Vulmap: Online Local Vulnerability Scanner Project

Last Commit: 09/11/2019

Vulmap: Online Local Vulnerability Scanner Project

Introduction

Vulmap is a local vulnerability scanner project which is equipped with local vulnerability scanning programs that are compatible with both Linux and Windows operating systems. The programs can be deployed when performing vulnerability analysis and can also be used to execute system defensive procedures.

Vulmap is especially useful when searching for system vulnerabilities on localhost, with its download feature it can execute downloads on potential exploits. On Linux Vulmap is available in Python, preferably dpkg and Python 2.x.This may differ when it comes to Windows, on windows it is written in PowerShell and supported by PowerShell v3+.

Vulmap: Local Vulnerability Scanner

Vulmap can detect even the simplest vulnerabilities; it does this by scanning all system software that may potentially be at risk, and then uses vulmon.com, a vulnerability intelligence search engine, which then determines if there is any exploit within the system.

Vulmon operates by running the information received from Vulmap against its vulnerability database which includes exploits, vulnerability types, vendors, cve id, operating systems and anything that may be similar to recently detected vulnerabilities.

Analysis is also done on software that may have potential exploits or weak points which may expose the system to some risks. Another amazing feature that Vulmap has is its ability to download exploits; the downloaded exploits can also be used when carrying of offensive procedures.

How it works?

If Vulmap detects any system vulnerabilities or exploits, it will tag a CVE ID and also rate the level of risk that the system may be in as a result of the vulnerability. It is very easy to download Exploits whose ids’ are known, to use this download feature go to Exploit DB from the command prompt.

As a result, Vulmon is very simple but a very effective helper of Vulmap, without it Vulmap would be functionally crippled. Vulmap carries out its vulnerability detection procedures based on the principle of real-time vulnerability update from Vulmon.

Supported Platforms:

  • Linux, Windows

Install

Linux

Clone it from the GitHub:

$ git clone https://github.com/vulmon/Vulmap-Local-Vulnerability-Scanners.git

Then run it in default mode:

$ python vulmap-linux.py

Usage

Vulmap is very easy to use it is just a matter of playing with the right codes, these codes may vary depending on the operating system that you are using.

Basic options in default mode [Linux]:

  • -v, --verbose: Enable the verbose mode and display results in real-time
  • -d, --download: Download a specific exploit [<exploit_id> ]
  • -a, --all-download: Download all found exploits
  • -h, --help: Show the help message and exit

Windows

On Windows you can deploy the following commands based on the operation you are performing:

  • DefaultMode: Conducts vulnerability scanning.
  • DownloadAllExploits: Scans the computer and downloads all available exploits.
  • OnlyExploitableVulns: Conducts vulnerability scanning and only shows vulnerabilities that have exploits.
  • DownloadExploit: Downloads given exploit [<exploit_id>].
Documentation Box
Download Box