This is a vulnerability scanner using Zeek logs and Nmap.
For a school project we worked as a group on the following casus: How can a large company (> 50.000 devices) effectively and automatically scan its own network for vulnerabilities regularly without blindly scanning all IPv4 ranges in use or when IPv6 is used.
"What is the best method to scan a 50,000-client network for vulnerabilities without scanning all clients?"
- What is an effective way to find all clients in the network?
- How do you distinguish servers from workstations in the network?
- How can you scan a large number of clients for vulnerabilities?
- How does this process work with clients using IPv6?
This project uses several external applications:
In order to use the script to scan for possible vulnerabilities you need to execute several commands.
Execute the command below to download the script from Github.
wget https://raw.githubusercontent.com/nielsbakkers/zvs-script/main/scan_v8.shTo ensure that the script works as expected make sure that Zeek and Nmap are installed and configured as required.
Nmap install guide https://nmap.org/download.html
Zeek install guide https://docs.zeek.org/en/lts/get-started.html
Run the commands below to execute the script.
chmod +x scan_v8.sh
./scan_v8.shProject-Demo.mp4
Created by @nbakkers - Feel free to contact me!