Quickstart

Basic scan

Run a basic scan against a host:

driftmux --host example.org

Scan a specific IP:

driftmux --host 205.87.65.183

Specify ports manually

If service discovery is unstable or the target is behind filtering, pass known ports explicitly:

driftmux --host example.org --ports 80,443,22

This avoids relying on a discovery pass and tells Nmap exactly which ports should be inspected.

Use a profile

Passive profile:

driftmux --host example.org --profile passive

Fast profile:

driftmux --host example.org --profile fast

Deep profile:

driftmux --host example.org --profile deep

Use NVD enrichment

Run a scan and only keep vulnerabilities above a given CVSS threshold:

driftmux --host example.org \
  --vuln-backend nvd \
  --min-cvss 7.0

Run Nmap scripts

You can pass Nmap scripts to improve fingerprinting for web services:

driftmux --host example.org \
  --ports 80,443,8443 \
  --nmap-script http-title,http-server-header,http-headers,ssl-cert

Output

A typical console result looks like this:

[205.87.65.183] Services: 1 | Findings: 4 | Errors: 1

• 22/tcp ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.16 [ssh]

• CRITICAL nvd: CVE-2008-3844 affects OpenSSH

• HIGH nvd: CVE-2024-6387 affects OpenSSH

• HIGH nvd: CVE-2026-35385 affects OpenSSH

• HIGH nvd: CVE-2023-51767 affects OpenSSH

The JSON report is saved under:

reports/driftmux-report.json