Skip to content

astha2310/vulnerability-scanner

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Automated Vulnerability Scanner — CVE-Based Security Assessment

Built by Astha Patel | M.S. Information Technology, Arizona State University


Why I Built This

Vulnerability scanning is one of the most fundamental tasks in security operations. Every organization with any infrastructure runs regular scans to know what is exposed. But most entry level security candidates have never built a scanner or touched CVE data directly.

I wanted to understand how the process works end to end, from discovering open ports to correlating them with real known vulnerabilities to generating a report a security team could actually use.


What It Does

The scanner takes a target IP or hostname and works through a four-step process. First it scans for open ports and running services using Nmap. Then it identifies service versions on each open port. It then queries the NIST National Vulnerability Database for CVEs matching those services. Finally it calculates risk ratings for each finding based on CVSS scores and generates a professional PDF security assessment report.

The result is an automated workflow that mirrors what a real vulnerability assessment looks like.


The Data Behind It

347,000 plus CVEs queryable from the NVD API in real time. CVE data includes CVSS base scores, severity ratings, affected versions, and remediation guidance. Results are filtered and matched to the specific service versions detected on the target.


Risk Rating System

CVSS Score Rating
9.0 to 10.0 Critical
7.0 to 8.9 High
4.0 to 6.9 Medium
0.1 to 3.9 Low

Tech Stack

Python 3, Nmap, python-nmap, NVD CVE API, ReportLab, Colorama, requests


How to Run It

git clone https://github.com/astha2310/vulnerability-scanner.git
cd vulnerability-scanner

pip3 install python-nmap reportlab requests colorama

sudo python3 scanner.py
python3 report_generator.py

What I Learned

The trickiest part was CVE matching. Service version strings from Nmap do not always match the CPE identifiers that the NVD uses. Parsing and normalizing those strings to make accurate CVE queries required a lot of iteration and trial and error.

I also learned something about how attackers prioritize targets. The highest CVSS score vulnerabilities are not always the most exploitable ones in a real environment. A critical CVE in a service that is only accessible internally is less urgent than a medium CVE on a public-facing port. Building the risk rating system made me think more carefully about how severity and exploitability interact.

The most interesting discovery: running the scanner against my own VM revealed services I had forgotten were running. That is a real lesson about the value of regular scanning — you always find something unexpected.


What Could Be Added Next

Scheduled automated scanning with delta reports showing new findings since the last scan, integration with Shodan to pull additional exposure data, exploitability scoring using EPSS alongside CVSS, HTML report output in addition to PDF, and support for scanning multiple targets in parallel.


Disclaimer

Built for educational purposes and authorized security testing only. Only scan systems you own or have explicit written permission to test. Unauthorized scanning is illegal.


Astha Patel | github.com/astha2310 | linkedin.com/in/asthap23

About

Automated vulnerability scanner with CVE lookup and PDF report generation

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages