I need some advice on a college project i am making.. I am trying to build a website

The workflow is

  1. User enter an IP address
  2. I use nmap lib in python for a port scan
  3. And then provide CVE ids as an output to the user, the target is vulnerable to…
    Is it possible to implement the third step?
3 Likes

Well. Yes. With enough programming it’s definitely possible. Nmap pretty much does that on it’s own already correct? Just… take user input (sanitized of course, don’t want any command injection funny business) as the nmap input.
Make server return nmap output? Let me know if you’re trying to do more with it than I’m understanding.

Yes you’re correct. But my thought is to return CVE ids the target is vulnerable to. I am thinking of using nrich command line tool for that purpose which is a product of Shodan itself
The thing i am confused about is how to take input from user using a form field like on HTML and pass it to backend of python… I mean should i use Django framework or so… i am confused about that step

Oh ok. You’d probably want to look into using PHP for quick solutions like that. Or JS if you’re more comfortable. It’s just storing data from the post requests and then passing that to a script. There’s a lot of material out there for learning to make interactive web pages like that
Creating a nice API would make that possible hopefully quickly. But can I ask why you want to make this a web project instead of just logging in with ssh? Django is capable of doing backend but I’ve personally never used it, whatever works for your use case is cool. Working with forms | Django documentation | Django (djangoproject.com)
And, if you have time, read the article that security researchers of CIP teams written. It’s about what we should careful when using Django kind a different bug might be helpful as well. API Key, a Key to Credential Leakage & Manipulation | CIP Blog (criminalip.io)

Its a college project. I thought that people need to install nmap and everything just to get up and running a simple scan. I am good at web concepts… But i thought how better it’d be that a user inputs an IP address in a simple form field and get info about which CVE the target is vulnerable to… That makes tasks easier a bit I guess
My goal is 1. User inputs an IP address 2. A port scan using nmap lib in python 3. Using os.systen() in python, i could get info about what CVE an IP address is vulnerable to. In your opinion, is this doable? I am just scared coz i don’t want to fail the entire semester due to this project… And thanks for your referal

It’s totally doable it’s just easy to do a denial of sevice on it Unless you have like a bunch of systems running scans distributed

Also a potential problem, NMAP really just scans for open ports. Most CVE (and by extension exploits) have progressed beyond just a port being opened
For example port 80/443 open means nothing it’s almost a given. However if the app running on port 80/443 is running log4j < 2.15.0 then it is likely vulnerable to CVE-2021-4428
That’s why most of the open source vulnerability scanners are more than just port scanning.
Might be worth checking out the approaches used by things like OpenVAS and OpenSCAP

1 Like

It doesn’t look like CVE records vulnerable ports either which makes sense becasue you can run for example a webserver on any port so limiting it to port 80 is a false security
VulDB has an API, so as a project for college people maybe you could get them to do something like NMAP using OS fingerprinting and server identification
then take those and search the VulDB API API (CVE maybe able to as well) for matching OS and software versions
No real API for CVE so a bit hit an miss but you could do something in that space using the search form CVE - Search CVE List

Nmap script extender. Can be utilized as a vulnerability scanner, at least that’s what I’m assuming they want to use

Thank you very much for guiding me through this man! :slight_smile: Hopefully i’ll be able to get this done soon