Introduction Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB. Installation Please install the files into the following folder of your Nmap installation: Nmap\scripts\vulscan\* Clone the GitHub repository like this: git clone https://github.com/scipag/vulscan scipag_vulscan ln -s `pwd`/scipag_vulscan /usr/share/nmap/scripts/vulscan Usage You have to run the following minimal command to initiate a simple vulnerability scan: nmap -sV --script=vulscan/vulscan.nse www.example.com Vulnerability Database There are the following pre-installed databases available at the moment: scipvuldb.csv - https://vuldb.com cve.csv - https://cve.mitre.org securityfocus.csv - https://www.securityfocus.com/bid/ xforce.csv - https://exchange.xforce.ibmcloud.com/ expliotdb.csv - https://www.exploit-db.com openvas.csv - https://www.openvas.org securitytracker.csv - https://www.securitytracker.com (end-of-life) osvdb.csv - https://www.osvdb.org (end-of-life) Single Database Mode You may execute vulscan with the following argument to use a single database: --script-args vulscandb=your_own_database It is also possible to create and reference your own databases. This requires....