How To Scan Vulnerabilities With Nmap NSE?

Nmap is a very popular and powerful network-scanning tool. Used by all the hackers, script kiddies, pentesters, security researchers... on this world. Nmap is compatible with Windows, BSD, Mac OS X, Linux.
Nmap open-source and free, you can download it here: Download the Free Nmap Security Scanner for Linux/Mac/Windows.
Nmap also has Nmap Scripting Engine (NSE), you can read the description about it:
The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Those scripts are then executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap, or write their own to meet custom needs.

Nmap Scripting Engine (NSE) is look like the Metasploit Framework module. Then users can extend Nmap capabilities, depending on their needs, such as perform a DoS attack, gather passwords and usernames, gather information... and even scan vulnerabilities with Nmap using
Nmap Scripting Engine (NSE).

So in this post, I will show you how to scan and detect vulnerabilities with Nmap NSE.

First, to install tools on this post, you must install Nmap first:
  • For Debian and its distros: sudo apt install nmap
  • For Arch Linux and its distros: sudo pacman -S nmap
  • For Clear Linux OS: sudo swupd bundle-add nmap
Scan vulnerabilities with vulscan
   vulscan is a Nmap's module which enhances Nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB.


   To install vulscan for Nmap, enter these commands:
cd /usr/share/nmap/scripts
sudo git clone https://github.com/scipag/vulscan


Install vulscan and nmap-vulners

   Now, example, i'm going to scan vulnerabilities on a random website on Internet. To do that, use this command:
nmap -sV --script vulscan/vulscan.nse [target's address]


All the vulnerabilities on target are listed by vulscan

   And like you see, vulscan has listed all the vulnerabilities on every single port of target. 

   Now, I'm going to try an another example - scan vulnerabilities on an port of target. I chosen port 3306. To scan it, use this command:
nmap -sV --script vulscan/vulscan.nse -p [port] [target's address]

All the vulnerabilities on the port of target are listed by vulscan

   And like you see, vulscan has listed all the vulnerabilities again. But only with the port I chosen. 

   You can read more about vulscan here.

Scan vulnerabilities with nmap-vulners
   nmap-vulners is a NSE script using vulnerabilities database from Vulners.com to detect vulnerabilities on target.


   To install nmap-vulners for Nmap, enter these commands:
cd /usr/share/nmap/scripts
wget https://raw.githubusercontent.com/vulnersCom/nmap-vulners/master/vulners.nse

 
   And then, to scan vulnerabilities on a random website on Internet (still that target). To do that, use this command:
nmap -sV --script vulners.nse [target's address]

All the vulnerabilities on target are listed by nmap-vulners

   And like you see, nmap-vulners has listed all the vulnerabilities on every single port of target.

    For an another example, I chosen a port (still that port of target). To scan it, use this command:
nmap -sV --script vulners.nse -p [port] [target's address]

All the vulnerabilities on the port of target are listed by nmap-vulners

    And like you see, nmap-vulners has listed all the vulnerabilities again. But only with the port I chosen. 

   You can read more about nmap-vulners here.

And if you want to scan vulnerabilities with both vulscan and nmap-vulners, use this command:
nmap -sV --script vulners.nse,vulscan/vulscan.nse [target's address]


All the vulnerabilities on the port of target are listed by vulscan and nmap-vulners

And finally, have fun with hacking 😉