Apr 23, 2022

Network Exploitation, Reconnaissance & Vulnerability Engine

NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and un-patched services. 

It does not do authenticated scans. And it operates in black-box mode and do "some" CVE checks based on fingerprinting.

Example of some of NERVE's detection capabilities:    

  • Subdomain takeovers
  • Information Disclosures
  • Misconfigurations in services (Nginx, Apache, IIS, etc.)
  • Open Databases or Caches

There are 2 ways to setup NERVE: docker or standalone server. Here, I just document how I setup NERVE in docker.

$ git clone http://github.com/PaytmLabs/nerve

$ cd nerve

$ docker build -t nerve .

$ docker run -e username="admin" -e password="pass1234" -d -p 80:8080 nerve

NERVE Dashboard


Links: