Cloudflare released a new open-source network vulnerability scanner Flan Scan based on the popular network scanning tool Nmap. The Flan Scan converts the Nmap to a full-fledged vulnerability scanner by adding additional components.
The tool was designed to scan for the network and to detect services on the network and then to lookup for those services with the CVEs database for finding vulnerabilities relevant to it.
Flan Scan and Nmap
Nmap is known for its accuracy, which lets the Cloudflare team to Choose Nmap as a base scanner,” we also liked Nmap because of the Nmap Scripting Engine (NSE), which allows scripts to be run against the scan results.”
Also, the NSE includes the vulnerability database “vulners” script that is mapped to use to map the detected services with the relevant CVEs from the database.
Cloudflare added three features to make the scanner easy to deploy and more user-friendly.
- Can be built inside Kubernetes and Docker
- Ability to push results inside Google Cloud Storage Bucket or an S3 bucket.
- Actionable reports from Nmap’s output to detect vulnerable services.
Flan Scan capable of establishing an organization vulnerability management program, the scan starts with service detection followed by fetching results from vulners.com that shows know vulnerabilities associated with the service.
Flan Scan default’s Nmap to run these three scans
- ICMP ping scan – To determine a service status
- SYN scan – To find open, closed, or filtered ports.
- Service detection scan – To detect the services running on the port.
The tool also allows users to run any features of the Nmap by just passing the Nmap flags at runtime. The tool includes uses a Python script that converts structured XML of Nmap’s output to an actionable report.
Flan Scan available in GitHub, also Cloudflare provides configuration sample configurations.
