Scanning For Vulnerabilities With Nmap Using Nmap-Vulners Script

Nmap-Vulners is a script that searches for your target’s vulnerabilities. Nmap produces the targets running versions and services. Nmap-Vulners then takes your targets running services and versions and runs them against known CVE’s from multiple databases such as OpenVAS (Nessus), Exploit-DB, MITRE CVE, OSVDB, SecurityFocus, SecurityTracker, IBM X-Force. It then produces all CVE’s based on your targets running services and versions.

  • Install Nmap-Vulners
  1. cd /usr/share/nmap/scripts/

  2. git clone

  • Using Nmap with Nmap-Vulners Script
  1. nmap --script nmap-vulners -sV IP
    Additionally you can specify port
  2. nmap --script nmap-vulners -sV -pPORT IP
    Or search the target URL
  3. nmap --script nmap-vulners -sV
  • Here is an example of how it works.
  1. nmap --script nmap-vulners -sV
    Starting Nmap 7.70 ( ) at 2019-04-06 19:08 PDT Nmap scan report for ( is up (0.28s latency).rDNS record for Not shown: 988 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp ProFTPD 1.3.3e | vulners: | cpe:/a:proftpd:proftpd:1.3.3e:
    |_ CVE-2011-4130 9.0
    22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu7.1 (Ubuntu Linux; protocol 2.0)
    | vulners:
    | cpe:/a:openbsd:openssh:5.3p1:
    | CVE-2016-10708 5.0
    | CVE-2017-15906 5.0
    | CVE-2018-15473 5.0
    |_ CVE-2016-0777 4.0
    25/tcp filtered smtp
    53/tcp open domain (unknown banner: none)
    | fingerprint-strings:
    | DNSVersionBindReqTCP:
    | version
    | bind
    |_ none
    80/tcp open http nginx 1.4.1
    |_http-server-header: nginx/1.4.1
    106/tcp open pop3pw poppassd
    110/tcp open pop3 Courier pop3d
    143/tcp open imap Plesk Courier imapd
    465/tcp open ssl/smtps?
    993/tcp open ssl/imaps?
    995/tcp open ssl/pop3s?
    8443/tcp open http lighttpd
    |_http-server-header: sw-cp-server


Install was very simple, Script Runs great. Thank you


@MoUsE I am glad you find it useful. :sunglasses:

cool, i particularly like the nmap ssh,irc,brute .nse scripts, Hack until it hurts

This looks interesting thank you for sharing the info.

The only thing that is odd to me is that if you don’t add the -sV option it doesn’t tell you much.
Why it wasn’t added in the script in the first place is what I wonder.

It installed and runs perfectly…
Thanks So much

1 Like

Please will this script work for URL’s behind firewalls, something like cloudfare or is there a way it can bypass firewalls

Great glad you like it.

Most yes. In fact Cloudflare uses Vulners script to test their own system. Here is a script from Cloudflare on GitHub that CloudFlare shared.

1 Like