There are automated tools which will find CVE vulnerabilities. Here is an example Tyluur, GitHub - capture0x/CVE-FIND: Cve and Exploit Finder on the target. There are paid ones that are epic/the-best and better free ones than the example here. We used some really good free ones at my school. A typical one is one called metasploit I believe.