A Python-based vulnerability scanner that detects open ports and identifies known CVEs in running services. Built for educational purposes to understand network security scanning and vulnerability detection.
This tool is for EDUCATIONAL PURPOSES ONLY.
- Only scan systems you own or have explicit written permission to test
- Unauthorized network scanning is illegal in most jurisdictions
- Misuse of this tool is your legal responsibility
- By using this tool, you agree to comply with all applicable laws and regulations
- Nmap Integration: Uses industry-standard
nmapfor comprehensive port scanning - Two Scan Modes:
--fast: Scans top 100 common ports (quick baseline)--full: Scans top 1000 ports (thorough, default)
- Service Detection: Identifies service names, versions, and banners
- Timeout Control: Configurable timeout with
--timeoutflag - Graceful Fallback: TCP connection scanning if
nmapis unavailable
- Dual API Queries:
- Primary: NVD (National Vulnerability Database) - https://services.nvd.nist.gov/
- Fallback: CIRCL CVE Database - https://cve.circl.lu/api/
- CVSS Scoring: Extracts CVSS v3.1 scores for severity ranking
- Exponential Backoff: Implements 3-retry logic with exponential backoff for API failures
- Rate Limiting: Respects API rate limits with configurable delays
- Rich Descriptions: Retrieves and displays CVE descriptions (max 150 chars)
- Color-Coded CLI Table: Uses
richlibrary for beautiful, color-coded tables:- π΄ Critical (CVSS 9.0-10.0)
- π High (CVSS 7.0-8.9)
- π‘ Medium (CVSS 4.0-6.9)
- π’ Low (CVSS 0.1-3.9)
- JSON Export: Full results with metadata (timestamp, all CVE details)
- CSV Export: Spreadsheet-friendly format with
--csvflag - Summary Statistics: Total ports, CVEs found, severity breakdown
- Streamlit Web UI (bonus): Interactive web dashboard with real-time progress
- β Invalid target validation (IP, domain, CIDR)
- β Network timeout handling with partial results
- β API rate limit detection and recovery
- β
Missing
nmapdetection with installation guidance - β Graceful error messages with exit codes
- β
Comprehensive logging with
--verboseflag
- Python 3.8+
- nmap (system package) - Installation Guide
- Python packages (see
requirements.txt)
Linux (Debian/Ubuntu):
sudo apt-get update
sudo apt-get install nmapLinux (Red Hat/CentOS):
sudo yum install nmapmacOS:
brew install nmapWindows: Download and install from: https://nmap.org/download.html
Verify installation:
nmap --versioncd /path/to/vulnerability_scannerpip install -r requirements.txtOr with pip3 if you have multiple Python versions:
pip3 install -r requirements.txtScan a single IP address (fast mode, top 100 ports):
python main.py 192.168.1.1 --fastScan a domain (full mode, top 1000 ports):
python main.py example.comScan a CIDR range with custom timeout:
python main.py 192.168.1.0/24 --timeout 120Export to JSON and CSV:
python main.py 192.168.1.1 --csvVerbose output for debugging:
python main.py 192.168.1.1 --verboseCustom output directory:
python main.py 192.168.1.1 --output-dir ./my_scansFull syntax:
python main.py [TARGET] [--fast|--full] [--timeout SECONDS] [--csv] [--verbose] [--output-dir DIR]Run the interactive web dashboard:
streamlit run app.pyThen open your browser to http://localhost:8501
Features:
- Text input for target selection
- Dropdown for scan type (Fast/Full)
- Real-time progress bar
- Color-coded results table
- Download JSON/CSV reports
========================================================================
π SCAN RESULTS
========================================================================
ββββββββ³βββββββββ³βββββββββ³βββββββββββ³βββββββ³βββββββββββ³βββββββββ
β Port β Service β Version β CVE ID β CVSS β Severity β Desc... β
β‘βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ©
β 22 β SSH β 7.4 β CVE-2023-1234 β 8.5 β π High β ... β
β β β β CVE-2023-5678 β 6.2 β π‘ Medium β ... β
β 80 β HTTP β 2.4.41 β β β β β β
None β No... β
β 443 β HTTPS β 2.4.41 β CVE-2024-9999 β 9.8 β π΄ Crit.. β ... β
ββββββββ΄ββββββββββ΄βββββββββ΄ββββββββββββββββ΄βββββββ΄βββββββββββ΄ββββββββ
========================================================================
π SCAN SUMMARY
========================================================================
Total Ports Scanned: 1000
Open Ports Found: 3
Total CVEs Found: 3
Severity Breakdown:
π΄ Critical: 1
π High: 1
π‘ Medium: 1
π’ Low: 0
β οΈ Highest Severity Found: Critical
πΎ Full results saved to: ./scan_results/scan_20240105_143022.json
{
"timestamp": "2024-01-05T14:30:22.123456",
"ports": [
{
"port": "22",
"service": "SSH",
"version": "7.4",
"banner": "protocol 2.0",
"cves": [
{
"cve_id": "CVE-2023-1234",
"cvss_score": 8.5,
"severity": "High",
"description": "Authentication bypass in OpenSSH < 8.0...",
"source": "NVD"
}
],
"cve_count": 1
}
],
"total_cves": 3,
"severity_counts": {
"Critical": 1,
"High": 1,
"Medium": 1
}
}vulnerability_scanner/
βββ main.py # CLI entry point with argparse
βββ scanner.py # Nmap scanning logic
βββ vuln_checker.py # CVE API queries with retry logic
βββ utils.py # Input validation, formatting, logging
βββ app.py # Streamlit web UI (bonus)
βββ requirements.txt # Python dependencies with pinned versions
βββ README.md # This file
| File | Purpose |
|---|---|
main.py |
CLI argument parsing, orchestration, output directory setup |
scanner.py |
Port scanning with nmap, service detection, fallback TCP scanning |
vuln_checker.py |
CVE API queries, exponential backoff retry, result formatting |
utils.py |
Target validation, logging setup, string formatting helpers |
app.py |
Streamlit web interface with interactive dashboard |
requirements.txt |
Python package dependencies (pinned versions for reproducibility) |
user input (CLI args)
β
main.py (parse & validate)
β
scanner.py (port scan with nmap)
β
[list of open ports with service info]
β
vuln_checker.py (query NVD + CIRCL APIs)
β
[CVE data with CVSS scores]
β
utils.py (format & save results)
β
CLI table output + JSON/CSV files
- This tool uses public APIs that don't require authentication
- NVD API: https://services.nvd.nist.gov/ (free, rate limited)
- CIRCL API: https://cve.circl.lu/api/ (free, community-supported)
- No API keys are hardcoded or stored
- Tool respects API rate limits with exponential backoff
- Implements 0.5s delay between consecutive requests
- Retries failed requests up to 3 times with backoff
- Input validation prevents command injection attacks
- Timeout prevents hanging on unreachable targets
- Graceful degradation if primary API is unavailable
- All logging goes to stderr (doesn't pollute output)
- Verbose mode includes detailed debugging info
- No sensitive data is logged by default
- All results are stored locally (not uploaded anywhere)
Solution: Install nmap using the instructions above for your OS.
Workaround: The tool will automatically fall back to TCP connection scanning, but with limited functionality.
Solution: The tool automatically implements exponential backoff and retries. Wait a few seconds and try again.
Details: NVD API allows ~120 requests per minute. If you hit the limit, the tool will:
- Wait 1 second and retry
- Wait 2 seconds and retry
- Wait 4 seconds and retry
- Fall back to CIRCL API
Solution: Increase the timeout with --timeout flag:
python main.py 192.168.1.1 --timeout 180Solution: Ensure proper CIDR notation (e.g., 192.168.1.0/24, not 192.168.1.0/255).
This is normal! It means either:
- Target is unreachable
- Firewall is blocking all scanned ports
- Timeout is too short (increase with
--timeout)
# Scan localhost (development)
python main.py localhost --fast --verbose
# Scan internal server
python main.py 10.0.0.50 --timeout 120 --csv
# Scan subnet
python main.py 192.168.1.0/24 --full --output-dir ./network_scan
# Scan domain with verbose logging
python main.py api.example.com --verbose
# Quick scan of common ports
python main.py example.com --fast --csv --output-dir ./resultsTest the tool against public targets (with permission):
# Shodan honeypot (publically available for testing)
python main.py -h # Show help
# Local machine
python main.py 127.0.0.1 --fast
# Well-known vulnerable services (intentionally exposed for learning)
# Hack The Box (https://www.hackthebox.com/)
# TryHackMe (https://tryhackme.com/)- NVD Database: https://nvd.nist.gov/
- CVSS Scoring: https://www.first.org/cvss/
- Nmap Tutorial: https://nmap.org/book/
- Security Testing: https://owasp.org/www-project-web-security-testing-guide/
Educational tool - Use responsibly and legally only.
This is an educational project. Suggestions and improvements are welcome!
Q: Can I scan other people's systems? A: No. Only scan systems you own or have explicit written permission to test.
Q: Is this a replacement for professional tools like Nessus? A: No. This is an educational tool for learning purposes. Professional security assessments require licensed, comprehensive tools.
Q: Why does the scan take so long?
A: The full mode scans top 1000 ports and queries APIs. Use --fast to scan only common ports.
Q: Can I run this against multiple targets? A: Currently, it scans one target at a time. For multiple targets, run the command multiple times.
Q: How often are the CVE databases updated? A: NVD updates daily. CIRCL updates in near real-time. Each scan queries the latest data.
Built with β€οΈ for educational purposes
Remember: "With great power comes great responsibility." Use this tool ethically and legally.