Cloudflare Company about opening the source code of the project , which scans hosts on the network for unpatched vulnerabilities. Flan Scan is an add-on for a network security scanner , which turns the latter into a full-featured tool for identifying vulnerable hosts in large networks. The project code is written in Python and under the BSD license.
Flan Scan makes it easy to find open network ports in the network under investigation, determine the services associated with them and the versions of the programs used, and also generate a list of vulnerabilities affecting the identified services. After the work is completed, a report is generated that summarizes the identified problems and lists the CVE identifiers associated with the detected vulnerabilities, sorted by severity.
The script supplied with nmap is used to determine vulnerabilities affecting services. (the latest version can be downloaded from ) accessing the database . A similar result can be achieved with the command:
nmap -sV -oX /shared/xml_files -oN - -v1 -script=scripts/vulners.nse ip-address
"-sV" starts the service scan mode, "-oX" specifies the directory for the XML report, "-oN" sets the normal mode for outputting results to the console, -v1 sets the output verbosity level, "--script" refers to the vulners.nse script for matching identified services to known vulnerabilities.
The tasks performed by Flan Scan are mainly reduced to simplifying the deployment of an nmap-based vulnerability scanning system in large networks and cloud environments. A script is provided to quickly deploy an isolated container based on Docker or Kubernetes to run a validation process in the cloud and push the result to Google Cloud Storage or Amazon S3. Based on the structured XML report generated by nmap, Flan Scan generates an easy-to-read LaTeX report that can be converted to PDF.
Source: opennet.ru