A pretty sweet vulnerability scanner
Alternatives To Flan
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Harbor20,1911520 hours ago255June 28, 2022571apache-2.0Go
An open source trusted cloud native registry project that stores, signs, and scans content.
Trivy17,5922511 hours ago176September 16, 2022187apache-2.0Go
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Checkov5,62042 days ago2,207July 07, 2022153apache-2.0Python
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Terrascan4,07112 days ago58June 13, 2022185apache-2.0Go
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Kube Hunter4,03026 months ago17May 12, 202268apache-2.0Python
Hunt for security weaknesses in Kubernetes clusters
a year ago22bsd-3-clausePython
A pretty sweet vulnerability scanner
Dockle2,361123 days ago68July 23, 202227apache-2.0Go
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
3 days ago14June 13, 202226apache-2.0Go
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
3 days ago33July 06, 202228apache-2.0Go
Security risk analysis for Kubernetes resources
Kube Scan734
6 months ago36mitGo
kube-scan: Octarine k8s cluster risk assessment tool
Alternatives To Flan
Select To Compare

Alternative Project Comparisons

Flan Scan is a lightweight network vulnerability scanner. With Flan Scan you can easily find open ports on your network, identify services and their version, and get a list of relevant CVEs affecting your network.

Flan Scan is a wrapper over Nmap and the vulners script which turns Nmap into a full-fledged network vulnerability scanner. Flan Scan makes it easy to deploy Nmap locally within a container, push results to the cloud, and deploy the scanner on Kubernetes.

Getting Started

  1. Clone this repository

  2. Make sure you have docker setup:

$ docker --version
  1. Add the list of IP addresses or CIDRS you wish to scan to shared/ips.txt.

  2. Build the container:

$ make build
  1. Start scanning!
$ make start

By default flan creates Latex reports, to get other formats run:

$ make html

Additional supported formats are md (markdown), html and json.

When the scan finishes you will find the reports summarizing the scan in shared/reports. You can also see the raw XML output from Nmap in shared/xml_files.

Custom Nmap Configuration

By default Flan Scan runs the following Nmap command:

$ nmap -sV -oX /shared/xml_files -oN - -v1 [email protected] --script=vulners/vulners.nse <ip-address>

The -oX flag adds an XML version of the scan results to the /shared/xml_files directory and the -oN - flag outputs "normal" Nmap results to the console. The -v1 flag increases the verbosity to 1 and the -sV flag runs a service detection scan (aside from Nmap's default port and SYN scans). The --script=vulners/vulners.nse is the script that matches the services detected with relevant CVEs.

Nmap also allows you to run UDP scans and to scan IPv6 addresses. To add these and other flags to Flan Scan's Nmap command after running make build run the container and pass in your Nmap flags like so:

$ docker run -v $(CURDIR)/shared:/shared flan_scan <Nmap-flags>

Pushing Results to the Cloud

Flan Scan currently supports pushing Latex reports and raw XML Nmap output files to a GCS Bucket or to an AWS S3 Bucket. Flan Scan requires 2 environment variables to push results to the cloud. The first is upload which takes one of two values gcp or aws. The second is bucket and the value is the name of the S3 or GCS Bucket to upload the results to. To set the environment variables, after running make build run the container setting the environment variables like so:

$ docker run --name <container-name> \
             -v $(CURDIR)/shared:/shared \
             -e upload=<gcp or aws> \
             -e bucket=<bucket-name> \
             -e format=<optional, one of: md, html or json> \

Below are some examples for adding the necessary AWS or GCP authentication keys as environment variables in container. However, this can also be accomplished with a secret in Kubernetes that exposes the necessary environment variables or with other secrets management tools.

Example GCS Bucket Configuration

Copy your GCS private key for a service account to the /shared file

$ cp <path-to-local-gcs-key>/key.json shared/

Run the container setting the GOOGLE_APPLICATION_CREDENTIALS environment variable as the path to the GCS Key

$ docker run --name <container-name> \
             -v $(CURDIR)/shared:/shared \
             -e upload=gcp \
             -e bucket=<bucket-name> \
             -e GOOGLE_APPLICATION_CREDENTIALS=/shared/key.json
             -e format=<optional, one of: md, html or json> \

Example AWS S3 Bucket Configuration

Set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables to the corresponding variables for your S3 service account.

docker run --name <container-name> \
           -v $(CURDIR)/shared:/shared \
           -e upload=aws \
           -e bucket=<s3-bucket-name> \
           -e AWS_ACCESS_KEY_ID=<your-aws-access-key-id> \
           -e AWS_SECRET_ACCESS_KEY=<your-aws-secret-access-key> \
           -e format=<optional, one of: md, html or json> \

Deploying on Kubernetes

When deploying Flan Scan to a container orchestration system, such as Kubernetes, you must ensure that the container has access to a file called ips.txt at the directory /. In Kubernetes, this can be done with a ConfigMap which will mount a file on your local filesystem as a volume that the container can access once deployed. The kustomization.yaml file has an example of how to create a ConfigMap called shared-files. This ConfigMap is then mounted as a volume in the deployment.yaml file.

Here are some easy steps to deploy Flan Scan on Kubernetes:

  1. To create the ConfigMap add a path to a local ips.txt file in kustomization.yaml and then run kubectl apply -k ..
  2. Now run kubectl get configmap to make sure the ConfigMap was created properly.
  3. Set the necessary environment variables and secrets for your cloud provider within deployment.yaml.
  4. Now run kubectl apply -f deployment.yaml to launch a deployment running Flan Scan.

Flan Scan should be running on Kubernetes successfully!

Popular Scanner Projects
Popular Kubernetes Projects
Popular Security Categories

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Environment Variables