Nmap Vulscan During Bug Bounty Hunting Correct or Wrong?

Do you rely on nmap Vulscan (nmap vulnerability scanning) results while testing a remote target during Bug Bounty or a CTF?

If I have permission to scan with nmap on BBP or play CTF,then yes.You can try Nikto too :wink: .
But if you do not,then I do not recommend it,because it is really “noisy” and the company which you scan,can move by the law against you.

Thank you for your answer i really appreciate that :+1: but i asked the same question on various different platforms (discord, web forums) and i am getting mixed opinions on this. Isn’t it that nmap Vulscan gives false positives against a target they are intended to scan?

1 Like

Well I wasn’t talking specifically about vulnscan,because I have not ever used it.I was talking generally about Nmap.
If I understood correctly,Vulnscan just finds plugins and product versions and gives you CVEs for them.
There are some other ways to do it so like IoT scanners like BinaryEdge (which contains Free plan for 120 requests oer month) or other tools like wpscan,joomscan etc.
Also if you know a product’s version,you can check it here https://sploitus.com/ :wink:
I used it many times and had good results.

1 Like