Skip to content
This repository has been archived by the owner. It is now read-only.
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

This simple script uses open source software (nmap, vFeed and DPE) and performs almost same task as Nessus or AVDS.


Debian/Ubuntu required packages:

$ sudo apt-get install nmap python2.7 php5-cli php5-sqlite -y
$ git clone
$ git clone && cd vFeed/ && python update && cd ..
$ mkdir dpe && cd dpe && wget && python -u && cd ../vulnerability-check/

vulnerability check

$ nmap -sV -oX scanme.xml
$ php vc.php ../vFeed/vfeed.db ../dpe/dpe_db.xml scanme.xml
(C) 2013 Adam Ziaja <>
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
$ php vc.php ../vFeed/vfeed.db ../dpe/dpe_db.xml
(C) 2013 Adam Ziaja <>
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
username=admin password=axis2

(username and password from CVE-2010-0219)


Automatically exported from



No releases published


No packages published