It supports Hybrid Decompilation (Smali/Java), Context-Aware Analysis (Call Graphs), and Intelligent Risk Filtering, ensuring that security engineers can focus on verified, high-severity findings rather than false positives.

Features

• 🧠 Intelligent Analysis Engine: Droid LLM Hunter goes beyond regex. It breaks down code into chunks, summarizes functionality, and understands context before flagging vulnerabilities, significantly reducing false positives compared to traditional tools.
• ⭐ Staged Prompt Architecture: Uses a specialized pipeline of prompts (Summarization -> Filtering -> Deep Scan) to ensure consistent reasoning and reduce hallucination. Read the Docs
• 🔍 Hybrid Filter Modes: Choose your strategy!
• llm_only: Maximum accuracy using pure AI analysis.
• static_only: Blazing fast keyword scanning.
• hybrid: The best of both worlds Static keywords filter the noise, AI verifies the danger.
• 🛠️ Flexible Configuration: a simple yet powerful configuration file (config/settings.yaml) allows for easy management of LLM providers, models, rules, and Decompiler Settings (Apktool/JADX).
• 🕸️ Context-Aware Scanning: Utilizes a Call Graph to understand file dependencies. Use Cross-Reference Context to let the AI know who calls a function and with what arguments. Read the Docs
• ⚔️ Attack Surface Mapper: Combines Manifest Structure (Exported components) with Code Logic (AI Summaries) to identify high-risk entry points (e.g., specific activities processing unvalidated URLs). Read the Docs
• 📚 RAG with OWASP MASVS: Every finding is automatically enriched with the relevant OWASP Mobile Application Security Verification Standard (MASVS) ID (e.g., MASVS-STORAGE-1), making your reports audit-ready instantly.
• 🤖 Multi-Provider Support: Run locally with Ollama (free & private) or scale up with Gemini, Groq, and OpenAI.
• 📊 Structured Security Reports: Get detailed JSON output containing severity, confidence scores, evidence snippets, and even an “Attack Surface Map” of the application.

Installation

1. Clone the repository:

git clone https://github.com/roomkangali/droid-llm-hunter.git 
cd droid-llm-hunter

2. Create and activate a virtual environment:

• Linux/macOS:

python3 -m venv venv
source venv/bin/activate

• Windows

python -m venv venv
venv\\Scripts\\activate

3. Install dependencies:

pip install -r requirements.txt

4. Install Apktool & JADX

• Apktool (Required): Must be installed. Instructions
• JADX (Optional but Recommended): Required if you want to use jadx or hybrid decompiler modes. GitHub

🎬 Demo — Droid LLM Hunter

https://www.youtube.com/watch?v=VBNsb8ibK9Q

https://www.youtube.com/watch?v=F9sDP9qO1o0

Repository Droid LLM Hunter

GitHub - roomkangali/droid-llm-hunter: Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Large Language Models (LLMs).

DursBurp is a Burp Suite extension that integrates the power of large language models (LLMs) from OpenAI, Google Gemini, and Groq to assist in security analysis. With DursBurp, you can send HTTP request/response pairs directly to an AI for in-depth vulnerability analysis, all within the Burp Suite interface.

Features

• On-Demand Analysis: Analyzes only the requests you choose, giving you full control.
• Multi-API Support: Integrates with OpenAI, Google Gemini, and Groq APIs.
• Structured Reports: Displays analysis results in a clean, tabbed format similar to the native Burp Scanner, with “Advisory,” “Request,” and “Response” tabs.
• Customizable Prompts: Edit and save your own instruction prompts to tailor the AI’s analysis to your specific needs.
• Finding Management: Mark findings as false positives with a green visual indicator.
• Responsive UI: Analysis runs in the background to ensure the Burp Suite interface never freezes.

How It Works

DursBurp works as an intelligent security assistant, not an automated scanner.

1. Select a Target: Within Burp Suite (e.g., in Proxy > HTTP history), right-click on a request/response pair you want to analyze.
2. Send for Analysis: Select “Extensions” > “DursBurp” > “Analyze with DursBurp”.
3. Prompt Generation: The extension takes the template from the “DursBurp” tab, filling in placeholders like {URL} and {REQUEST_BODY} with real data from your selected traffic.
4. AI Analysis: The completed prompt is sent to your configured AI service (OpenAI, Gemini, or Groq).
5. Report Generation: The AI analyzes the full context of the request and response and generates a structured vulnerability report.
6. View Results: The report is parsed and displayed cleanly in the results panel within the “DursBurp” tab, ready for your review.

Repo Github : https://github.com/roomkangali/DursBurp

Dursgo v1.1.0: AI-Powered Analysis

Announce the release of Dursgo v1.1.0, a major leap forward that integrates the power of Large Language Models (LLMs) directly into your security scanning workflow.

https://github.com/roomkangali/dursgo/releases/tag/1.1.0

This release focuses on one key feature: AI-Powered Vulnerability Analysis, designed to transform how you understand and remediate vulnerabilities.

✨ What’s New

🧠 AI-Powered Vulnerability Analysis

Dursgo can now go beyond standard detection by providing deep, AI-generated insights for each vulnerability found.

- Root Cause Analysis: Get clear and concise explanations of why a vulnerability exists.
- Contextual Recommendations: Receive tailored remediation advice specific to the finding.
- Actionable Code Examples: Get practical code examples to help developers accelerate the fixing process.
- Multi-Provider Support: Seamlessly integrates with leading LLM providers. Current support includes:
 — Google Gemini
 — Groq (via its OpenAI-compatible API)
 — Support for other providers like OpenAI will be added in the future.

🚀 How to Use

To activate this new feature, simply add the ` — enable-ai` flag to your scan command. Ensure you are also saving the output to a JSON file to see the results.

Example Command:

Run an SQLi scan and get AI-powered analysis for any findings

./dursgo -u http://testphp.vulnweb.com/ -c 10 -r 3 -s sqli - enable-ai -output-json report.json

📝 Configuration

The AI feature is configured via the new `ai` section in your `config.yaml` file.

# AI (LLM) Integration Settings
ai:
 # Enable/disable the feature. Can be overridden by the - enable-ai flag.
 enabled: true
 
 # The provider to use. Supported: "gemini", "groq"
 provider: "groq"
 
 # Your API key for the selected provider.
 api_key: "gsk_…"
 
 # The specific model to use.
 model: "meta-llama/llama-4-scout-17b-16e-instruct"

🛠️ Demo Video

https://www.youtube.com/watch?v=kpJS-C-ocLA
https://www.youtube.com/watch?v=n1YL1Kxq3Rc

Download DursGo

https://github.com/roomkangali/dursgo

What Is LabVulnerDursGo?

LabVulnerDursGo is a repository hosted on GitHub that provides a suite of deliberately vulnerable web applications. These labs are crafted to simulate real-world security flaws, allowing users to test DursGo’s capabilities in detecting issues like SQL Injection, XSS, and SSRF. Each lab comes with video walkthroughs demonstrating how to identify and solve the vulnerabilities using DursGo, making it an excellent learning resource for beginners and a validation tool for experts.

The labs are built using PHP, Python (Flask), and Node.js, and they can be run locally using Docker. This setup ensures accessibility and consistency across different environments. Whether you’re a pentester honing your skills or a developer validating security tools, LabVulnerDursGo is a valuable asset.

Available Labs and Their Vulnerabilities

The repository includes a diverse set of labs, each targeting specific vulnerability types. Here’s a breakdown:

• Open Redirect Lab: Demonstrates a classic open redirect vulnerability where the app redirects to any user-supplied URL.
• Blind Vulnerabilities Lab: Features Blind SSRF and Blind Command Injection, detectable via OAST.
• SSRF (In-Band) Lab: A classic SSRF where the app fetches content from a user-supplied URL.
• Mass Assignment Lab: A protected API endpoint vulnerable to mass assignment attacks.
• CORS Misconfiguration Lab: An API endpoint that improperly reflects the Origin header, risking data theft.
• Authentication Lab: A login page to test authenticated scanning, with vulnerabilities like CSRF, BOLA, File Upload, and Mass Assignment.
• Exposed Files Lab: A directory to detect sensitive files and folders like .env or .git/.
• IDOR & Stored XSS Lab: An authenticated test for Insecure Direct Object References and Stored XSS.
• GraphQL API Lab: A vulnerable GraphQL endpoint for testing introspection, injection, and other API flaws.

These labs cover a wide range of OWASP Top 10 vulnerabilities, making them a comprehensive testing ground for DursGo’s scanner modules.

Setting Up the Labs

LabVulnerDursGo is designed for ease of use with Docker. It includes two main applications: a PHP-based dashboard (index-vuln) and a Python/Node.js-based service (index-vuln-2). Here’s how to get them running:

1. PHP Lab Application (index-vuln)

This serves as the main dashboard, linking to all labs, including those on ports 5000 and 4000.

• Requirements: Docker, Docker Compose
• Steps:

Navigate to the index-vuln directory:

cd index-vuln

Start the container:

docker compose up --build -d

Access the app at: http://localhost:8088

• Stop:

docker compose down

2. Python & Node.js Lab Application (index-vuln-2)

This includes a Flask web app (port 5000) and a Node.js GraphQL API.

• Requirements: Docker, Docker Compose
• Steps:

Navigate to the index-vuln-2 directory:

cd index-vuln-2

Start both services:

docker compose up --build -d

Access the services (details on ports provided in the repo).

• Credentials (for port 5000):
• Admin: admin / admin123
• Regular User: user1 / password123
• Stop:

docker compose down

Important: Run both applications simultaneously to ensure all links from the index-vuln dashboard work correctly.

Why Use LabVulnerDursGo?

This lab collection stands out for several reasons:

• Practical Learning: Video walkthroughs provide step-by-step guidance, ideal for those new to pentesting.
• Comprehensive Testing: Covers multiple vulnerability types, validating DursGo’s broad scanner capabilities.
• Open-Source: Free to use and modify, fostering community contributions.
• Real-World Simulation: Mirrors common web app flaws, preparing you for actual security assessments.

Getting Started with DursGo and LabVulnerDursGo

To make the most of this lab:

1. Install DursGo from its GitHub repository.
2. Set up LabVulnerDursGo as described above.
3. Use DursGo’s CLI to scan the labs and compare results with the videos.
4. Experiment with flags like -oast for blind vulnerabilities.

Conclusion

LabVulnerDursGo is companion to the DursGo scanner, offering a hands-on way to explore web security vulnerabilities. Whether you’re learning, testing, or contributing, this setup provides a safe and educational environment. https://github.com/roomkangali/LabVulnerDursGo for the latest updates.

DursGo: The Go-Powered Web Application Scanner for Cybersecurity

What Is DursGo?

DursGo is a web application security scanner designed for penetration testing and automated security audits. Built with Go, it offers high performance and flexibility, making it ideal for quick scans without sacrificing accuracy. Unlike commercial scanners, DursGo is open-source and free under the MIT License, allowing you to customize it to your needs.

The tool supports scanning modern web applications, including JavaScript-based Single-Page Applications (SPAs), and integrates with Out-of-Band Application Security Testing (OAST) services like Interactsh. It also enriches findings with data from the CISA Known Exploited Vulnerabilities (KEV) catalog, helping you prioritize real-world exploited vulnerabilities.

Additionally, there’s a supporting repository called LabVulnerDursGo, which includes vulnerable applications for testing DursGo, complete with video walkthroughs. This is a fantastic resource for beginners looking to learn through hands-on practice.

Features of DursGo

DursGo stands out with its context-aware and intelligent approach. Here are its key features:

• Intelligent, Context-Aware Scanning: Detects a wide range of vulnerabilities with high accuracy, tailoring logic to contexts like HTML or JavaScript.
• Comprehensive Authentication Support: Scans applications protected by login forms, bearer tokens, or session cookies.
• In-Depth Automated Discovery: Crawls web apps thoroughly, including SPAs and API endpoints, with JavaScript rendering via a headless browser (Chrome/Chromium).
• Accurate Finding Deduplication: Normalizes and removes duplicate findings for clean reports.
• OAST Integration: Detects blind vulnerabilities like SSRF through out-of-band verification.
• KEV Enrichment: Adds context from the CISA KEV catalog to findings.
• Flexible Configuration: Customizable via YAML files and CLI flags.
• High-Performance Engine: Lightweight and fast, leveraging Go’s concurrency.

DursGo also prioritizes reducing false positives with baseline comparison logic, such as in its IDOR and SQLi scanners.

Scan Workflow

DursGo follows a systematic, multi-stage workflow for comprehensive coverage:

1. Technology Fingerprinting: Identifies the target’s technologies (e.g., WordPress, Laravel) to tailor scan modules.
2. Intelligent Crawling: Discovers URLs, forms, and endpoints, with the -render-js option for SPAs.
3. Proactive Parameter Discovery: Injects common parameter names to uncover hidden vulnerabilities.
4. Scanner Execution: Runs selected modules (e.g., XSS, SQLi) concurrently against discovered targets.
5. OAST Verification: Checks out-of-band interactions if enabled.
6. Deduplication & Reporting: Aggregates unique findings and generates console or JSON output.

Note: Scans with -s all can take longer due to the multiplicative effect (URLs x Parameters x Payloads x Scanners). For speed, target specific scanners instead.

Installing DursGo

Installation is straightforward but requires Go version 1.23 or newer.

Clone the Repository:

git clone https://github.com/roomkangali/dursgo.git
cd dursgo

Build the Application:

go build -o dursgo ./cmd/dursgo

Copy to PATH (Optional):

sudo cp dursgo /usr/local/bin/

For JavaScript rendering or DOM XSS features, install Chrome/Chromium:

• Ubuntu: sudo apt-get install -y chromium-browser
• macOS: brew install --cask google-chrome

Initial configuration uses a config.yaml file in the working directory for target and authentication settings.

Basic Usage and Examples

Start with a simple command:

• Basic Scan:

./dursgo -u http://example.com -c 10 -r 3 -s xss,sqli

• Scan with OAST:

./dursgo -u http://example.com -c 10 -r 3 -s blindssrf --oast

• Scan DOM XSS with JavaScript Rendering:

./dursgo -u http://spa.example.com -c 10 -r 3 -s domxss -render-js

Full CLI options include -d (crawl depth), -delay (request delay), -enrich (KEV enrichment), and -output-json (JSON report).

Available Scanners

DursGo offers a variety of scanner modules, runnable with -s (e.g., -s xss,sqli or -s all):

• blindssrf: Blind SSRF (requires -oast).
• cmdinjection: Command Injection (supports OAST).
• domxss: DOM-Based XSS (requires -render-js).
• bola: Broken Object Level Authorization.
• cors: CORS misconfigurations.
• csrf: Cross-Site Request Forgery.
• exposed: Exposed files/directories.
• fileupload: Unrestricted File Upload.
• graphql: GraphQL vulnerabilities (introspection, injection).
• idor: Insecure Direct Object Reference.
• lfi: Local File Inclusion.
• massassignment: Mass Assignment.
• openredirect: Open Redirect.
• securityheaders: Missing security headers.
• sqli: SQL Injection.
• ssrf: In-band SSRF.
• ssti: Server-Side Template Injection.
• xss: Combines Reflected and Stored XSS.

Use none for crawling only, without vulnerability scanning.

Configuration File (config.yaml)

Use YAML for complex settings, such as authentication:

• General: Target, concurrency, scanners, etc.
• Output: Verbose, format (JSON), output file.
• Authentication: Supports form-based, cookie, header (Bearer), or auth-token.

Example form-based authentication:

authentication:
  enabled: true
  type: "header"
  header_name: "X-Auth-Token"
  value: "eyJhbGciOiJIUzI1Ni...[token]"

For IDOR, specify scan_idor with the authenticated user ID.

JSON Report Structure

The JSON report includes:

• scan_summary: Scan metadata (duration, scanners, technologies).
• discovered_endpoints: List of URLs and parameters.
• vulnerabilities: Detailed vulnerability data (type, URL, severity, remediation).

This format is ideal for CI/CD integration or security dashboards.

Development Roadmap

DursGo is an evolving project. Current priorities include:

• IDOR Scanner: Add parameter-based support and non-numeric IDs (UUIDs).
• Enhancements: OpenAPI support, JWT attacks, OAuth misconfigs, HTTP smuggling, etc.
• New Scanners: XXE, Deserialization, Prototype Pollution, Secret Scanning.
• Reporting: HTML/CSV output, evidence snippets.
• Integration: Baseline scans for CI/CD, a web dashboard with LLM AI for analysis.

Conclusion

DursGo is a powerful tool for anyone serious about web security. With Go’s performance and advanced features like OAST and KEV enrichment, it’s a free alternative to commercial scanners. However, remember: Use it only for authorized testing, as responsibility lies with the user.

If you try DursGo, share your experience in the comments! Check the GitHub repository for the latest updates: https://github.com/roomkangali/dursgo.

Community-driven database for the DursVulnNSE project. Its core purpose is to decouple raw data sources from the final, distributable database used by the scanner. This separation allows for easy community contributions and provides a single, optimized database file for DursVulnNSE scanner users.

The primary artifacts of this repository are the comprehensive and up-to-date vulnerability database files: cve-main.json, product.json, and script_mapping.json. End-users of the DursVulnNSE scanner can simply download these files to replace existing ones within the database/ directory of a standard DursVulnNSE installation.

System Architecture: Contribution, Curation, and Distribution

This repository employs a two-phase workflow: Contribution & Curation and Distribution, ensuring both ease of contribution and optimized delivery for scanner users.

Phase 1: Contribution & Curation

This is where all additions and updates to the vulnerability data happen. Contributors work with small, manageable JSON files, organized intuitively by category.

• product.json acts as the source of truth, dictating which products are actively tracked for vulnerabilities.
• The tools/db_updater.py script reads this configuration, intelligently fetches the latest CVEs from the NVD API, and updates the corresponding small, topic-specific JSON files located within the cves/ directory.
• This modular approach makes it incredibly easy for users to add new CVEs or update existing ones by simply editing these topic-specific files, drastically reducing the potential for merge conflicts.

Phase 2: Distribution

This phase is dedicated to producing the final, optimized database file that the DursVulnNSE scanner directly consumes.

• The tools/merger.py script is executed. It intelligently traverses all the small JSON files across the cves/ directory.
• It then de-duplicates, sorts, and merges all the individual entries into a single, large, and highly optimized cve-main.json file.
• cve-main.json is the ultimate artifact that DursVulnNSE scanner end-users need to download for their operations.

Key Features

• Modular & Scalable: The database is intelligently split into small, category-based files, making it easy to manage and scale.
• Contributor-Friendly: This architecture drastically reduces merge conflicts and simplifies the process of adding new vulnerabilities, encouraging community participation.
• Automated Tools: The repository provides robust Python scripts to fetch, update, and merge CVE data efficiently.
• Decoupled Architecture: It clearly separates the database management workflow from the scanner’s operational logic, promoting cleaner development and maintenance.

Directory Structure

To give you a clearer picture of how the data is organized:

Repo-Database/
│
├── cves/
│   ├── ad/
│   ├── database/
│   ├── http/
│   └── ... (other categories)
│
├── tools/
│   ├── db_updater.py
│   └── merger.py
│   └── version_refactor.py
│
├── cve-main.json
├── product.json
└── script_mapping.json

Database Management Tools

This repository contains three primary Python scripts, all conveniently located in the tools/ directory, to streamline database management:

db_updater.py

This script is used to populate individual CVE files. It reads the product.json configuration to identify which products need updates, then fetches the latest CVE data from the NVD API. The fetched data is used to update corresponding JSON files within the Repo-Database/cves/ directory. Any CVEs that do not match a specific product are intelligently added to Repo-Database/cves/misc/others.json.

merger.py

This powerful script consolidates all individual CVE files into the final, comprehensive database (cve-main.json). It recursively scans the cves/ directory, efficiently handles empty files, de-duplicates entries by CVE ID, and sorts the final list for optimal scanner performance.

version_refactor.py

Designed to standardize and improve the accuracy of version_match fields within existing CVE entries across the database. It transforms flat lists of version conditions into a more structured, grouped format, which significantly enhances the precision of vulnerability matching performed by the DursVulnNSE scanner.

Configuration Files

The root directory houses the primary configuration files that orchestrate the database generation tools:

product.json

This is the central configuration file for the db_updater.py script. It meticulously defines which products to track and provides instructions on how to find their associated CVEs.

script_mapping.json

This file serves a crucial role by mapping critical CVEs to specific Nmap scripts that can be utilized for active verification, adding another layer of validation to the scanning process.

DursVuln Database Update — Video Explanation

https://www.youtube.com/watch?v=FTwnjzAHzaI

To provide a comprehensive understanding of the database update process, I have created a detailed video explanation. The video covers the following steps and important details:

Initial Preparation: Before starting the update process, ensure the following files are correct and add any new entries if necessary:

1. cve-main.json: Verify its structure and content are accurate.
2. script_mapping.json: Confirm the mapping of Nmap scripts to CVEs.
3. product.json: Ensure the list of tracked products is complete and accurate.

Database Update Steps:

The video meticulously explains the execution order of the scripts required to update the database:

Step 1: python3 Repo-Database/tools/db_updater.py

• This script reads product.json to identify products requiring updates.
• It then fetches the latest CVE data from the NVD API.
• The fetched data updates individual JSON files in Repo-Database/cves/. Unmatched CVEs are added to Repo-Database/cves/misc/others.json.

Step 2: python3 Repo-Database/tools/version_refactor.py

• Executed after db_updater.py, this script standardizes the version_match format across all CVE entries. This grouping improves the accuracy of vulnerability matching by the DursVulnNSE scanner.

Step 3: python3 Repo-Database/tools/merger.py

• The final step: merger.py recursively scans all JSON files in Repo-Database/cves/.
• It de-duplicates entries by CVE ID, sorts the final list, and merges all data into a single, comprehensive Repo-Database/cve-main.json file, ready for the DursVulnNSE scanner.

This video provides a visual and step-by-step guide to ensure you can update the DursVuln database correctly and efficiently.

DursVuln Database is more than just a collection of files; it’s a robust, community-driven system designed to provide accurate, up-to-date, and customizable vulnerability intelligence for the DursVulnNSE scanner.

Check out the DursVuln-Database GitHub repository to learn more and contribute: https://github.com/roomkangali/DursVuln-Database

Inspired by projects like scipag/vulscan and vulnersCom/nmap-vulners, DursVulnNSE is an open-source Nmap Scripting Engine script meticulously designed to identify vulnerabilities in detected services. It boasts a modular architecture and an easily updatable local database, providing detailed, and highly readable vulnerability reports.

Why DursVuln Stands Out

DursVulnNSE addresses critical gaps in the Nmap ecosystem, offering a flexible and user-friendly solution for local vulnerability scanning. It tackles common challenges such as false positives and delayed updates often associated with online or less customizable tools.

DursVulnNSE is ideal for:

• Internal Penetration Testing: Conduct thorough scans within your private networks.
• Air-Gapped Environments: Perform vulnerability assessments without relying on external internet access.
• Privacy-Focused Operations: Keep your vulnerability data local and secure.

A Glimpse into DursVuln’s Architecture

DursVulnNSE operates on a two-component architecture, ensuring maximum efficiency:

1. Offline Processing Component (db_updater.py): This Python script handles all resource-intensive tasks. It reads configuration files (product.json and script_mapping.json), fetches raw CVE data from the NVD API, and enriches it. The output is a structured and optimized cve-main.json file, ready for rapid scanning.
2. Scan-Time Execution Component (dursvuln.nse & vulndb.lua): Designed to be lightweight and fast, this component loads the pre-processed cve-main.json data into memory during an Nmap scan. It efficiently matches vulnerabilities against targets, applies filtering logic, and presents a concise report without heavy data processing.

A unique capability is its Layered Application Detection, allowing it to “look deeper” than just web server versions. For instance, it can detect actual application versions like Jenkins running on Jetty by analyzing HTTP headers or HTML content.

Video Demonstrations

See DursVulnNSE in action with these detailed demonstrations:

1. Install DursVulnNSE and Demo Vulhub Lab

Video Link:

https://www.youtube.com/watch?v=A6_YR7VMzWk

In this video, we’ll demonstrate DursVulnNSE, an open-source Nmap Scripting Engine (NSE) script for local vulnerability scanning. We’ll use it inside a Vulhub lab to quickly and efficiently identify three critical vulnerabilities.

VULNERABILITY SCENARIOS DEMONSTRATED:

• Jenkins RCE (CVE-2017–1000353): Finding a Remote Code Execution vulnerability in Jenkins CI.
• Nginx Cache Leak (CVE-2017–7529): Identifying an information leak from the Nginx cache due to an integer overflow.
• PostgreSQL RCE (CVE-2019–9193): Detecting a vulnerability that allows for arbitrary command execution with admin privileges in PostgreSQL.

Key Features at a Glance

• Dynamic Service Detection: Automatically scans any open port where Nmap detects a service and its version.
• Output Control: Customize report verbosity with dursvuln.output (e.g., concise for summarized reports or full for all technical details).
• Severity Filtering: Filter results based on minimum severity levels (LOW, MEDIUM, HIGH, CRITICAL).
• Database Updater: Python scripts (db_updater.py, fix_duplicate.py) ensure your CVE data is always up-to-date and free of duplicates.
• Layered Application Detection: Beyond basic service versions, it identifies application versions from HTTP headers or HTML content.

User Group

DursVulnNSE is built to solve real problems for various user groups:

• Red/Blue Teams: Perfect for internal/air-gapped networks, project-specific rule customization, and adding non-public vulnerabilities.
• Bug Hunters: Offers efficiency in identifying vulnerabilities and managing personal findings.
• Cybersecurity Trainers: Provides an excellent learning environment and educational tool for understanding vulnerability scanning.

Getting Started with DursVulnNSE

Installation: Ensure Nmap version 7.94SVN or later is installed.

git clone https://github.com/roomkangali/DursVulnNSE
cd DursVulnNSE

Update Database:

pip install requests
python3 tools/db_updater.py

Running a Scan (Local Development):

sudo nmap -sV -Pn --script ./dursvuln.nse <target_ip>

For automated global installation, use the configure-dursvuln.sh script.

Understanding Your Report

DursVulnNSE classifies findings based on confidence:

• ID: … (High Confidence): Strong evidence, target version matches a known vulnerable range. High Priority.
• … (Active Check Required): …: Critical potential risk, provides another Nmap command for verification. Urgent Priority.
• POTENTIAL (Low Confidence): …: Weak evidence, requires manual verification. Low Priority.

Customize and Contribute!

The DursVuln lies in its flexibility. You can easily add new products, aliases, advanced detection rules, and active test mappings by modifying product.json and script_mapping.json. After changes, simply re-run db_updater.py.

Contributions are highly welcome! Whether it’s for scanner issues/features or database contributions, your input helps DursVulnNSE grow.

DursVulnNSE is more than just an Nmap script; it’s a comprehensive, customizable, and efficient solution for vulnerability scanning, designed to cybersecurity professionals and enthusiasts alike.

Check out the DursVulnNSE GitHub repository https://github.com/roomkangali/DursVulnNSE