explaingit

scipag/vulscan

3,752LuaAudience · ops devopsComplexity · 2/5Setup · easy

TLDR

Vulscan is an add-on script for Nmap that automatically looks up detected software versions against eight offline vulnerability databases, giving you a combined port scan and CVE report in one command.

Mindmap

mindmap
  root((vulscan))
    What It Does
      Extends Nmap scans
      CVE lookup offline
      Multi-database search
      Custom report formats
    Databases Included
      CVE
      Exploit-DB
      OpenVAS
      SecurityFocus
      IBM X-Force
    Tech Stack
      Lua
      Nmap
      CSV databases
    Use Cases
      Network auditing
      Vulnerability discovery
      Pentest first pass
    Audience
      Security testers
      Network admins
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Run a single Nmap command against a server and get both open port info and matching CVEs for each detected service version.

USE CASE 2

Update the bundled vulnerability databases offline using the included shell script before running a scan on an air-gapped network.

USE CASE 3

Use a custom CSV database with vulscan to check services against an internal or client-specific vulnerability list.

USE CASE 4

Run an interactive scan where you manually confirm software version information before the CVE lookup proceeds.

Tech stack

LuaNmap

Getting it running

Difficulty · easy Time to first run · 30min

Requires Nmap to be installed and version detection (-sV) to be enabled for meaningful results, accuracy depends on Nmap identifying software versions correctly.

License terms are not stated in the explanation, check the repository directly.

In plain English

Vulscan is an add-on script for Nmap, a widely used network scanning tool. Where Nmap normally reports which software is running on each open port, vulscan takes those software names and version numbers and looks them up against offline vulnerability databases to flag known security weaknesses. The result is a combined scan: you run one command, get the standard Nmap port information, and see a list of potential vulnerabilities alongside each service. The tool ships with eight pre-packaged databases covering major sources such as CVE (the industry standard list of known vulnerabilities), Exploit-DB, OpenVAS, SecurityFocus, and IBM X-Force. These are stored as local CSV files so no internet connection is needed during the actual scan. You can update them using a bundled shell script, or download the files manually from the project website. It is also possible to point vulscan at a custom database, as long as it follows a simple two-column format of ID and title. Because vulscan depends on Nmap correctly identifying the software version on each port, its accuracy is tied to how well Nmap's version detection performs. If the version is wrong or missing, the vulnerability matches will be off. The tool tries to show only its best matches by default, but you can switch to a mode that shows every possible match, which tends to produce more false positives. There is also an interactive mode where you manually confirm or override version information before the lookup proceeds. Reporting is flexible. The default output prints each matching vulnerability on its own line with an ID and a title. You can switch to several preset formats or define a custom template using placeholder tokens for things like the vulnerability link, matched product, or version string. Vulscan is intended as a quick first pass for spotting software with known public vulnerabilities, not as a definitive verification. It does not attempt to exploit anything or confirm whether a vulnerability is actually reachable on the target system.

Copy-paste prompts

Prompt 1
How do I install vulscan into Nmap's scripts directory and run it against a target to get CVE matches for each open service?
Prompt 2
I want to update vulscan's offline databases to the latest version before an audit. Show me the exact shell command to run.
Prompt 3
How do I use vulscan's custom reporting template to output only the CVE ID, service name, and a clickable link for each finding?
Prompt 4
My vulscan scan returned hundreds of false positives. How do I switch it to show only best matches and filter out low-confidence results?
Prompt 5
Explain how vulscan ties vulnerability results to Nmap's version detection and why an incorrect software version detected by Nmap leads to wrong CVE matches.
Open on GitHub → Explain another repo

← scipag on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.