NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and un-patched services.
It does not do authenticated scans. And it operates in black-box mode and do "some" CVE checks based on fingerprinting.
Example of some of NERVE's detection capabilities:
- Subdomain takeovers
- Information Disclosures
- Misconfigurations in services (Nginx, Apache, IIS, etc.)
- Open Databases or Caches
There are 2 ways to setup NERVE: docker or standalone server. Here, I just document how I setup NERVE in docker.
$ git clone http://github.com/PaytmLabs/nerve
$ cd nerve
$ docker build -t nerve .
$ docker run -e username="admin" -e password="pass1234" -d -p 80:8080 nerve
NERVE Dashboard |
Links: