All Linux HowTo's Security HowTo's

Nmap with Vulscan on CentOS 7 or 8 – A short HowTo

This article shows how to install and run Nmap using the Vulscan add-on to do vulnerability assessments.

Download Nmap:

yum install nmap

Install the Vulscan.nse script:

/usr/share/nmap
git clone https://github.com/scipag/vulscan vulscan

Run a scan targeting the machine (in this example) “192.168.4.250”:

nmap -sV --script vulscan/vulscan.nse 192.168.4.250

My output looks like this:

22/tcp  open  ssh     OpenSSH 7.4 (protocol 2.0)
| vulners: 
|   cpe:/a:openbsd:openssh:7.4: 
|     	CVE-2018-15919	5.0	https://vulners.com/cve/CVE-2018-15919
|     	CVE-2017-15906	5.0	https://vulners.com/cve/CVE-2017-15906
|_    	CVE-2020-14145	4.3	https://vulners.com/cve/CVE-2020-14145
| vulscan: VulDB - https://vuldb.com:
| No findings
| 
| MITRE CVE - https://cve.mitre.org:
| No findings
| 
...
80/tcp  open  http    Apache httpd 2.4.37 ((centos) mod_perl/2.0.11 Perl/v5.26.3)
|_http-server-header: Apache/2.4.37 (centos) mod_perl/2.0.11 Perl/v5.26.3
| vulners: 
|   cpe:/a:apache:http_server:2.4.37: 
|     	CVE-2019-0211	7.2	https://vulners.com/cve/CVE-2019-0211
|     	CVE-2019-10082	6.4	https://vulners.com/cve/CVE-2019-10082
|     	CVE-2019-10097	6.0	https://vulners.com/cve/CVE-2019-10097
|     	CVE-2019-0217	6.0	https://vulners.com/cve/CVE-2019-0217
|     	CVE-2019-0215	6.0	https://vulners.com/cve/CVE-2019-0215
|     	CVE-2020-1927	5.8	https://vulners.com/cve/CVE-2020-1927
|     	CVE-2019-10098	5.8	https://vulners.com/cve/CVE-2019-10098
|     	CVE-2020-1934	5.0	https://vulners.com/cve/CVE-2020-1934
|     	CVE-2019-10081	5.0	https://vulners.com/cve/CVE-2019-10081
|     	CVE-2019-0220	5.0	https://vulners.com/cve/CVE-2019-0220
|     	CVE-2019-0196	5.0	https://vulners.com/cve/CVE-2019-0196
|     	CVE-2019-0190	5.0	https://vulners.com/cve/CVE-2019-0190
|     	CVE-2018-17199	5.0	https://vulners.com/cve/CVE-2018-17199
|     	CVE-2019-0197	4.9	https://vulners.com/cve/CVE-2019-0197
|_    	CVE-2019-10092	4.3	https://vulners.com/cve/CVE-2019-10092
| vulscan: VulDB - https://vuldb.com:
| No findings
| 
| MITRE CVE - https://cve.mitre.org:
| No findings
| 
...

(I’ve stripped away some of the output to make it easier to view on this page)

You can see it found 3 known issues relating to the ssh server and multiple issues found on the web server.

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.