MassVulScan / Identify open network ports and any associated vulnerabilities

edited July 11 in Off-topic


2 years ago I created this Bash script for my own (professional) needs:

I was looking for a way to quickly and efficiently identify all the ports available on different remote sites connected to the Internet. And I wanted to make sure, at the same time, there was no host that exposed a service with known vulnerabilities (CVE).

Maybe it could help someone on this forum 😉 and it's fully compatible with Pwnbox from HTB.

Script strength

  • Automatic installation of all the prerequisites (Debian OS family)
  • 2 modes: automatic and Interactive
  • Interactive mode: ports to scan, rate level and nmap script
  • Extremely fast identification of open TCP/UDP ports (masscan)
  • The output is sorted to gather all ports to be scanned by host
  • Identification of services and vulnerabilities (nmap + vulners.nse)
  • Multiple sessions in parallel, one session per host
  • 2 generated reports: a global HTML and a TXT (vulnerable hosts)
  • Detects if you are using multiple network interfaces
  • Compatible with IPs and hostnames (input file)
  • Possibility to exclude some hosts
  • Possibility to combine several arguments
  • ...

Do not hesitate to contact me if you have any questions or if you notice any problems with the script, improvements etc ...



Sign In to comment.