This article shows how to install and run Nmap using the Vulscan add-on to do vulnerability assessments.
Download Nmap:
yum install nmap
Install the Vulscan.nse script:
/usr/share/nmap git clone https://github.com/scipag/vulscan vulscan
Run a scan targeting the machine (in this example) “192.168.4.250”:
nmap -sV --script vulscan/vulscan.nse 192.168.4.250
My output looks like this:
22/tcp open ssh OpenSSH 7.4 (protocol 2.0) | vulners: | cpe:/a:openbsd:openssh:7.4: | CVE-2018-15919 5.0 https://vulners.com/cve/CVE-2018-15919 | CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906 |_ CVE-2020-14145 4.3 https://vulners.com/cve/CVE-2020-14145 | vulscan: VulDB - https://vuldb.com: | No findings | | MITRE CVE - https://cve.mitre.org: | No findings | ... 80/tcp open http Apache httpd 2.4.37 ((centos) mod_perl/2.0.11 Perl/v5.26.3) |_http-server-header: Apache/2.4.37 (centos) mod_perl/2.0.11 Perl/v5.26.3 | vulners: | cpe:/a:apache:http_server:2.4.37: | CVE-2019-0211 7.2 https://vulners.com/cve/CVE-2019-0211 | CVE-2019-10082 6.4 https://vulners.com/cve/CVE-2019-10082 | CVE-2019-10097 6.0 https://vulners.com/cve/CVE-2019-10097 | CVE-2019-0217 6.0 https://vulners.com/cve/CVE-2019-0217 | CVE-2019-0215 6.0 https://vulners.com/cve/CVE-2019-0215 | CVE-2020-1927 5.8 https://vulners.com/cve/CVE-2020-1927 | CVE-2019-10098 5.8 https://vulners.com/cve/CVE-2019-10098 | CVE-2020-1934 5.0 https://vulners.com/cve/CVE-2020-1934 | CVE-2019-10081 5.0 https://vulners.com/cve/CVE-2019-10081 | CVE-2019-0220 5.0 https://vulners.com/cve/CVE-2019-0220 | CVE-2019-0196 5.0 https://vulners.com/cve/CVE-2019-0196 | CVE-2019-0190 5.0 https://vulners.com/cve/CVE-2019-0190 | CVE-2018-17199 5.0 https://vulners.com/cve/CVE-2018-17199 | CVE-2019-0197 4.9 https://vulners.com/cve/CVE-2019-0197 |_ CVE-2019-10092 4.3 https://vulners.com/cve/CVE-2019-10092 | vulscan: VulDB - https://vuldb.com: | No findings | | MITRE CVE - https://cve.mitre.org: | No findings | ...
(I’ve stripped away some of the output to make it easier to view on this page)
You can see it found 3 known issues relating to the ssh server and multiple issues found on the web server.