vulnerscom / nmap-vulners Goto Github PK
View Code? Open in Web Editor NEWNSE script based on Vulners.com API
License: GNU General Public License v3.0
NSE script based on Vulners.com API
License: GNU General Public License v3.0
Dear,
I have a web application created with java. I want to check if there exist any cve problem. I want to make sure if this way is ok?
I started my web application using tomcat,so I get the port for it. Use this tool to scan, I found anything output.
the command I execute like:
nmap --script nmap-vulners,vulscan --script-args vulscandb=scipvuldb.csv -sV -p8080 ip
and get the result like:
no any problem report, So I doubt if there any problem, please also support some sample such like some website I can scan to get the problem report, So I check if the tool is work well.
Please help!
$ nmap --script nmap-vulners -sV 127.0.0.1
Starting Nmap 7.70 ( https://nmap.org ) at 2020-02-20 16:45 IST
Nmap scan report for 10.100.100.166
Host is up (0.00075s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
53/tcp open domain dnsmasq 2.79
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 10.74 seconds
Expected Output
| vulners:
| cpe:/a:thekelleys:dnsmasq:2.79:
|_ CVE-2019-14834 4.3 https://vulners.com/cve/CVE-2019-14834
Please help me why I am not getting the vulnerabilities?
NOTE: I am able to get expected output when I use $nmap --script nmap-vulners -sV <IP_address> remotly from my ubuntu 16.04 PC
Without --script-args paths=something
http-vulners-regex it will not return any results. It is not even apparent it is sending any traffic to the target.
With --script-args paths=something
it will either use that file or when it fails to find that file it uses the default paths file. Traffic is sent as expected; results may follow.
Version info:
root@kali:~# nmap --version
Nmap version 7.80 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.3 openssl-1.1.1d libssh2-1.8.0 libz-1.2.11 libpcre-8.39 nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select
Try this:
root@kali:~# nmap -p80 --script http-vulners-regex -d php.testsparker.com
Result (truncated):
PORT STATE SERVICE
80/tcp open httpNmap done: 1 IP address (1 host up) scanned in 0.95 seconds
The relevant but not-so-helpful -d
output:
NSE: Starting http-vulners-regex against php.testsparker.com (107.20.213.223:80).
NSE: Finished http-vulners-regex against php.testsparker.com (107.20.213.223:80).
Then try again with bogus path:
root@kali:~# nmap -p80 --script http-vulners-regex --script-args paths=nosuchfile -d php.testsparker.com
Results:
PORT STATE SERVICE
80/tcp open http
| http-vulners-regex:
| localstart.asp:
|_ cpe:/a:php:php:5.2.6
Nmap done: 1 IP address (1 host up) scanned in 3.78 seconds
Relevant section from -d
debug:
NSE: Starting http-vulners-regex against php.testsparker.com (107.20.213.223:80).
NSE: [http-vulners-regex 107.20.213.223:80] Trying to read paths from a specified file nosuchfile
NSE: [http-vulners-regex 107.20.213.223:80] No file found at nselib/data/nosuchfile, using local copy
NSE: [http-vulners-regex 107.20.213.223:80] Failed to open a file with paths
NSE: [http-vulners-regex 107.20.213.223:80] Trying to read paths from a default file http-vulners-paths.txt
NSE: [http-vulners-regex 107.20.213.223:80] Analyze path default.cfm
Line 157 in 4899a73
It should say Failed to contact vulners in several attempts.
but it says cantact
./nmapAutomator.sh 10.10.10.160 Vulns
Running Vuln scan on basic ports
Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-28 14:10 CET
Error #486: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
QUITTING!
---------------------Finished all Nmap scans---------------------
Completed in 0 seconds
I guess this is a quick fix but was to lazy so far to check out ur script any idea ?
hello every one i had this problem can any one help
nmap --script vulscan,nmap-vulners -sV ( IP)
Starting Nmap 7.93 ( https://nmap.org ) at 2022-11-14 17:13 CST
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:833: 'nmap-vulners' did not match a category, filename, or directory
stack traceback:
[C]: in function 'error'
/usr/bin/../share/nmap/nse_main.lua:833: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1344: in main chunk
[C]: in ?
while installing Nmap it asking about password, when I'm entering password it shows Authentication failure.
Hi,
Is there a rate limit on this nmap plugin (vulners.nse)? If there is a 250GB database, how can I use it locally?
when I use:
➜ Scanner-Tool nmap -v
Starting Nmap 7.70SVN ( https://nmap.org ) at 2018-05-31 10:18 CST
Read data files from: /usr/local/bin/../share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.02 seconds
➜ Scanner-Tool sudo nmap -sV --script vulners 95.163.200.165
Starting Nmap 7.70SVN ( https://nmap.org ) at 2018-05-31 10:19 CST
NSE: failed to initialize the script engine:
/usr/local/bin/../share/nmap/nse_main.lua:823: 'vulners' did not match a category, filename, or directory
stack traceback:
[C]: in function 'error'
/usr/local/bin/../share/nmap/nse_main.lua:823: in local 'get_chosen_scripts'
/usr/local/bin/../share/nmap/nse_main.lua:1315: in main chunk
[C]: in ?
QUITTING!
...
spider@kali:~$ nmap -sV -Pn --version-all --script vulners 192.168.1.11
Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-07 03:13 EDT
Stats: 0:00:50 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 85.71% done; ETC: 03:14 (0:00:07 remaining)
Stats: 0:01:51 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 85.71% done; ETC: 03:15 (0:00:17 remaining)
Stats: 0:03:17 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 100.00% done; ETC: 03:16 (0:00:00 remaining)
Nmap scan report for 192.168.1.11
Host is up (0.019s latency).
Not shown: 993 filtered ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows 7 - 10 microsoft-ds (workgroup: WORKGROUP)
554/tcp open rtsp?
2869/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
10243/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
Service Info: Host: ADMIN-PC; OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 206.31 seconds
I use Kali Linux on a Virutual box and i had downloaded vulners and put the vulners.nse in the scripts folder and i had also downloaded Vulscan and put that in scripts but thats pretty irrelevent, anyway my problem is that i thought by using --scripts vulners i would get a list of vulnerabilites and ways to exploit them.
Thank you!
It would be very helpful if there is a way we can see the severity/CVSS score of the issue.
21/tcp open ftp vsftpd 2.2.2
| vulners:
| cpe:/a:vsftpd:vsftpd:2.2.2:
|_ EDB-ID:42965 0.0 https://vulners.com/exploitdb/EDB-ID:42965 *EXPLOIT*
The exploit suggested doesn't match up with the application.
It's very possible I'm misunderstanding or doing something wrong here, but the script doesn't seem to be detecting a vulnerable HP ilo service for which there are vulners entries:
https://vulners.com/nessus/ILO_AUTH_BYPASS.NASL
https://vulners.com/openvas/OPENVAS:1361412562310140325
nmap run with debug cranked below:
nmap -sV -p443 --script vulners 111.111.111.111 -vvvvv
Starting Nmap 7.60SVN ( https://nmap.org ) at 2018-01-02 14:12 CST
NSE: Loaded 44 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 14:12
Completed NSE at 14:12, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 14:12
Completed NSE at 14:12, 0.00s elapsed
Initiating Ping Scan at 14:12
Scanning 111.111.111.111 [4 ports]
Completed Ping Scan at 14:12, 0.23s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:12
Debugging Increased to 1.
Debugging Increased to 2.
NSOCK INFO [2.9290s] nsock_write(): Write request for 45 bytes to IOD #1 EID 83 [2001:4860:4860::8844:53]
NSOCK INFO [2.9290s] nsock_trace_handler_callback(): Callback: WRITE ERROR [Destination address required (89)] for EID 83 [2001:4860:4860::8844:53]
NSOCK INFO [5.9300s] nsock_write(): Write request for 45 bytes to IOD #2 EID 91 [2001:4860:4860::8888:53]
NSOCK INFO [5.9300s] nsock_trace_handler_callback(): Callback: WRITE ERROR [Destination address required (89)] for EID 91 [2001:4860:4860::8888:53]
NSOCK INFO [8.4290s] nsock_write(): Write request for 45 bytes to IOD #2 EID 99 [2001:4860:4860::8888:53]
NSOCK INFO [8.4290s] nsock_trace_handler_callback(): Callback: WRITE ERROR [Destination address required (89)] for EID 99 [2001:4860:4860::8888:53]
NSOCK INFO [11.4300s] nsock_write(): Write request for 45 bytes to IOD #3 EID 107 [8.8.4.4:53]
NSOCK INFO [11.4300s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 107 [8.8.4.4:53]
NSOCK INFO [11.4400s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 50 [8.8.4.4:53] (102 bytes)
NSOCK INFO [11.4400s] nsock_read(): Read request from IOD #3 [8.8.4.4:53] (timeout: -1ms) EID 114
NSOCK INFO [11.4400s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [11.4400s] nevent_delete(): nevent_delete on event #18 (type READ)
NSOCK INFO [11.4400s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [11.4400s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [11.4400s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [11.4400s] nevent_delete(): nevent_delete on event #114 (type READ)
NSOCK INFO [11.4400s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [11.4400s] nevent_delete(): nevent_delete on event #66 (type READ)
mass_rdns: 11.01s 0/1 [#: 4, OK: 0, NX: 0, DR: 0, SF: 0, TR: 5]
Completed Parallel DNS resolution of 1 host. at 14:12, 11.01s elapsed
DNS resolution of 1 IPs took 11.01s. Mode: Async [#: 4, OK: 0, NX: 1, DR: 0, SF: 0, TR: 5, CN: 0]
Initiating SYN Stealth Scan at 14:12
Scanning 111.111.111.111 [1 port]
Packet capture filter (device enp2s0f0): dst host 222.222.222.222 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 111.111.111.111)))
Discovered open port 443/tcp on 111.111.111.111
Changing global ping host to 111.111.111.111.
Completed SYN Stealth Scan at 14:12, 0.36s elapsed (1 total ports)
Overall sending rates: 5.62 packets / s, 247.49 bytes / s.
Fetchfile found /usr/bin/../share/nmap/nmap-service-probes
Initiating Service scan at 14:12
Scanning 1 service on 111.111.111.111
NSOCK INFO [11.8900s] nsock_iod_new2(): nsock_iod_new (IOD #1)
Starting probes against new service: 111.111.111.111:443 (tcp)
NSOCK INFO [11.8900s] nsock_connect_tcp(): TCP connection requested to 111.111.111.111:443 (IOD #1) EID 8
NSOCK INFO [11.9240s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [111.111.111.111:443]
Service scan sending probe NULL to 111.111.111.111:443 (tcp)
NSOCK INFO [11.9240s] nsock_read(): Read request from IOD #1 [111.111.111.111:443] (timeout: 6000ms) EID 18
NSOCK INFO [17.9270s] nsock_trace_handler_callback(): Callback: READ TIMEOUT for EID 18 [111.111.111.111:443]
Service scan sending probe SSLSessionReq to 111.111.111.111:443 (tcp)
NSOCK INFO [17.9270s] nsock_write(): Write request for 88 bytes to IOD #1 EID 27 [111.111.111.111:443]
NSOCK INFO [17.9270s] nsock_read(): Read request from IOD #1 [111.111.111.111:443] (timeout: 5000ms) EID 34
NSOCK INFO [17.9270s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 27 [111.111.111.111:443]
NSOCK INFO [17.9650s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 34 [111.111.111.111:443] (837 bytes)
Service scan match (Probe SSLSessionReq matched with SSLSessionReq line 12993): 111.111.111.111:443 is ssl. Version: |OpenSSL||SSLv3|
NSOCK INFO [17.9650s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [17.9650s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [17.9650s] nsock_connect_ssl(): SSL connection requested to 111.111.111.111:443/tcp (IOD #2) EID 41
NSOCK INFO [18.1560s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 41 [111.111.111.111:443]
Service scan sending probe NULL to 111.111.111.111:443 (tcp)
NSOCK INFO [18.1560s] nsock_read(): Read request from IOD #2 [111.111.111.111:443] (timeout: 6000ms) EID 50
NSOCK INFO [24.1620s] nsock_trace_handler_callback(): Callback: READ TIMEOUT for EID 50 [111.111.111.111:443]
Service scan sending probe GetRequest to 111.111.111.111:443 (tcp)
NSOCK INFO [24.1620s] nsock_write(): Write request for 18 bytes to IOD #2 EID 59 [111.111.111.111:443]
NSOCK INFO [24.1630s] nsock_read(): Read request from IOD #2 [111.111.111.111:443] (timeout: 5000ms) EID 66
NSOCK INFO [24.1630s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 59 [111.111.111.111:443]
NSOCK INFO [24.1980s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 66 [111.111.111.111:443] (26 bytes): HTTP/1.1 400 Bad Request..
NSOCK INFO [24.2010s] nsock_read(): Read request from IOD #2 [111.111.111.111:443] (timeout: 4962ms) EID 74
NSOCK INFO [24.2010s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 74 [111.111.111.111:443] (129 bytes)
NSOCK INFO [24.2080s] nsock_read(): Read request from IOD #2 [111.111.111.111:443] (timeout: 4955ms) EID 82
NSOCK INFO [24.2080s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 82 [111.111.111.111:443] [EOF](2 bytes): ..
Service scan match (Probe GetRequest matched with GetRequest line 9692): 111.111.111.111:443 is SSL/http. Version: |HP Integrated Lights-Out web interface|1.30||
NSOCK INFO [24.2080s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
Completed Service scan at 14:13, 12.32s elapsed (1 service on 1 host)
NSE: Script scanning 111.111.111.111.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 14:13
NSE: Starting http-trane-info M:55faee6e49f8 against 111.111.111.111:443.
NSOCK INFO [24.2100s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [24.2110s] nsock_connect_ssl(): SSL connection requested to 111.111.111.111:443/tcp (IOD #1) EID 9
NSE: Starting http-server-header M:55faee6f4ae8 against 111.111.111.111:443.
NSOCK INFO [24.2110s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [24.2110s] nsock_connect_ssl(): SSL connection requested to 111.111.111.111:443/tcp (IOD #2) EID 17
NSE: Starting vulners M:55faee562a88 against 111.111.111.111:443.
NSOCK INFO [24.2110s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [24.2120s] nsock_connect_ssl(): SSL connection requested to 188.42.174.102:443/tcp (IOD #3) EID 25
NSE: Starting vmware-version M:55faee591ad8 against 111.111.111.111:443.
NSOCK INFO [24.2120s] nsock_iod_new2(): nsock_iod_new (IOD #4)
NSOCK INFO [24.2120s] nsock_connect_ssl(): SSL connection requested to 111.111.111.111:443/tcp (IOD #4) EID 33
NSE: Starting hnap-info M:55faee6f3ac8 against 111.111.111.111:443.
NSOCK INFO [24.5200s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 25 [188.42.174.102:443]
NSOCK INFO [24.5590s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 9 [111.111.111.111:443]
NSOCK INFO [24.5620s] nsock_write(): Write request for 176 bytes to IOD #1 EID 43 [111.111.111.111:443]
NSOCK INFO [24.5620s] nsock_write(): Write request for 182 bytes to IOD #3 EID 51 [188.42.174.102:443]
NSOCK INFO [24.5620s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 43 [111.111.111.111:443]
NSOCK INFO [24.5620s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 51 [188.42.174.102:443]
NSOCK INFO [24.5710s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 33 [111.111.111.111:443]
NSOCK INFO [24.5720s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 17 [111.111.111.111:443]
NSOCK INFO [24.5720s] nsock_read(): Read request from IOD #1 [111.111.111.111:443] (timeout: 7000ms) EID 58
NSOCK INFO [24.5720s] nsock_write(): Write request for 18 bytes to IOD #2 EID 67 [111.111.111.111:443]
NSOCK INFO [24.5720s] nsock_read(): Read request from IOD #3 [188.42.174.102:443] (timeout: 14000ms) EID 74
NSOCK INFO [24.5720s] nsock_write(): Write request for 618 bytes to IOD #4 EID 83 [111.111.111.111:443]
NSOCK INFO [24.5720s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 67 [111.111.111.111:443]
NSOCK INFO [24.5720s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 83 [111.111.111.111:443]
NSOCK INFO [24.5970s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 58 [111.111.111.111:443] (24 bytes): HTTP/1.1 404 Not Found..
NSOCK INFO [24.6220s] nsock_read(): Read request from IOD #1 [111.111.111.111:443] (timeout: 7000ms) EID 90
NSOCK INFO [24.6220s] nsock_read(): Read request from IOD #2 [111.111.111.111:443] (timeout: 7000ms) EID 98
NSOCK INFO [24.6220s] nsock_read(): Read request from IOD #4 [111.111.111.111:443] (timeout: 7000ms) EID 106
NSOCK INFO [24.6220s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 90 [111.111.111.111:443] [EOF](130 bytes)
NSOCK INFO [24.6220s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 98 [111.111.111.111:443] [EOF](157 bytes)
NSOCK INFO [24.6220s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 106 [111.111.111.111:443] [EOF](176 bytes)
NSOCK INFO [24.6720s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSE: [http-trane-info M:55faee6e49f8 111.111.111.111:443] Final http cache size (0 bytes) of max size of 1000000
NSE: [http-trane-info M:55faee6e49f8 111.111.111.111:443] HTTP: Host returns proper 404 result.
NSOCK INFO [24.6720s] nsock_iod_new2(): nsock_iod_new (IOD #5)
NSOCK INFO [24.6720s] nsock_connect_ssl(): SSL connection requested to 111.111.111.111:443/tcp (IOD #5) EID 113
NSOCK INFO [24.6720s] nsock_iod_new2(): nsock_iod_new (IOD #6)
NSOCK INFO [24.6720s] nsock_connect_ssl(): SSL connection requested to 111.111.111.111:443/tcp (IOD #6) EID 121
NSOCK INFO [24.6720s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSE: [vmware-version M:55faee591ad8 111.111.111.111:443] Couldn't download file: /sdk
NSE: Finished vmware-version M:55faee591ad8 against 111.111.111.111:443.
NSOCK INFO [24.6760s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 74 [188.42.174.102:443] [EOF](1084 bytes)
NSOCK INFO [24.7220s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSE: [vulners M:55faee562a88 111.111.111.111:443] Final http cache size (120 bytes) of max size of 1000000
NSOCK INFO [24.7220s] nsock_iod_new2(): nsock_iod_new (IOD #7)
NSOCK INFO [24.7250s] nsock_connect_ssl(): SSL connection requested to 188.42.174.102:443/tcp (IOD #7) EID 129
NSE: [hnap-info M:55faee6f3ac8 111.111.111.111:443] HTTP: Host returns proper 404 result.
NSOCK INFO [24.7250s] nsock_iod_new2(): nsock_iod_new (IOD #8)
NSOCK INFO [24.7250s] nsock_connect_ssl(): SSL connection requested to 111.111.111.111:443/tcp (IOD #8) EID 137
NSOCK INFO [24.9420s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 121 [111.111.111.111:443]
NSOCK INFO [24.9490s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 113 [111.111.111.111:443]
NSOCK INFO [24.9740s] nsock_write(): Write request for 162 bytes to IOD #5 EID 147 [111.111.111.111:443]
NSOCK INFO [24.9740s] nsock_write(): Write request for 40 bytes to IOD #6 EID 155 [111.111.111.111:443]
NSOCK INFO [24.9740s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 147 [111.111.111.111:443]
NSOCK INFO [24.9740s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 155 [111.111.111.111:443]
NSOCK INFO [25.0220s] nsock_read(): Read request from IOD #5 [111.111.111.111:443] (timeout: 7000ms) EID 162
NSOCK INFO [25.0220s] nsock_read(): Read request from IOD #6 [111.111.111.111:443] (timeout: 7000ms) EID 170
NSOCK INFO [25.0230s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 162 [111.111.111.111:443] (152 bytes)
NSOCK INFO [25.0230s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 170 [111.111.111.111:443] (147 bytes)
NSOCK INFO [25.0300s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 129 [188.42.174.102:443]
NSOCK INFO [25.0720s] nsock_read(): Read request from IOD #5 [111.111.111.111:443] (timeout: 7000ms) EID 178
NSE: Finished http-server-header M:55faee6f4ae8 against 111.111.111.111:443.
NSOCK INFO [25.0730s] nsock_write(): Write request for 183 bytes to IOD #7 EID 187 [188.42.174.102:443]
NSOCK INFO [25.0730s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [25.0730s] nsock_iod_delete(): nsock_iod_delete (IOD #6)
NSOCK INFO [25.0730s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 178 [111.111.111.111:443] [EOF](2 bytes): ..
NSOCK INFO [25.0730s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 187 [188.42.174.102:443]
NSOCK INFO [25.0990s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 137 [111.111.111.111:443]
NSOCK INFO [25.0990s] nsock_iod_delete(): nsock_iod_delete (IOD #5)
NSE: [http-trane-info M:55faee6e49f8 111.111.111.111:443] Final http cache size (120 bytes) of max size of 1000000
NSE: Finished http-trane-info M:55faee6e49f8 against 111.111.111.111:443.
NSOCK INFO [25.0990s] nsock_read(): Read request from IOD #7 [188.42.174.102:443] (timeout: 14000ms) EID 194
NSOCK INFO [25.0990s] nsock_write(): Write request for 157 bytes to IOD #8 EID 203 [111.111.111.111:443]
NSOCK INFO [25.0990s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 203 [111.111.111.111:443]
NSOCK INFO [25.1490s] nsock_read(): Read request from IOD #8 [111.111.111.111:443] (timeout: 7000ms) EID 210
NSOCK INFO [25.1490s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 210 [111.111.111.111:443] [EOF](154 bytes)
NSOCK INFO [25.1850s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 194 [188.42.174.102:443] [EOF](1084 bytes)
NSOCK INFO [25.1850s] nsock_iod_delete(): nsock_iod_delete (IOD #7)
NSE: [vulners M:55faee562a88 111.111.111.111:443] Final http cache size (240 bytes) of max size of 1000000
NSOCK INFO [25.1850s] nsock_iod_new2(): nsock_iod_new (IOD #9)
NSOCK INFO [25.1890s] nsock_connect_ssl(): SSL connection requested to 188.42.174.102:443/tcp (IOD #9) EID 217
NSOCK INFO [25.1890s] nsock_iod_delete(): nsock_iod_delete (IOD #8)
NSE: [hnap-info M:55faee6f3ac8 111.111.111.111:443] Final http cache size (240 bytes) of max size of 1000000
NSE: Finished hnap-info M:55faee6f3ac8 against 111.111.111.111:443.
NSOCK INFO [25.4970s] nsock_trace_handler_callback(): Callback: SSL-CONNECT SUCCESS for EID 217 [188.42.174.102:443]
NSOCK INFO [25.4980s] nsock_write(): Write request for 189 bytes to IOD #9 EID 227 [188.42.174.102:443]
NSOCK INFO [25.4980s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 227 [188.42.174.102:443]
NSOCK INFO [25.4980s] nsock_read(): Read request from IOD #9 [188.42.174.102:443] (timeout: 14000ms) EID 234
NSOCK INFO [25.6800s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 234 [188.42.174.102:443] [EOF](1085 bytes)
NSOCK INFO [25.6800s] nsock_iod_delete(): nsock_iod_delete (IOD #9)
NSE: [vulners M:55faee562a88 111.111.111.111:443] Final http cache size (360 bytes) of max size of 1000000
NSE: Finished vulners M:55faee562a88 against 111.111.111.111:443.
Completed NSE at 14:13, 1.47s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 14:13
Completed NSE at 14:13, 0.00s elapsed
Nmap scan report for 111.111.111.111
Host is up, received syn-ack ttl 48 (0.034s latency).
Scanned at 2018-01-02 14:12:38 CST for 26s
PORT STATE SERVICE REASON VERSION
443/tcp open ssl/http syn-ack ttl 48 HP Integrated Lights-Out web interface 1.30
|_http-server-header: HP-iLO-Server/1.30
Service Info: CPE: cpe:/h:hp:integrated_lights-out:1.30
Final times for host: srtt: 34194 rttvar: 25866 to: 137658
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 14:13
Completed NSE at 14:13, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 14:13
Completed NSE at 14:13, 0.00s elapsed
Read from /usr/bin/../share/nmap: nmap-payloads nmap-service-probes nmap-services.
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 25.69 seconds
Raw packets sent: 6 (240B) | Rcvd: 2 (88B)
Following : https://null-byte.wonderhowto.com/how-to/easily-detect-cves-with-nmap-scripts-0181925/ is probably what you did there tutorial is awful in my opinion
you will run into the error "/usr/local/bin/../share/nmap/nse_main.lua:823: 'vulners' did not match a category, filename, or directory
stack traceback:
[C]: in function 'error'
/usr/local/bin/../share/nmap/nse_main.lua:823: in local 'get_chosen_scripts'
/usr/local/bin/../share/nmap/nse_main.lua:1315: in main chunk
[C]: in ?
QUITTING!"
the way I fixed this was by using the command:
cd /usr/share/nmap/scripts
nmap -sV --script=vulscan/vulscan.nse
nmap -sV --script=vulscan/vulscan.nse -sV -p22 50...** (*or what ever command you desire)
If it still isn't make sure you installed it correctly:
cd /usr/share/nmap/scripts
git clone https://github.com/scipag/vulscan scipag_vulscan
ln -s pwd
/scipag_vulscan /usr/share/nmap/scripts/vulscan
Have a good day m8 cheers
Originally posted by @40withabeam in #13 (comment)
I noiticed that this repo has the same nse filename with one that nmap is alrerady shipped in. Thia file is vulners.nse which exists in the default nmap scripting directory and thus nmap cannot run with:
--script vuln,nmap-vulners in a single command.
I'm curious is there a way to use the python script (https://github.com/vulnersCom/api) or https://github.com/vulnersCom/getsploit for using an offline copy of the vulners database instead of sending the software versions that are detected over the Internet. If the local/offline option is not possible how would we use a privately hosted alternative?
we have recently noticed false positive vulnerabilities for openssh packages, we are using the latest openssh version 8.6
https://nvd.nist.gov/vuln/detail/CVE-2001-0554">CVE-2001-0554|
MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145
MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145
MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145
MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145
MSF:ILITIES/F5-BIG-IP-CVE-2020-14145
https://nvd.nist.gov/vuln/detail/CVE-2020-14145
can we skip these vulnerabilities?
Hello,
Will it ever be possible to perform check based on a results of a previous scan?
For example when during a pentest of an internal network using various pivoting methods you will not have access to internet. Is it possible to save scan results and perform vulners check using this script on a another machine?
We are daily scan servers with nmap matching vulners.nse, have found that recently its getting lot of false positive alerts on httpd.
As we have installed httpd latest version, still it's showing 1999, 2000 vulnerabilities. Any method to bypass these?
Example Output
|http-server-header: Apache/2.4.46 (codeit) OpenSSL/1.1.1g PHP/7.2.32 mod_wsgi/3.4 Python/2.7.5
| vulners:
| cpe:/a:apache:http_server:2.4.46:
| CVE-2010-0425 10.0 https://vulners.com/cve/CVE-2010-0425
| CVE-1999-1412 10.0 https://vulners.com/cve/CVE-1999-1412
| CVE-1999-1237 10.0 https://vulners.com/cve/CVE-1999-1237
| CVE-1999-0236 10.0 https://vulners.com/cve/CVE-1999-0236
| CVE-2009-1955 7.8 https://vulners.com/cve/CVE-2009-1955
| CVE-2007-6423 7.8 https://vulners.com/cve/CVE-2007-6423
| CVE-2007-0086 7.8 https://vulners.com/cve/CVE-2007-0086
| CVE-2009-3095 7.5 https://vulners.com/cve/CVE-2009-3095
| CVE-2007-4723 7.5 https://vulners.com/cve/CVE-2007-4723
| CVE-2009-1891 7.1 https://vulners.com/cve/CVE-2009-1891
| CVE-2009-1890 7.1 https://vulners.com/cve/CVE-2009-1890
| CVE-2008-2579 6.8 https://vulners.com/cve/CVE-2008-2579
| CVE-2007-5156 6.8 https://vulners.com/cve/CVE-2007-5156
| CVE-2014-0231 5.0 https://vulners.com/cve/CVE-2014-0231
| CVE-2011-1752 5.0 https://vulners.com/cve/CVE-2011-1752
| CVE-2010-1452 5.0 https://vulners.com/cve/CVE-2010-1452
| CVE-2010-0408 5.0 https://vulners.com/cve/CVE-2010-0408
| CVE-2009-2699 5.0 https://vulners.com/cve/CVE-2009-2699
| CVE-2007-0450 5.0 https://vulners.com/cve/CVE-2007-0450
| CVE-2005-1268 5.0 https://vulners.com/cve/CVE-2005-1268
| CVE-2003-0020 5.0 https://vulners.com/cve/CVE-2003-0020
| CVE-2001-1556 5.0 https://vulners.com/cve/CVE-2001-1556
| CVE-1999-0678 5.0 https://vulners.com/cve/CVE-1999-0678
| CVE-1999-0289 5.0 https://vulners.com/cve/CVE-1999-0289
| CVE-1999-0070 5.0 https://vulners.com/cve/CVE-1999-0070
| CVE-2009-1195 4.9 https://vulners.com/cve/CVE-2009-1195
| CVE-2011-1783 4.3 https://vulners.com/cve/CVE-2011-1783
| CVE-2010-0434 4.3 https://vulners.com/cve/CVE-2010-0434
| CVE-2008-2939 4.3 https://vulners.com/cve/CVE-2008-2939
| CVE-2008-2168 4.3 https://vulners.com/cve/CVE-2008-2168
| CVE-2008-0455 4.3 https://vulners.com/cve/CVE-2008-0455
| CVE-2007-6420 4.3 https://vulners.com/cve/CVE-2007-6420
| CVE-2007-6388 4.3 https://vulners.com/cve/CVE-2007-6388
| CVE-2007-5000 4.3 https://vulners.com/cve/CVE-2007-5000
| CVE-2007-4465 4.3 https://vulners.com/cve/CVE-2007-4465
| CVE-2007-1349 4.3 https://vulners.com/cve/CVE-2007-1349
| CVE-2007-6422 4.0 https://vulners.com/cve/CVE-2007-6422
| CVE-2007-6421 3.5 https://vulners.com/cve/CVE-2007-6421
When trying to find the location of the script file by using the provided code, Powershell returns "access denied". Not sure why.
Hey everyone so when I use this command to check vulnerabilities on my router (map --script vulscan,nmap-vulners -sV 196.168.0.1) it gives me this error
Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-12 10:09 EDT
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:821: directory '/usr/bin/../share/nmap/scripts/nmap-vulners' found, but will not match without '/'
stack traceback:
[C]: in function 'error'
/usr/bin/../share/nmap/nse_main.lua:821: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1312: in main chunk
[C]: in ?
QUITTING!
I installed both scripts correctly on the nmap scripts folder but doesnt work, someone hlep me plz
/usr/bin/../share/nmap/nse_main.lua:259: /usr/bin/../share/nmap/scripts/vulners.nse:1: unexpected symbol near '<'
stack traceback:
[C]: in function 'assert'
/usr/bin/../share/nmap/nse_main.lua:259: in upvalue 'loadscript'
/usr/bin/../share/nmap/nse_main.lua:601: in field 'new'
/usr/bin/../share/nmap/nse_main.lua:825: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1312: in main chunk
[C]: in ?
Hi, thank you very much for the wonderful scirpt!
I have created a nmap xml output to csv:
https://github.com/giper45/nmapvulners2csv
Hope that this can be useful to someone.
Regards,
Hi!
Are you have plans to adding proxy support in this script? or how use this feature
Thx for answers
Hey,
I just ran a scan against a device running Microsoft SQL Server 2019 and the script detected CVE-2021-1636. However, the version of the software is not vulnerable for this CVE. The script showed the correct version of the software though.
My question is, does the script takes software versions into account when checking for CVE's? And if it does, what could have gone wrong here?
Thanks in advance.
pew@ubuntu:~/# gdb nmap
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from nmap...(no debugging symbols found)...done.
(gdb) set args -oX - -p 443,22,25,21,587,993,80,143,995,53 -sV -T 5 --script vulners <ANY_IP_THERE>
(gdb) run
Starting program: /usr/local/bin/nmap -oX - -p 443,22,25,21,587,993,80,143,995,53 -sV -T 5 --script vulners <ANY_IP_THERE>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/local/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.60 scan initiated Mon Feb 19 15:26:09 2018 as: /usr/local/bin/nmap -oX - -p 443,22,25,21,587,993,80,143,995,53 -sV -T 5 --script vulners <ANY_IP_THERE> -->
<nmaprun scanner="nmap" args="/usr/local/bin/nmap -oX - -p 443,22,25,21,587,993,80,143,995,53 -sV -T 5 --script vulners <ANY_IP_THERE>" start="1519043169" startstr="Mon Feb 19 15:26:09 2018" version="7.60" xmloutputversion="1.04">
<scaninfo type="syn" protocol="tcp" numservices="10" services="21-22,25,53,80,143,443,587,993,995"/>
<verbose level="0"/>
<debugging level="0"/>
NSE: failed to initialize the script engine:
/usr/local/bin/../share/nmap/nse_main.lua:821: 'vulners' did not match a category, filename, or directory
stack traceback:
[C]: in function 'error'
/usr/local/bin/../share/nmap/nse_main.lua:821: in local 'get_chosen_scripts'
/usr/local/bin/../share/nmap/nse_main.lua:1312: in main chunk
[C]: in ?
QUITTING!
<runstats><finished time="1519043169" timestr="Mon Feb 19 15:26:09 2018" elapsed="0.36" summary="Nmap done at Mon Feb 19 15:26:09 2018; 0 IP addresses (0 hosts up) scanned in 0.36 seconds" exit="error" errormsg="NSE: failed to initialize the script engine:
/usr/local/bin/../share/nmap/nse_main.lua:821: 'vulners' did not match a category, filename, or directory
stack traceback:
	[C]: in function 'error'
	/usr/local/bin/../share/nmap/nse_main.lua:821: in local 'get_chosen_scripts'
	/usr/local/bin/../share/nmap/nse_main.lua:1312: in main chunk
	[C]: in ?
"/><hosts up="0" down="0" total="0"/>
</runstats>
</nmaprun>
[Inferior 1 (process 7018) exited with code 01]
Problem:
NSE: failed to initialize the script engine:
/usr/local/bin/../share/nmap/nse_main.lua:821: 'vulners' did not match a category, filename, or directory
stack traceback:
[C]: in function 'error'
/usr/local/bin/../share/nmap/nse_main.lua:821: in local 'get_chosen_scripts'
/usr/local/bin/../share/nmap/nse_main.lua:1312: in main chunk
[C]: in ?
QUITTING!
Unfortunately, RedHat doesn't update the service version string when a package
has been applied. So even though Apache httpd 2.4.6 is riddled with
vulnerabilities "backporting" is applied from the latest stable version which
in this case is 2.4.39. The scan however provides a list of 2.4.6 CVEs (which could be false positives). Is there any solutions to this apart from examining change logs or RPM versions?
Hello!
I'm looking to use this tool for some testing. However, when I went to update the database, and to run it for confirmation afterward, it had an error. It was as follows:
Starting Nmap 7.70 ( https://nmap.org ) at 2021-11-14 21:28 EST
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:259: /usr/bin/../share/nmap/scripts/vulners.nse:7: une
xpected symbol near '<'
stack traceback:
[C]: in function 'assert'
/usr/bin/../share/nmap/nse_main.lua:259: in upvalue 'loadscript'
/usr/bin/../share/nmap/nse_main.lua:601: in field 'new'
/usr/bin/../share/nmap/nse_main.lua:828: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1315: in main chunk
[C]: in ?QUITTING!
This was the same error as when trying to update the nmap script DB. I'm not sure if it's a mistake on my part or an error with your code, but based on the error, it looks like a code syntax error.
Thanks so much for your help!
Dear Devs,
I use this script since last year, and it worked like a charm until now. Now it seems the mincvss argument not working anymore. Here's my nmap call:
nmap -sV --script /path/to/vulners/vulners.nse --script-args mincvss=8 {TARGET_IP}
It gives me the following output (sample):
...
80/tcp open http Apache httpd 2.4.18
|_http-server-header: Apache/2.4.18
| vulners:
| cpe:/a:apache:http_server:2.4.18:
| EXPLOITPACK:44C5118F831D55FAF4259C41D8BDA0AB 7.2 https://vulners.com/exploitpack/EXPLOITPACK:44C5118F831D55FAF4259C41D8BDA0AB *EXPLOIT*
| 1337DAY-ID-32502 7.2 https://vulners.com/zdt/1337DAY-ID-32502 *EXPLOIT*
| EDB-ID:47689 5.8 https://vulners.com/exploitdb/EDB-ID:47689 *EXPLOIT*
...
As you can see, I got exploits with 7.2 and lower CVS score, but I would like to get reports exploits over 8.0 CVSS only. It worked before, but something has changed a few weeks ago.
Can you help me what did I wrong?
Thanks,
RobbeR
I'd expect this command to run only the vulners script.
nmap -sV --version-all --script vulners -oX nmap.xml -iL sorted_hosts.out
But nmap seems to run other scripts, including fingerprint-strings. I am reticent to use a not expression as I can't understand what other scripts are being run. Default?
How can I just run vulners as the only NSE script?
Nmap version 7.70 ( https://nmap.org )
Many thanks for this script.
Following : https://null-byte.wonderhowto.com/how-to/easily-detect-cves-with-nmap-scripts-0181925/ is probably what you did there tutorial is awful in my opinion
you will run into the error "/usr/local/bin/../share/nmap/nse_main.lua:823: 'vulners' did not match a category, filename, or directory
stack traceback:
[C]: in function 'error'
/usr/local/bin/../share/nmap/nse_main.lua:823: in local 'get_chosen_scripts'
/usr/local/bin/../share/nmap/nse_main.lua:1315: in main chunk
[C]: in ?
QUITTING!"
the way I fixed this was by using the command:
cd /usr/share/nmap/scripts
nmap -sV --script=vulscan/vulscan.nse
nmap -sV --script=vulscan/vulscan.nse -sV -p22 50...** (*or what ever command you desire)
If it still isn't make sure you installed it correctly:
cd /usr/share/nmap/scripts
git clone https://github.com/scipag/vulscan scipag_vulscan
ln -s pwd
/scipag_vulscan /usr/share/nmap/scripts/vulscan
Have a good day m8 cheers
Originally posted by @40withabeam in #13 (comment)
It broke, anyone else?
when I run the follwing nmap -sV --script vulners this is the output
nmap -sV --script vulners 192.168.1.1
Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-28 11:32 India Standard Time
Nmap scan report for 192.168.1.1
Host is up (0.0010s latency).
All 1000 scanned ports on 192.168.1.1 are filtered
MAC Address: C8:D7:79:A4:69:2F (Qingdao Haier TelecomLtd)
Service detection performed. Please report any incorrect results at https://nmap
.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 64.43 seconds
vulners yields no output pls fix
Hello,
I ran your script against a couple of our internal systems and external, either time I did not get a CVE finding. Below is the outpuit and command I used.
nmap -sV --script vulners redacted_hostname
Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-30 11:27 EST
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
Nmap scan report for redacted_hostname
Host is up (1.1s latency).
rDNS record for 127.0.0.1: redacted_hostname
Not shown: 981 closed ports
PORT STATE SERVICE VERSION
53/tcp open domain Microsoft DNS 6.1.7601
88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2018-01-30 16:28:28Z)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: redacted_hostname, Site: Default-First-Site-Name)
445/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012 microsoft-ds (workgroup: redacted)
464/tcp open kpasswd5?
514/tcp filtered shell
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: redacted_hostname, Site: Default-First-Site-Name)
3269/tcp open tcpwrapped
3389/tcp open ms-wbt-server Microsoft Terminal Service
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49158/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
49159/tcp open msrpc Microsoft Windows RPC
Service Info: Host: redacted_hostname; OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 86.71 seconds
Hello together,
I'm looking for a possibility to check the nmap scan results "offline" and this means at a later point in time, against the vulner DB with the same output like in the nmap script mode.
The reason is, i don't have a possibility all the time to use a internet connection if i check internal systems. In this case, i would not able to use this standard vulners solution in my opinion. So i could imagine to check the nmap scan results at a later point in time against the vulners database, without scan. Only the nmap results in xml format for example.
Thank you in advance for any idea and feedback.
Greetings,
M.
issue can be deleted
Does your NSE script require tender-scanning?
I get the following output:
22/tcp open ssh syn-ack ttl 64 OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0) | vulners: |_ cpe:/a:openbsd:openssh:4.7p1: You are doing it too fast. Lower the rate or contact isox AT vulners DOT com.
...when scanning a metasploitable instance with following nmap command:
nmap -sS -Pn -n -vvv --reason -A --version-all -p- -T3 --script vulners -oA metasploitable-vulnerstest-A-allports 192.168.126.132
If your NSE script requires making Web-API requests during scanning, this is an absolute no-go! On many engagements, you won't have an Internet connection...and n̶o̶t̶ ̶e̶v̶e̶n̶ ̶m̶e̶n̶t̶i̶o̶n̶i̶n̶g̶ ̶t̶h̶e̶ ̶p̶r̶i̶v̶a̶c̶y̶ ̶c̶o̶n̶c̶e̶r̶n̶s̶.̶.̶.̶ this contributes to serious privacy and non-disclosure-agreement violations.
┌──(#######㉿kaliworkstation)-[/usr/share/nmap/scripts]
└─$ nmap --script nmap-vulners -sV XX.XX.XX.XX
Starting Nmap 7.91 ( https://nmap.org ) at ####-##-## ##:## ###
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:821: directory '/usr/bin/../share/nmap/scripts/nmap-vulners' found, but will not match without '/'
stack traceback:
[C]: in function 'error'
/usr/bin/../share/nmap/nse_main.lua:821: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1312: in main chunk
[C]: in ?
QUITTING!
Help!!! Why is this doing this?
How can i use generated keys for nmap with nmap-vulners nse script?
i donwload beta version but dont see any enteprise nse for api key input.
how correlated those keys and that script? thx for your project!
I have installed the vulscan script for nmap but I just keep getting this error. Does anyone know how to fix this?
┌──(rootkali)-[~]
└─# nmap --script vulscan, nmap-vulners -sV (entered ip w/o brackets)
Starting Nmap 7.91 ( https://nmap.org/ ) at 2021-03-21 02:46 GMT
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:821: directory '/usr/bin/../share/nmap/scripts/vulscan' found, but will not match without '/'
stack traceback:
[C]: in function 'error'
/usr/bin/../share/nmap/nse_main.lua:821: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1312: in main chunk
[C]: in ?
The script is currently reporting false-positive vulnerabilities for Microsoft IIS Server 10.0 that affect old versions of IIS. Example output:
PORT STATE SERVICE VERSION
443/tcp open ssl/http Microsoft IIS httpd 10.0
|_http-server-header: Microsoft-IIS/10.0
| vulners:
| cpe:/a:microsoft:internet_information_server:10.0:
| SSV:12476 9.3 https://vulners.com/seebug/SSV:12476 *EXPLOIT*
| SSV:12175 9.3 https://vulners.com/seebug/SSV:12175 *EXPLOIT*
| PACKETSTORM:94532 9.3 https://vulners.com/packetstorm/PACKETSTORM:94532 *EXPLOIT*
| MSF:EXPLOIT/WINDOWS/FTP/MS09_053_FTPD_NLST 9.3 https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/FTP/MS09_053_FTPD_NLST *EXPLOIT*
| EDB-ID:9559 9.3 https://vulners.com/exploitdb/EDB-ID:9559 *EXPLOIT*
| EDB-ID:9541 9.3 https://vulners.com/exploitdb/EDB-ID:9541 *EXPLOIT*
| EDB-ID:16740 9.3 https://vulners.com/exploitdb/EDB-ID:16740 *EXPLOIT*
| SAINT:38542AFE78DE33F6BB0AF7E6A3C90956 9.3 https://vulners.com/saint/SAINT:38542AFE78DE33F6BB0AF7E6A3C90956 *EXPLOIT*
| SAINT:54344E071A068774A374DCE7F7795E80 9.0 https://vulners.com/saint/SAINT:54344E071A068774A374DCE7F7795E80 *EXPLOIT*
| SAINT:4EB4CF34422D02BCBF715C4ACFAC8C99 9.0 https://vulners.com/saint/SAINT:4EB4CF34422D02BCBF715C4ACFAC8C99 *EXPLOIT*
| IISFTP_NLST 9.0 https://vulners.com/canvas/IISFTP_NLST *EXPLOIT*
| CVE-2009-3023 9.0 https://vulners.com/cve/CVE-2009-3023
|_ CVE-2010-1256 8.5 https://vulners.com/cve/CVE-2010-1256
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
As mentioned, the two CVEs reported are very old and affect legacy versions of IIS like 5.0 and/or 6.0. The issue can also be replicated by querying directly the vulners' API:
curl "https://vulners.com/api/v3/burp/software/?software=cpe:/a:microsoft:internet_information_server:10.0&version=10.0&type=cpe"
{
"result": "OK",
"data": {
"search": [
{
"index": "es6_bulletins_bulletin_v2",
"id": "CVE-2009-3023",
"doc_type": "bulletin",
"_source": {
"id": "CVE-2009-3023",
.....
}
i trying to execute in windows10 but not successful
Please, kindly assist with code to check for vulnerability using nmap
Does this auto update with new threats? If not, what is the update procedure?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.