Nmap Development mailing list archives

[NSE] Vulnerability Scan based on osvdb


From: Marc Ruef <marc.ruef () computec ch>
Date: Wed, 19 May 2010 13:10:40 +0200

Hello,

I am currently working on a neat little nmap nse script. It uses the version detection module of nmap to lookup potential flaws within the offline csv export of osvdb. A first version of this script is running already :) [1]

The basic idea is to use the version detection in port.version.product and port.version.version to get the known vulnerabilities[2]. I am going to match those with the offline cve export of osvdb[3].

As mentioned before in [4], there is some trouble regarding the coherence of product names (especially between different sources). For example:

* nmap determines Apache as "Apache httpd" and osvdb uses "Apache" (id1800 in object_products). * nmap determines IIS as "Microsoft IIS httpd" and osvdb uses "IIS" (id1778 in object_products).

Thus, it is not easy to match the products between those two sources. I am currently using an intermediate lookup table which considers the individual patterns. This is not that easy because there are many different product names to review (but I am expecting most of them are similar). However, my two questions are:

1) Has somebody done such a match table before and is able to share the results?

2) Does it make sense to follow the patterns of osvdb and replace them in nmap (or vice versa)?

Regards,

Marc

[1] http://www.computec.ch/mruef/software/screenshot_nmap_nse_vulscan_with_osvdb.png
[2] http://nmap.org/book/nse-api.html
[3] http://osvdb.org/database_info
[4] http://seclists.org/nmap-dev/2010/q2/337

--
Marc Ruef | marc.ruef () computec ch | http://www.computec.ch/mruef/
_________________________________________________________________
Meine letzte Publikation: "Potentielle, existente, ausnutzbare oder ausgenutzte Schwachstellen" http://www.computec.ch/news.php?item.328
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Current thread: