NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services. It is not a replacement for Qualys, Nessus, or OpenVAS. It does not do authenticated scans and operates in black-box mode only. NERVE will do "some" CVE checks, but this is primarily coming from version fingerprinting. Example of some of NERVE's detection capabilities: Interesting Panels (Solr, Django, PHPMyAdmin, etc.) Subdomain takeovers Open Repositories Information Disclosures Abandoned / Default Web Pages Misconfigurations in services (Nginx, Apache, IIS, etc.) SSH Servers Open Databases Open Caches Directory Indexing Best Practices Continuous Security We believe security scanning should be done continuously. Not daily, weekly, monthly, or quarterly. The benefit of running security scanning continuously can be any of the following: You have a dynamic environment where infrastructure gets created every minute/hour/etc. You want to be the first to catch issues before anyone else....