Finding Vulnerabilities in the NVD
Explore how to utilize the National Vulnerability Database to identify known vulnerabilities in network services. Learn to perform manual and API-based searches, interpret JSON results, and extract CVE IDs to enhance your custom vulnerability scans.
Introduction to the NVD
Previously, we used terminal utilities and Python to grab service banners that provide information about the programs running on the target system. In this lesson, we’ll use the National Vulnerability Database (NVD) to determine if services contain exploitable vulnerabilities.
The NVD is maintained by the National Institute of Standards and Technology (NIST) and contains a complete listing of all publicly reported vulnerabilities. The search page is shown below.
As shown above, the search page allows users to perform a keyword search against the Common ...