmap/scripts
nmap -sV --script=vulscan/vulscan.nse
nmap -sV --script=vulscan/vulscan.nse -sV -p22 50...** (*or what ever command you desire)

If it still isn't make sure you installed it correctly:
cd /usr/share/nmap/scripts
git clone https://github.com/scipag/vulscan scipag_vulscan
ln -s pwd/scipag_vulscan /usr/share/nmap/scripts/vulscan

Have a good day m8 cheers

Originally posted by @40withabeam in #13 (comment)

Change vulners.nse filename so that the repo can run with nmap in a single command

I noiticed that this repo has the same nse filename with one that nmap is alrerady shipped in. Thia file is vulners.nse which exists in the default nmap scripting directory and thus nmap cannot run with:
--script vuln,nmap-vulners in a single command.

Is there a way to use an offline CSV file or a privately hosted Vulners CVE database?

I'm curious is there a way to use the python script (https://github.com/vulnersCom/api) or https://github.com/vulnersCom/getsploit for using an offline copy of the vulners database instead of sending the software versions that are detected over the Internet. If the local/offline option is not possible how would we use a privately hosted alternative?

Nmap Mac - Vulners

Nmap

VulnersCom

openssh false positive vulnerabilties.

we have recently noticed false positive vulnerabilities for openssh packages, we are using the latest openssh version 8.6

https://nvd.nist.gov/vuln/detail/CVE-2001-0554">CVE-2001-0554|
MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145
MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145
MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145
MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145
MSF:ILITIES/F5-BIG-IP-CVE-2020-14145
https://nvd.nist.gov/vuln/detail/CVE-2020-14145

can we skip these vulnerabilities?

Vulners check based on a scan result that was already performed

Hello,

Will it ever be possible to perform check based on a results of a previous scan?

For example when during a pentest of an internal network using various pivoting methods you will not have access to internet. Is it possible to save scan results and perform vulners check using this script on a another machine?

script detect false positive vulnerabilites

We are daily scan servers with nmap matching vulners.nse, have found that recently its getting lot of false positive alerts on httpd.
As we have installed httpd latest version, still it's showing 1999, 2000 vulnerabilities. Any method to bypass these?

Windows nmap script

When trying to find the location of the script file by using the provided code, Powershell returns "access denied". Not sure why.

Scripts error

Hey everyone so when I use this command to check vulnerabilities on my router (map --script vulscan,nmap-vulners -sV 196.168.0.1) it gives me this error

Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-12 10:09 EDT
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:821: directory '/usr/bin/../share/nmap/scripts/nmap-vulners' found, but will not match without '/'
stack traceback:
[C]: in function 'error'
/usr/bin/../share/nmap/nse_main.lua:821: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1312: in main chunk
[C]: in ?

QUITTING!

I installed both scripts correctly on the nmap scripts folder but doesnt work, someone hlep me plz

Nmap Script Error

/usr/bin/../share/nmap/nse_main.lua:259: /usr/bin/../share/nmap/scripts/vulners.nse:1: unexpected symbol near '<'
stack traceback:
[C]: in function 'assert'
/usr/bin/../share/nmap/nse_main.lua:259: in upvalue 'loadscript'
/usr/bin/../share/nmap/nse_main.lua:601: in field 'new'
/usr/bin/../share/nmap/nse_main.lua:825: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1312: in main chunk
[C]: in ?

Nmap script output

Hi, thank you very much for the wonderful scirpt!
I have created a nmap xml output to csv:
https://github.com/giper45/nmapvulners2csv

Hope that this can be useful to someone.
Regards,

Proxy support

Hi!
Are you have plans to adding proxy support in this script? or how use this feature
Thx for answers

Encountered a false positive

Hey,

I just ran a scan against a device running Microsoft SQL Server 2019 and the script detected CVE-2021-1636. However, the version of the software is not vulnerable for this CVE. The script showed the correct version of the software though.
My question is, does the script takes software versions into account when checking for CVE's? And if it does, what could have gone wrong here?

Thanks in advance.

Script doesn't work with nmap 7.60

pew@ubuntu:~/# gdb nmap
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from nmap...(no debugging symbols found)...done.
(gdb) set args -oX - -p 443,22,25,21,587,993,80,143,995,53 -sV -T 5 --script vulners <ANY_IP_THERE>
(gdb) run
Starting program: /usr/local/bin/nmap -oX - -p 443,22,25,21,587,993,80,143,995,53 -sV -T 5 --script vulners <ANY_IP_THERE>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/local/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.60 scan initiated Mon Feb 19 15:26:09 2018 as: /usr/local/bin/nmap -oX - -p 443,22,25,21,587,993,80,143,995,53 -sV -T 5 -&#45;script vulners <ANY_IP_THERE> -->
<nmaprun scanner="nmap" args="/usr/local/bin/nmap -oX - -p 443,22,25,21,587,993,80,143,995,53 -sV -T 5 -&#45;script vulners <ANY_IP_THERE>" start="1519043169" startstr="Mon Feb 19 15:26:09 2018" version="7.60" xmloutputversion="1.04">
<scaninfo type="syn" protocol="tcp" numservices="10" services="21-22,25,53,80,143,443,587,993,995"/>
<verbose level="0"/>
<debugging level="0"/>
NSE: failed to initialize the script engine:
/usr/local/bin/../share/nmap/nse_main.lua:821: 'vulners' did not match a category, filename, or directory
stack traceback:
 [C]: in function 'error'
 /usr/local/bin/../share/nmap/nse_main.lua:821: in local 'get_chosen_scripts'
 /usr/local/bin/../share/nmap/nse_main.lua:1312: in main chunk
 [C]: in ?

QUITTING!
<runstats><finished time="1519043169" timestr="Mon Feb 19 15:26:09 2018" elapsed="0.36" summary="Nmap done at Mon Feb 19 15:26:09 2018; 0 IP addresses (0 hosts up) scanned in 0.36 seconds" exit="error" errormsg="NSE: failed to initialize the script engine:&#xa;/usr/local/bin/../share/nmap/nse_main.lua:821: &apos;vulners&apos; did not match a category, filename, or directory&#xa;stack traceback:&#xa;&#x9;[C]: in function &apos;error&apos;&#xa;&#x9;/usr/local/bin/../share/nmap/nse_main.lua:821: in local &apos;get_chosen_scripts&apos;&#xa;&#x9;/usr/local/bin/../share/nmap/nse_main.lua:1312: in main chunk&#xa;&#x9;[C]: in ?&#xa;"/><hosts up="0" down="0" total="0"/>
</runstats>
</nmaprun>
[Inferior 1 (process 7018) exited with code 01]

Problem:

NSE: failed to initialize the script engine:
/usr/local/bin/../share/nmap/nse_main.lua:821: 'vulners' did not match a category, filename, or directory
stack traceback:
 [C]: in function 'error'
 /usr/local/bin/../share/nmap/nse_main.lua:821: in local 'get_chosen_scripts'
 /usr/local/bin/../share/nmap/nse_main.lua:1312: in main chunk
 [C]: in ?

QUITTING!

RedHat version strings on backporting

Unfortunately, RedHat doesn't update the service version string when a package
has been applied. So even though Apache httpd 2.4.6 is riddled with
vulnerabilities "backporting" is applied from the latest stable version which
in this case is 2.4.39. The scan however provides a list of 2.4.6 CVEs (which could be false positives). Is there any solutions to this apart from examining change logs or RPM versions?

Script Engine Initialization Issues -- Debian

Hello!

I'm looking to use this tool for some testing. However, when I went to update the database, and to run it for confirmation afterward, it had an error. It was as follows:

Starting Nmap 7.70 ( https://nmap.org ) at 2021-11-14 21:28 EST
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:259: /usr/bin/../share/nmap/scripts/vulners.nse:7: une
xpected symbol near '<'
stack traceback:
[C]: in function 'assert'
/usr/bin/../share/nmap/nse_main.lua:259: in upvalue 'loadscript'
/usr/bin/../share/nmap/nse_main.lua:601: in field 'new'
/usr/bin/../share/nmap/nse_main.lua:828: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1315: in main chunk
[C]: in ?

QUITTING!

This was the same error as when trying to update the nmap script DB. I'm not sure if it's a mistake on my part or an error with your code, but based on the error, it looks like a code syntax error.

Thanks so much for your help!

It seems the argument mincvss not working anymore

Dear Devs,

I use this script since last year, and it worked like a charm until now. Now it seems the mincvss argument not working anymore. Here's my nmap call:

nmap -sV --script /path/to/vulners/vulners.nse --script-args mincvss=8 {TARGET_IP}

It gives me the following output (sample):

...
80/tcp  open   http    Apache httpd 2.4.18
|_http-server-header: Apache/2.4.18
| vulners: 
|   cpe:/a:apache:http_server:2.4.18: 
|     	EXPLOITPACK:44C5118F831D55FAF4259C41D8BDA0AB	7.2	https://vulners.com/exploitpack/EXPLOITPACK:44C5118F831D55FAF4259C41D8BDA0AB	*EXPLOIT*
|     	1337DAY-ID-32502	7.2	https://vulners.com/zdt/1337DAY-ID-32502	*EXPLOIT*
|     	EDB-ID:47689	5.8	https://vulners.com/exploitdb/EDB-ID:47689	*EXPLOIT*
...

As you can see, I got exploits with 7.2 and lower CVS score, but I would like to get reports exploits over 8.0 CVSS only. It worked before, but something has changed a few weeks ago.

Can you help me what did I wrong?

Thanks,
RobbeR

Run only vulners

I'd expect this command to run only the vulners script.

 nmap -sV --version-all --script vulners -oX nmap.xml -iL sorted_hosts.out

But nmap seems to run other scripts, including fingerprint-strings. I am reticent to use a not expression as I can't understand what other scripts are being run. Default?

How can I just run vulners as the only NSE script?
Nmap version 7.70 ( https://nmap.org )

Many thanks for this script.

cd: no such file or directory: /usr/share/nmap/scripts

Have a good day m8 cheers

Originally posted by @40withabeam in #13 (comment)

No CVE output kali 2021

It broke, anyone else?

no output

when I run the follwing nmap -sV --script vulners this is the output

nmap -sV --script vulners 192.168.1.1
Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 11:32 India Standard Time
Nmap scan report for 192.168.1.1
Host is up (0.0010s latency).
All 1000 scanned ports on 192.168.1.1 are filtered
MAC Address: C8:D7:79:A4:69:2F (Qingdao Haier TelecomLtd)

Service detection performed. Please report any incorrect results at https://nmap
.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 64.43 seconds
vulners yields no output pls fix

No results

Hello,

I ran your script against a couple of our internal systems and external, either time I did not get a CVE finding. Below is the outpuit and command I used.

nmap -sV --script vulners redacted_hostname

Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-30 11:27 EST
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
Nmap scan report for redacted_hostname
Host is up (1.1s latency).
rDNS record for 127.0.0.1: redacted_hostname
Not shown: 981 closed ports
PORT STATE SERVICE VERSION
53/tcp open domain Microsoft DNS 6.1.7601
88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2018-01-30 16:28:28Z)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: redacted_hostname, Site: Default-First-Site-Name)
445/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012 microsoft-ds (workgroup: redacted)
464/tcp open kpasswd5?
514/tcp filtered shell
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: redacted_hostname, Site: Default-First-Site-Name)
3269/tcp open tcpwrapped
3389/tcp open ms-wbt-server Microsoft Terminal Service
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49158/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
49159/tcp open msrpc Microsoft Windows RPC
Service Info: Host: redacted_hostname; OS: Windows; CPE: cpe:/o:microsoft:windows

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 86.71 seconds

nmap tool vulners

Less an issue, more a feature request for an "offline" nmap result check against vulners database

Hello together,

I'm looking for a possibility to check the nmap scan results "offline" and this means at a later point in time, against the vulner DB with the same output like in the nmap script mode.
The reason is, i don't have a possibility all the time to use a internet connection if i check internal systems. In this case, i would not able to use this standard vulners solution in my opinion. So i could imagine to check the nmap scan results at a later point in time against the vulners database, without scan. Only the nmap results in xml format for example.

Thank you in advance for any idea and feedback.

Greetings,
M.

-

issue can be deleted

You are doing it too fast. Lower the rate or contact isox AT vulners DOT

Does your NSE script require tender-scanning?

I get the following output:

22/tcp open ssh syn-ack ttl 64 OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0) | vulners: |_ cpe:/a:openbsd:openssh:4.7p1: You are doing it too fast. Lower the rate or contact isox AT vulners DOT com.

...when scanning a metasploitable instance with following nmap command:

nmap -sS -Pn -n -vvv --reason -A --version-all -p- -T3 --script vulners -oA metasploitable-vulnerstest-A-allports 192.168.126.132

If your NSE script requires making Web-API requests during scanning, this is an absolute no-go! On many engagements, you won't have an Internet connection...and n̶o̶t̶ ̶e̶v̶e̶n̶ ̶m̶e̶n̶t̶i̶o̶n̶i̶n̶g̶ ̶t̶h̶e̶ ̶p̶r̶i̶v̶a̶c̶y̶ ̶c̶o̶n̶c̶e̶r̶n̶s̶.̶.̶.̶ this contributes to serious privacy and non-disclosure-agreement violations.

'.....nmap-vulners' found, but will not match without '/' Error

┌──(#######㉿kaliworkstation)-[/usr/share/nmap/scripts]
└─$ nmap --script nmap-vulners -sV XX.XX.XX.XX
Starting Nmap 7.91 ( https://nmap.org ) at ####-##-## ##:## ###
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:821: directory '/usr/bin/../share/nmap/scripts/nmap-vulners' found, but will not match without '/'
stack traceback:
[C]: in function 'error'
/usr/bin/../share/nmap/nse_main.lua:821: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1312: in main chunk
[C]: in ?

QUITTING!

Help!!! Why is this doing this?

Xc

API KEY from https://vulners.com/userinfo?tab=api-keys

How can i use generated keys for nmap with nmap-vulners nse script?
i donwload beta version but dont see any enteprise nse for api key input.
how correlated those keys and that script? thx for your project!

Having problems when running vulscan command

I have installed the vulscan script for nmap but I just keep getting this error. Does anyone know how to fix this?

┌──(rootkali)-[~]
└─# nmap --script vulscan, nmap-vulners -sV (entered ip w/o brackets)
Starting Nmap 7.91 ( https://nmap.org/ ) at 2021-03-21 02:46 GMT
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:821: directory '/usr/bin/../share/nmap/scripts/vulscan' found, but will not match without '/'
stack traceback:
[C]: in function 'error'
/usr/bin/../share/nmap/nse_main.lua:821: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1312: in main chunk
[C]: in ?

False positives: IIS 10.0

The script is currently reporting false-positive vulnerabilities for Microsoft IIS Server 10.0 that affect old versions of IIS. Example output:

PORT    STATE SERVICE  VERSION
443/tcp open  ssl/http Microsoft IIS httpd 10.0
|_http-server-header: Microsoft-IIS/10.0
| vulners:
|   cpe:/a:microsoft:internet_information_server:10.0:
|     	SSV:12476	9.3	https://vulners.com/seebug/SSV:12476	*EXPLOIT*
|     	SSV:12175	9.3	https://vulners.com/seebug/SSV:12175	*EXPLOIT*
|     	PACKETSTORM:94532	9.3	https://vulners.com/packetstorm/PACKETSTORM:94532	*EXPLOIT*
|     	MSF:EXPLOIT/WINDOWS/FTP/MS09_053_FTPD_NLST	9.3	https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/FTP/MS09_053_FTPD_NLST	*EXPLOIT*
|     	EDB-ID:9559	9.3	https://vulners.com/exploitdb/EDB-ID:9559	*EXPLOIT*
|     	EDB-ID:9541	9.3	https://vulners.com/exploitdb/EDB-ID:9541	*EXPLOIT*
|     	EDB-ID:16740	9.3	https://vulners.com/exploitdb/EDB-ID:16740	*EXPLOIT*
|     	SAINT:38542AFE78DE33F6BB0AF7E6A3C90956	9.3	https://vulners.com/saint/SAINT:38542AFE78DE33F6BB0AF7E6A3C90956	*EXPLOIT*
|     	SAINT:54344E071A068774A374DCE7F7795E80	9.0	https://vulners.com/saint/SAINT:54344E071A068774A374DCE7F7795E80	*EXPLOIT*
|     	SAINT:4EB4CF34422D02BCBF715C4ACFAC8C99	9.0	https://vulners.com/saint/SAINT:4EB4CF34422D02BCBF715C4ACFAC8C99	*EXPLOIT*
|     	IISFTP_NLST	9.0	https://vulners.com/canvas/IISFTP_NLST	*EXPLOIT*
|     	CVE-2009-3023	9.0	https://vulners.com/cve/CVE-2009-3023
|_    	CVE-2010-1256	8.5	https://vulners.com/cve/CVE-2010-1256
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

As mentioned, the two CVEs reported are very old and affect legacy versions of IIS like 5.0 and/or 6.0. The issue can also be replicated by querying directly the vulners' API:

curl "https://vulners.com/api/v3/burp/software/?software=cpe:/a:microsoft:internet_information_server:10.0&version=10.0&type=cpe"

{
  "result": "OK",
  "data": {
    "search": [
      {
        "index": "es6_bulletins_bulletin_v2",
        "id": "CVE-2009-3023",
        "doc_type": "bulletin",
        "_source": {
          "id": "CVE-2009-3023",
.....
}