NERVE is a vulnerability scanner tailored to find low-hanging fruit-level vulnerabilities, in specific application configurations, network services, and unpatched services.
Examples of some of NERVE’s detection capabilities:
- Interesting Panels (Solr, Django, PHPMyAdmin, etc.)
- Subdomain takeovers
- Open Repositories
- Information Disclosures
- Abandoned / Default Web Pages
- Misconfigurations in services (Nginx, Apache, IIS, etc.)
- SSH Servers
- Open Databases
- Open Caches
- Directory Indexing
- Best Practices
The best way to deploy it is to run it against your infrastructure from multiple regions (e.g. multiple instances of NERVE, in multiple countries), and toggle continuous mode so that you can catch short-lived vulnerabilities in dynamic environments/cloud.
For more information about N.E.R.V.E check out the Github page.