Built by Astha Patel | M.S. Information Technology, Arizona State University
Vulnerability scanning is one of the most fundamental tasks in security operations. Every organization with any infrastructure runs regular scans to know what is exposed. But most entry level security candidates have never built a scanner or touched CVE data directly.
I wanted to understand how the process works end to end, from discovering open ports to correlating them with real known vulnerabilities to generating a report a security team could actually use.
The scanner takes a target IP or hostname and works through a four-step process. First it scans for open ports and running services using Nmap. Then it identifies service versions on each open port. It then queries the NIST National Vulnerability Database for CVEs matching those services. Finally it calculates risk ratings for each finding based on CVSS scores and generates a professional PDF security assessment report.
The result is an automated workflow that mirrors what a real vulnerability assessment looks like.
347,000 plus CVEs queryable from the NVD API in real time. CVE data includes CVSS base scores, severity ratings, affected versions, and remediation guidance. Results are filtered and matched to the specific service versions detected on the target.
| CVSS Score | Rating |
|---|---|
| 9.0 to 10.0 | Critical |
| 7.0 to 8.9 | High |
| 4.0 to 6.9 | Medium |
| 0.1 to 3.9 | Low |
Python 3, Nmap, python-nmap, NVD CVE API, ReportLab, Colorama, requests
git clone https://github.com/astha2310/vulnerability-scanner.git
cd vulnerability-scanner
pip3 install python-nmap reportlab requests colorama
sudo python3 scanner.py
python3 report_generator.pyThe trickiest part was CVE matching. Service version strings from Nmap do not always match the CPE identifiers that the NVD uses. Parsing and normalizing those strings to make accurate CVE queries required a lot of iteration and trial and error.
I also learned something about how attackers prioritize targets. The highest CVSS score vulnerabilities are not always the most exploitable ones in a real environment. A critical CVE in a service that is only accessible internally is less urgent than a medium CVE on a public-facing port. Building the risk rating system made me think more carefully about how severity and exploitability interact.
The most interesting discovery: running the scanner against my own VM revealed services I had forgotten were running. That is a real lesson about the value of regular scanning — you always find something unexpected.
Scheduled automated scanning with delta reports showing new findings since the last scan, integration with Shodan to pull additional exposure data, exploitability scoring using EPSS alongside CVSS, HTML report output in addition to PDF, and support for scanning multiple targets in parallel.
Built for educational purposes and authorized security testing only. Only scan systems you own or have explicit written permission to test. Unauthorized scanning is illegal.
Astha Patel | github.com/astha2310 | linkedin.com/in/asthap23