Vulnerability management is the process of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities. It is crucial to computer security and network security. Vulnerability scanning is a security technique used to identify security weaknesses in a computer system which can be used by individuals or network administrators for security purposes.
Vulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability service like VulnDB.
RiskBasedSecurity wanted to integrate their vulnerability database i.e. VulnDB with the Nmap scan similar to the open source FlanScan by Cloudflare.
VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API that allows easy integration into GRC tools and ticketing systems. VulnDB allows organizations to search and be alerted on the latest vulnerabilities, both in end-user software and the 3rd Party Libraries or dependencies.
Nmap and VulnDB integration aims at integrating the vulnerabilities from VulnDB (Database maintained by Risk Based Security) within Nmap scan.
With this integration, you can easily find open ports on your network, identify services and their version, and get a list of relevant CVEs fetched from VulnDB affecting your network. This integration can be considered an abstraction over Nmap which turns Nmap into a full-fledged network vulnerability scanner. It consists of VulnDB NSE script (written in Lua language) which is the core component that fetches relevant vulnerabilities from VulnDB.