Vision2 - Nmap's XML result parse and NVD's CPE correlation to search CVE

Nmap's XML result parse and NVD's CPE correlation to search CVE. You can use that to find public vulnerabilities in services...

Nmap\s XML result parser and NVD's CPE correlation to search CVE

Example:
python vision2.py -f result_scan.xml -l 3 -o txt

Coded by Mthbernades and CoolerVoid

- https://github.com/mthbernardes
- https://github.com/CoolerVoid

usage: vision2.py [-h] -f NMAPFILE [-l LIMIT] [-o OUTPUT]
vision2.py: error: argument -f/--nmap-file is required

Example of results:

$ python Vision-cpe.py -f result_scan.xml -l 3 -o txt

::::: Vision v0.1 - nmap NVD's cpe correlation - Coded by CoolerVoid
Host: 127.0.0.1
Port: 53
cpe:/a:isc:bind:9.8.1:p1

 URL: https://nvd.nist.gov/vuln/detail/CVE-2016-9131
 Description: named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.

 URL: https://nvd.nist.gov/vuln/detail/CVE-2016-8864
 Description: named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

 URL: https://nvd.nist.gov/vuln/detail/CVE-2016-2848
 Description: ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record.
::::: Vision v0.1 - nmap NVD's cpe correlation - Coded by CoolerVoid

Host: 127.0.0.1
Port: 22
cpe:/o:linux:linux_kernel

 URL: https://nvd.nist.gov/vuln/detail/CVE-2017-14156
 Description: The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes.

 URL: https://nvd.nist.gov/vuln/detail/CVE-2017-14140
 Description: The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.

 URL: https://nvd.nist.gov/vuln/detail/CVE-2017-14106
 Description: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.


::::: Vision v0.1 - nmap NVD's cpe correlation - Coded by CoolerVoid

Host: 127.0.0.1
Port: 53
cpe:/a:isc:bind:none


::::: Vision v0.1 - nmap NVD's cpe correlation - Coded by CoolerVoid

Host: 127.0.0.1
Port: 80
cpe:/a:igor_sysoev:nginx:1.4.1

 URL: https://nvd.nist.gov/vuln/detail/CVE-2014-0133
 Description: Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.

 URL: https://nvd.nist.gov/vuln/detail/CVE-2013-4547
 Description: nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.


::::: Vision v0.1 - nmap NVD's cpe correlation - Coded by CoolerVoid

Host: 127.0.0.1
Port: 465
cpe:/a:postfix:postfix

 URL: https://nvd.nist.gov/vuln/detail/CVE-2012-0811
 Description: Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php.

 URL: https://nvd.nist.gov/vuln/detail/CVE-2011-1720
 Description: The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.

 URL: https://nvd.nist.gov/vuln/detail/CVE-2011-0411
 Description: The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.


::::: Vision v0.1 - nmap NVD's cpe correlation - Coded by CoolerVoid

Host: 127.0.0.1
Port: 8443
cpe:/a:lighttpd:lighttpd

 URL: https://nvd.nist.gov/vuln/detail/CVE-2015-3200
 Description: mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.

 URL: https://nvd.nist.gov/vuln/detail/CVE-2014-2324
 Description: Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.

 URL: https://nvd.nist.gov/vuln/detail/CVE-2014-2323
 Description: SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.


...