Feature Request: Import Nuclei JSON Scans and Vulners database. #48
Description
Description
Nuclei JSON Scans
I like an additional feature to import JSON output file to parse the scans.
$ nuclei -u <IP> -tags cve -j -o output_vulns.json
Another CVE Database Vulners
Similarly nmap has it's own NSE script that is officially supported using Vulners to find CVEs. After watching this video from the official metasploit channel that starts from a timestamp 11:58 - 13:25. To reproduce the commands. This is after you've discovered open ports. Let's assume you're exploiting a vulnerable HTTP web server.
$ sudo nmap -p 80 -Pn -sV --script=vulners -oX output.xml <IP>
After the scan results where finished. You can import the file using metasploit framework. It'll also work if you scan directly in the msfconsole with db_nmap along with the flags above. After the file has been imported you can type analyze to fetch the auxiliary or exploit module to run the exploit against the vulnerable target.
msf6 > db_import output.xml
msf6 > analyze
The NSE script is found in this path /usr/share/nmap/scripts/vulners.nse and here's the python script (https://github.com/9p4/nmap-xml-vulners) that can be easily implemented.
Why is it great? Well when I found this website SploitUs (https://sploitus.com) it's powered by Vulners service. It provides a summarized info with the exploit by jumping straight to the point. I checked in sitemap (https://sploitus.com/sitemap.xml) to see how it works. It uses a parameter ID to include the results from Vulners database. It works like a charm. It's overpowered.