Introducing Flan Scan: Cloudflare’s Lightweight Network Vulnerability Scanner

Cloudflare has open-sourced Flan Scan, its lightweight network vulnerability scanner built as a wrapper around Nmap. The company developed Flan Scan after two unsuccessful attempts at using industry standard scanners for compliance scans. It is designed to accurately detect services on the network and then look up those services in a database of CVEs to find relevant vulnerabilities. Flan Scan also includes features that make it easy to deploy across large networks, such as running inside a Docker container and support for pushing results to Google Cloud Storage or S3 buckets. The tool has improved Cloudflare's network security by revealing outdated software versions and vulnerable instances of PostgreSQL.