This simple script uses open source software (nmap, vFeed and DPE) and performs almost same task as Nessus or AVDS.

• vFeed - Aggregated Vulnerability Database - http://www.toolswatch.org/vfeed/
• DPE - Default Password Enumeration - http://www.toolswatch.org/dpe/

install

Debian/Ubuntu required packages:

$ sudo apt-get install nmap python2.7 php5-cli php5-sqlite -y

$ git clone https://github.com/adamziaja/vulnerability-check
$ git clone https://github.com/toolswatch/vFeed.git && cd vFeed/ && python vfeedcli.py update && cd ..
$ mkdir dpe && cd dpe && wget http://www.toolswatch.org/dpe/dpeparser.py && python dpeparser.py -u && cd ../vulnerability-check/

vulnerability check

$ nmap -sV scanme.nmap.org -oX scanme.xml
$ php vc.php ../vFeed/vfeed.db ../dpe/dpe_db.xml scanme.xml
https://github.com/adamziaja/vulnerability-check
(C) 2013 Adam Ziaja <adam@adamziaja.com> http://adamziaja.com

74.207.244.221
cpe:/a:openbsd:openssh:5.3p1
cpe:/a:apache:http_server:2.2.14
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6750
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2939
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0408
The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
[...]

$ php vc.php ../vFeed/vfeed.db ../dpe/dpe_db.xml 192.168.13.37.xml
https://github.com/adamziaja/vulnerability-check
(C) 2013 Adam Ziaja <adam@adamziaja.com> http://adamziaja.com

192.168.13.37
cpe:/a:apache:axis2:1.5.2
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0219
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5785
Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
username=admin password=axis2

(username and password from CVE-2010-0219)