Home > Uncategorized > Software: nmap vulscan v1.0 NSE has been released

Software: nmap vulscan v1.0 NSE has been released

June 17th: A preview from Marc’s twitter


Two weeks ago I wrote Marc Ruef to inquire if he had any thoughts about a replacement for the no-longer-free OSVDB and if it was possible to port over another vulnerability definition source.

I also wrote the contact Email at osvdb.org to inquire about the database files.

I heard back from the osvdb folks, and learned that they commercially license, and said they would forward me to their licensing partner. When I replied that I needed two licenses, I heard nothing back.

Last week, I heard back from Marc, who said to keep an eye on his Twitter and it looks like he’s in the testing phases for v0.7! Neato. You can grab it from his site.

I will update the Free vulnerability scanner comparison page with the latest info once the latest vulscan is released.

Update: v1.0 release:

I woke up today to see an email in my inbox addressed to dev@nmap.org, full-disclosure@lists.grok.org.uk, news@securiteam.com, submissions@packetstormsecurity.com.


As some of you might remember, I have published a NSE script back in 2010, which added a vulnerability scanning feature to Nmap[1].

I've been doing a complete re-write of the script, which introduces some neat features:

* Much better performance and accuracy of search engine
* Deployment of scip VulDB, CVE, OSVDB, SecurityFocus, Secunia and Securitytracker
* Correlated analysis of all available databases in the same run
* Support for single database scan mode (vulscandb)
* Support for your own CSV-based vulnerability database
* Support of dynamic report templates (vulscanoutput)
* Intelligent interactive mode remembers your definitions per session (vulscaninteractive)
* Full support for Nmap 5.x/6.x on Linux and Windows
* More debug output possible (-d1)
* Better error handling

You're able to download the latest release of Nmap NSE Vulscan 1.0 here: http://www.computec.ch/mruef/software/nmap_nse_vulscan-1.0.tar.gz

Further details about usage and data processing are available in the description field of the script and in my blog post about the release: http://www.scip.ch/en/?labs.20130625

Feel free to use and share the script. And please let me know if you miss any features or if you have assembled your own vulnerability database and would like to see it added to the official repository.



So, read about it and go grab it now.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: