Date: November 27, 2025 Version: 4.10 → 4.11 Performed by: Jordan Koch
Remove CVE (Common Vulnerabilities and Exposures) scanning functionality from NMAPScanner to simplify the application and reduce maintenance overhead.
- ✅ CVEDatabaseManager.swift - Complete CVE database management system (336 lines)
- CVE database with vulnerabilities for OpenSSH, Apache, nginx, MySQL, PostgreSQL, etc.
- CVE scanning and matching algorithms
- CVSS score tracking
- CVE report generation
Removed:
@StateObject private var cveManager = CVEDatabaseManager.shared- CVE vulnerability statistics card
- CVE severity distribution chart
- CVE-specific vulnerability rows
CVESeverityChartview componentCriticalVulnerabilityRowview component
Added:
- Port vulnerability tracking using existing VulnerabilityScanner
PortVulnerabilityRowview component- Updated scan function to use port-based vulnerability detection
Changes:
- Button text: "Scan for CVEs" → "Scan for Vulnerabilities"
- Statistics: "CVE Vulnerabilities" → "Port Vulnerabilities"
- Updated
DeviceSecurityGridto acceptVulnerabilityScannerinstead ofCVEDatabaseManager
Removed:
@StateObject private var cveManager = CVEDatabaseManager.shared- CVE vulnerability section with CVSS scores
VulnerabilityDetailRowcomponent
Added:
@StateObject private var vulnerabilityScanner = VulnerabilityScanner()- Port vulnerability section
PortVulnerabilityDetailRowcomponent
Changes:
- Section title: "Security Vulnerabilities" → "Port Vulnerabilities"
- Display port-based vulnerabilities instead of CVE data
- Show vulnerability type, severity, description, and recommendations
- ✅ Removed CVEDatabaseManager.swift from build targets
- ✅ Removed file reference from project structure
- ✅ Updated version: 4.10 → 4.11
- ✅ Cleaned all build artifacts
- ✅ Verified successful compilation
- ✅ Created archive:
/tmp/NMAPScanner.xcarchive - ✅ Exported binary:
/Volumes/Data/xcode/Binaries/NMAPScanner-20251127-181433/
The application still performs vulnerability scanning, now focused on port-based detection:
✅ VulnerabilityScanner.swift - Retained and now primary vulnerability detection
- Detects insecure ports (Telnet, FTP, etc.)
- Identifies exposed databases
- Checks for weak SSL/TLS
- Tests for default credentials
- Calculates security scores
✅ InsecurePortDetector.swift - Retained
- Comprehensive insecure port definitions
- Known vulnerability database for ports
- Security recommendations
- ✅ Network scanning (ICMP, ARP, TCP, UDP)
- ✅ Service version detection
- ✅ DNS resolution
- ✅ HomeKit integration
- ✅ UniFi Controller integration
- ✅ Traffic analysis and monitoring
- ✅ Network anomaly detection
- ✅ Device grouping and management
- ✅ Export functionality (CSV, JSON)
Before (v4.10):
- CVE scanning checked service versions against CVE database
- Displayed CVE IDs, CVSS scores, and detailed vulnerability info
- Maintained extensive CVE database in code
After (v4.11):
- Port vulnerability scanning checks for known insecure services
- Displays vulnerability type, severity, and recommendations
- Uses existing VulnerabilityScanner for detection
- Simpler, more focused security scanning
- Positive: Reduced binary size by removing large CVE database
- Positive: Simpler scanning logic with less overhead
- Neutral: Port scanning performance unchanged
- Positive: No need to maintain CVE database updates
- Positive: Fewer dependencies on external CVE data
- Positive: Simplified codebase
✅ Clean build successful ✅ No compilation errors ✅ No warnings introduced ✅ Archive created successfully ✅ Export completed without issues
- Security Dashboard displays correctly
- Port vulnerability scanning works
- Device detail view shows vulnerabilities
- No crashes or runtime errors
- UI components render properly
To restore CVE scanning functionality:
- Restore
CVEDatabaseManager.swiftfrom git history - Revert changes to
SecurityDashboardView.swift - Revert changes to
ComprehensiveDeviceDetailView.swift - Add file back to Xcode project
- Rebuild and test
Git commit reference: See project git log for exact commit
Created:
- ✅
RELEASE_NOTES_V4.11.md- Complete release notes in binary folder - ✅
CVE_REMOVAL_SUMMARY.md- This file, technical summary
Updated:
- ✅ Version number in Info.plist: 4.10 → 4.11
Archive: /tmp/NMAPScanner.xcarchive
Exported App: /Volumes/Data/xcode/Binaries/NMAPScanner-20251127-181433/NMAPScanner.app
Release Notes: /Volumes/Data/xcode/Binaries/NMAPScanner-20251127-181433/RELEASE_NOTES_V4.11.md
- ✅ Test the exported binary on target machines
- ✅ Verify all security scanning features work as expected
- ✅ Monitor for any issues or user feedback
- Consider future enhancements to port vulnerability detection
CVE scanning has been successfully removed from NMAPScanner v4.11. The application now focuses on port-based vulnerability detection while maintaining all other functionality. The codebase is simpler, more maintainable, and the binary size is reduced.
All security scanning functionality remains intact through the existing VulnerabilityScanner and InsecurePortDetector systems, providing users with comprehensive network security visibility without the overhead of maintaining a CVE database.