Nmap can perform scans using Lua scripts. Lua script files end in .nse, so you can list the available scripts by using locate *.nse, where you will find that the scripts are located in the /usr/share/nmap/scripts/ directory.
What would be the Nmap command syntax to check whether the DVWA machine is vulnerable to the denial of service attack disclosed in CVE-2009-3103?