Skip to content

Scan systems with NMap and parse the output to a list of CVE's, CWE's and DPE's


Notifications You must be signed in to change notification settings


Folders and files

Last commit message
Last commit date

Latest commit


Repository files navigation


Scan systems with NMap and parse the output to a list of CVE's, CWE's and DPE's


  • Scan a system with NMap or any other scanning tool and use the scan to analyse the systems for vulnerabilities
  • Have the posibility for multiple input formats (NMap scan, xml, Json, etc)
  • Use CVE-Search to enhance the scan to add more information
  • Have multiple export formats as well as webbrowser component


  • Automatically download known scripts to use on exploits


Warning, this tutorial is for Linux systems (developed and tested on Ubuntu 14.10). This program should run under Windows (and probably Mac) systems as well.


CVE-Scan uses the CVE-Search API to enhance your nmap scans.
Warning CVE-Search is not included in CVE-Scan
You can use CIRCLs [public API] (, or install CVE-Search localy, or on another accessible machine. You can install CVE-Search from the git repo. For now, CVE-Search does not have a "core" package yet (Without the webpages), but I will add this later on. Once you installed CVE-Search, in the configuration file, make sure you set the correct URL to it.

CVE-Scan needs some aditional packages to work. Install them using:

sudo apt-get install -y nmap (or your package manager of choice)

pip3 install -r requirements.txt

Weasyprint has a set of sub-requirements. Please find the details here


To use CVE-Scan, first run an nmap scan on a system. You can modify the parameters however you want, however, you'd want to include Service Detection and OS detection. Below, you can find a default nmap scan that will output to an xml file.

nmap -A -O -oX output.xml

CVE-Scan is composed of 3 major functions:

  • - Converts the nmap xml to the CVE-Scan json format
  • - Analyses either an nmap xml or a CVE-Scan json and queries CVE-Search to obtain vulnerability information
  • - Visualizes the results of

and, which does all of the above in 1 go.

You can either run python3 output.xml to enhance and visualize the report, or python3 -x output.xml enhanced.json, to create the enhanced report, followed by python3 enhanced.json to visualize the report (default webserver on localhost:5050. Add -t for terminal view)

All scripts in the bin folder can be called with the -h flag, to get more information about it.

Online Demo

If you want to try our online demo, please visit our website.

Since we don't have a large budget, the website might not be available all the time.

Support us

If you like this tool, please consider donating, so we can keep our servers up and running. You can support us on Subscribestar


This software is licensed under the "Original BSD License".

  (C) 2015  NorthernSec
  (c) 2015  Pieter-Jan Moreels


Scan systems with NMap and parse the output to a list of CVE's, CWE's and DPE's







No releases published


No packages published