reddit hackernews mail facebook facebook linkedin


Online local vulnerability scanners project.

Vulmap is an open-source online local vulnerability scanner project. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. These scripts can be used for defensive and offensive purposes. It is possible to make vulnerability assessments using these scripts. Also, they can be used for privilege escalation by pentesters/red teamers.

Vulmap can be used to, scan vulnerabilities on the localhost, see related exploits, and download them. Scripts basically, scan the localhost to gather installed software information and ask API if there are any vulnerabilities and exploits related to installed software. If vulnerabilities exist, Vulmap gives CVE ID, risk score, vulnerability's detail link, if exists related exploit ids, and exploit titles. Exploits can be downloaded with Vulmap also.

The main idea of Vulmap is getting real-time vulnerability data from Vulmon instead of relying on a local vulnerability database. Even the most recent vulnerabilities can be detected with this approach. Also, its exploit download feature aids privilege escalation processes. Pentesters and red teamers can download exploits from Exploit DB from the command prompt. To use this feature only thing needed is the id of exploits.