New parser for Network Exploitation, Reconnaissance & Vulnerability Engine (N.E.R.V.E)

[kiblik]

Scanner Name

NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services.

Example of some of NERVE's detection capabilities:

Interesting Panels (Solr, Django, PHPMyAdmin, etc.)
Subdomain takeovers
Open Repositories
Information Disclosures
Abandoned / Default Web Pages
Misconfigurations in services (Nginx, Apache, IIS, etc.)
SSH Servers
Open Databases
Open Caches
Directory Indexing
Best Practices

It is not a replacement for Qualys, Nessus, or OpenVAS. It does not do authenticated scans, and operates in black-box mode only.

https://github.com/PaytmLabs/nerve

Sample File I do not have it

[damiencarol]

@kiblik seems that NERVE is "live" and have an API and export features.

[StefanFl]

Looks like an interesting tool, but it doesn't seem to be active. One developer released it 13 months ago, did some changes within the first days and nothing happened since then. The Python requirements contain a lot of vulnerabilities, no issue has been answered since November 2020.

I personally would not use such an unsupported tool and I don't think we need to have a scanner for it.

[kiblik]

Ok @StefanFl, I agree