Freevulnsearch - Costless As Well As Opened Upwards Nmap Nse Script To Question Vulnerabilities Via The Cve-Search.Org Api


This NMAP NSE script is component division of the Free OCSAF projection - https://freecybersecurity.org. In conjunction alongside the version scan "-sV" inwards NMAP, the corresponding vulnerabilities are automatically assigned using CVE (Common Vulnerabilities as well as Exposures) as well as the severity of the vulnerability is assigned using CVSS (Common Vulnerability Scoring System). For to a greater extent than clarity, the CVSS are however assigned to the corresponding v3.0 CVSS ratings:
  • Critical (CVSS 9.0 - 10.0)
  • High (CVSS 7.0 - 8.9)
  • Medium (CVSS 4.0 - 6.9)
  • Low (CVSS 0.1 - 3.9)
  • None (CVSS 0.0)
The CVEs are queried past times default using the CPEs determined past times NMAP via the ingenious as well as world API of the cve-search.org project, which is provided past times circl.lu. For to a greater extent than information catch https://www.cve-search.org/api/.

Confidentiality information:
The queries are made using the determined CPE via the circl.lu API. For farther information on the confidentiality of the circl.lu API, delight catch https://www.circl.lu/services/cve-search/ directly.
The best means is to install cve-search (https://github.com/cve-search/cve-search) locally as well as utilization your ain API with
nmap -sV --script freevulnsearch --script-args apipath=<URL> <target>

Installation:
You tin flame either specify the script path straight inwards the NMAP command, for example
nmap -sV --script  /freevulnsearch <target>
or re-create the script into the appropriate directory of your NMAP installation.
In KALI LINUX̢㢠for example: /usr/share/nmap/scripts/  sudo nmap --script-ubdatedb
Important note: First read the confidentiality information. It is recommended to run freevulnsearch.nse separately without additional NSE scripts. If y'all produce non desire to brand an assignment to the category safe, vuln as well as external, as well as then produce non execute the nmap --script-updatedb ascendency mentioned above.

Usage:
The usage is simple, only utilization NMAP -sV as well as this script.
nmap -sV --script freevulnsearch <target>
According to my tests, for stability reasons, alone http without TLS should hold out used when querying the API for many simultaneous requests. For this reason, y'all tin flame optionally disable TLS using an input argument. Important, afterward that the API enquiry to circl.lu is unencrypted.
nmap -sV --script freevulnsearch --script-args notls=yes <target>
If y'all scan alongside the categories rubber or vuln as well as then exclude the script or the category external or produce non add together the script to the NMAP default directory. It is recommended to run freevulnsearch.nse separately without additional NSE scripts.

CPE exception treatment for format:
If a NMAP CPE is non clear, several functions inwards the freevulnsearch.nse script check whether the formatting of the CPE is inaccurate. For example:
  • (MySQL) 5.0.51a-3ubuntu5 -to- 5.0.51a
  • (Exim smtpd) 4.90_1 -to- 4.90
  • (OpenSSH) 6.6.1p1 -to- 6.6:p1
  • (OpenSSH) 7.5p1 -to- 7.5:p1
  • ...


Popular posts from this blog

Telekiller - A Tool Session Hijacking In Addition To Stealer Local Passcode Telegram Windows

Image
H5N1 Tools Session Hijacking And Stealer Local passcode Telegram Windows. Features : Session Hijacking Stealer Local Passcode Keylogger Shell Bypass ii Step Verification Bypass Av (Coming Soon) Installation Windows git clone https://github.com/ultrasecurity/TeleKiller.git cd TeleKiller pip install -r requirements.txt python TeleKiller.py Dependency : python 2.7 pyHook pywin32 Video Tutorial Operating Systems Tested Windows 10 Windows 8.1 Windows 8 Windows 7 Contact WebSite Ultra Security Team: https://ultrasec.org Channel Telegram: https://t.me/UltraSecurity Thanks to Milad Ranjbar MrQadir Download TeleKiller
Read more

Efiguard - Disable Patchguard Together With Dse At Kicking Time

Image
EfiGuard is a portable x64 UEFI bootkit that patches the Windows kicking manager, kicking loader too center at kicking fourth dimension inward club to disable PatchGuard too Driver Signature Enforcement (DSE). Features Currently supports all EFI-compatible versions of Windows x64 e'er released, from Vista SP1 to Server 2019. Easy to use: tin live on booted from a USB stick via a loader application that automatically finds too boots Windows. The driver tin also live on loaded too configured manually using either the UEFI rhythm out or the loader. Makes extensive utilization of the Zydis disassembler library for fast runtime pedagogy decoding to back upwardly to a greater extent than robust analysis than what is possible amongst signature matching, which oftentimes requires changes amongst novel OS updates. Works passively: the driver does non charge or start the Windows kicking manager. Instead it acts on a charge of bootmgfw.efi yesteryear the firmware kicking ...
Read more

Cameradar V2.1.0 - Hacks Its Mode Into Rtsp Videosurveillance Cameras

Image
   An RTSP flow access tool that comes alongside its library Cameradar allows you lot to Detect opened upward RTSP hosts on whatever accessible target host Detect which device model is streaming Launch automated dictionary attacks to larn their stream route (e.g.: /live.sdp ) Launch automated lexicon attacks to larn the username in addition to password of the cameras Retrieve a consummate in addition to user-friendly study of the results Docker Image for Cameradar Install docker on your machine, in addition to run the next command: docker run -t ullaakut/cameradar -t <target> <other command-line options> See command-line options . e.g.: docker run -t ullaakut/cameradar -t 192.168.100.0/24 -l volition scan the ports 554 in addition to 8554 of hosts on the 192.168.100.0/24 subnetwork in addition to laid on the discovered RTSP streams in addition to volition output debug logs. YOUR_TARGET tin hold out a subnet (e.g.: 172.16.100.0/24 )...
Read more