Skip to content

Latest commit

 

History

History
48 lines (34 loc) · 2.04 KB

README.md

File metadata and controls

48 lines (34 loc) · 2.04 KB

CVE-Scan

Scan systems with NMap and parse the output to a list of CVE's, CWE's and DPE's

Goals:

  • Scan a system with NMap or any other scanning tool and use the scan to analyse the systems for vulnerabilities
  • Have the posibility for multiple input formats (NMap scan, xml, Json, etc)
  • Use CVE-Search to enhance the scan to add more information
  • Have multiple export formats as well as webbrowser component

Optional:

  • Automatically download known scripts to use on exploits

Installation:

Warning, this tutorial is for Linux systems (developed and tested on Ubuntu 14.10). This program should run under Windows (and probably Mac) systems as well.

Requirements

CVE-Scan uses the CVE-Search API to enhance your nmap scans. You can use CIRCLs [public API] (cve.circle.lu), or install CVE-Search localy, or on another accessible machine. You can install CVE-Search from the git repo. For now, CVE-Search does not have a "core" package yet (Without the webpages), but I will add this later on. Once you installed CVE-Search, in the configuration file, make sure you set the correct URL to it.

CVE-Scan needs some aditional packages to work. Install them using:

sudo apt-get install -y nmap (or your package manager of choice)

pip3 install -r requirements.txt

Usage:

To use CVE-Scan, first run an nmap scan on a system. You can modify the parameters however you want, however, you'd want to include Service Detection and OS detection. Below, you can find a default nmap scan that will output to an xml file.

nmap -A -O 192.168.0.1 -oX output.xml

Next, run:

Python3 Nmap2CVE-Search.py -xN output.xml

This will start a webserver (default on localhost, port 5050), so browse to http://localhost:5050.

To stop the webserver, just press the ctrl+C combination in the terminal.

Licencing

This software is licensed under the "Original BSD License".

  (C) 2015  NorthernSec		https://github.com/NorthernSec
  (c) 2015  Pieter-Jan Moreels	https://github.com/pidgeyl