No announcement yet.

Vulmap: Online Local Vulnerability Scanners Project

  • Filter
  • Time
  • Show
Clear All
new posts

  • Vulmap: Online Local Vulnerability Scanners Project

    Sunday from 10:00 – 11:50 in Sunset 3 at Planet Hollywood
    Audience: Offense, Defense Yavuz Atlas & Fatih Ozel

    Vulmap is an open source online local vulnerability scanner project. It consists of online local vulnerability scanning scripts for Windows and Linux. These scripts can be used for defensive and offensive purposes. It is possible to conduct vulnerability assessments by using these scripts. Also they can be used for privilege escalation by pentesters/red teamers. Vulmap scans vulnerabilities on localhost, shows related exploits and downloads them. It basically, scan localhost to gather installed software information and ask Vulmon API if there are any vulnerabilities and exploits related with installed software. If any vulnerability exists, Vulmap shows CVE ID, risk score, vulnerability's detail link, exploit ids and exploit titles. Exploits can be downloaded with Vulmap also. Main idea of Vulmap is getting real-time vulnerability data from Vulmon instead of relying of a local vulnerability database. Even the most recent vulnerabilities can be detected with this approach. Also its exploit download feature helps privilege escalation process. Since most Linux installations have Python, Vulmap Linux is developed with Python while Vulmap Windows is developed with PowerShell to make it easy to run it on most Windows versions without any installation.

    Yavuz Atlas
    Yavuz Atlas is a cyber security researcher. He has academic and professional experience in areas like cyber security, software development, data science and information visualization. He works as a Tech Lead for Biznet. His current work focuses on pentesting and secure code reviews. Yavuz is also developer of Vulmon project.

    Fatih Ozel
    Fatih Ozel specializes in web application assessments, penetration testing, and software development. He is a former software developer and an open source enthusiast. He holds a Computer engineering degree from Suleyman Demirel University. Fatih is currently working as a Penetration tester for Biznet Bilisim.

  • #2
    Do you want to try Vulmap Windows before Demo Labs? Just copy and paste script below to your PowerShell terminal (V3 and higher):

    iex(New-Object Net.WebClient).DownloadString('')
    More information is on the Github Page: