Overview:
Nmap is an open-source network scanning tool for port scanning, service fingerprinting, and identifying operation system versions. While it is popularly known as a network mapping and port scanning tool, it comes with the Nmap Scripting Engine (NSE) that can help in the detection of misconfiguration issues and security vulnerabilities.
It comes in a command-line interface (CLI) as well as a graphical user interface (GUI).
For scanning vulnerabilities there are range of scripts freely available with nmap, scripts can be found
here: 
vuln NSE Category
To run above scripts we do not need anything extra, nmap provides a command which will try to run all the scripts mentioned above on the target machine or the subnet.
sudo nmap --script vuln 71.15.1.0/24 will run all the vulnerability scripts on the given subnet.
Example commands:
sudo nmap -sT 1.1.1.1 #Scan single IP for all ports
sudo nmap -sT 71.15.1.0/24 #Scan entire subnet
#Scan for vulnerabilities using scripts available with nmap
sudo nmap --script vuln 71.15.1.0/24
Generating and extracting reports:
nmap has an option to store the scan results in multiple formats.
-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3, and Grepable format, respectively, to the given filename.
XML formats can be converted to html reports, more on this here:Creating HTML Reports | Nmap Network Scanning
xsltproc <nmap-output.xml> -o <nmap-output.html> NOTE: If xsltproc isn't recognized, install using below options
# Using apt
sudo apt-get install xsltproc
# Using yum
sudo yum install libxslt
# Using brew
brew install libxslt
0 Comments