Nmap Development mailing list archives
Re: [NSE] Vulnerability Scan based on osvdb
From: Marc Ruef <marc.ruef () computec ch>
Date: Thu, 20 May 2010 08:44:39 +0200
Hello David,
I am currently working on a neat little nmap nse script. It uses the version detection module of nmap to lookup potential flaws within the offline csv export of osvdb. A first version of this script is running already :) [1]
FYI: The screenshot has been updated and does provide the osvdb id of the finding:
http://www.computec.ch/mruef/software/screenshot_nmap_nse_vulscan_with_osvdb.pngI think I am going to work with dynamic report templates as I did within the ATK project before[1].
I'm not aware of any mapping between Nmap-style names and OSVDB names. Nmap's names are meant to be human-readable, so they sometimes have a description of the server type along with the name.
At the moment I am using the following code to find the best product name match:
--- cut ---
local products_words = explode(" ", product)
for x=#products_words, 1, -1 do
-- Generate a best match string for the product name
for y=1, x, 1 do
if products_wordsearch == "" then
products_wordsearch = products_words[y]
else
products_wordsearch = products_wordsearch .. " " ..
products_words[y]
end
end
end
--- cut ---
It works not bad ;) Thanks to Lee for the suggestions.
There are still probably inconsistencies in Nmap's database with regard to naming. If OSVDB's is more consistent, then I would recommend mapping Nmap names to OSVDB names.
I did also contact the moderators of the osvdb mailing list and they informed me about a potential limitation of osvdb (at the moment; thanks to David for the reply):
> -----Original Message----- > From: David Shettler [mailto:dave () opensecurityfoundation org] > Sent: Thursday, May 20, 2010 2:11 AM > To: Marc Ruef > Cc: moderators () osvdb org > Subject: Re: [OSVDB Mods] [OSVDB] CSV Export Strange Problems > > (...)
object_correlations don't exist for every vulnerability -- mainly because volunteers haven't gotten around to matching up every vuln to a specific vendor/product. I'd rely on titles more than object_correlations and object_vendors, etc.
This means a lookup with high confidence isn't possible anyway. Either way * I have a high confidence but not all matches or* I just grep the title strings, get "all" the matches but with a very limited amount of confidence.
:(
There was a proposal to use Common Platform Enumeration (CPE) in Nmap version and OS output, but it didn't promise to bring much benefit and no one implemented it. I admit something like that would make it easier to do machine matching against a database.
CPE would be great. But I can understand that would require a *huge* effort for both projects. In the meanwhile an independend lookup table seems to be easier to create :(
Regards, Marc [1] http://www.computec.ch/projekte/atk/ -- Marc Ruef | marc.ruef () computec ch | http://www.computec.ch/mruef/ _________________________________________________________________Meine letzte Publikation: "Potentielle, existente, ausnutzbare oder ausgenutzte Schwachstellen" http://www.computec.ch/news.php?item.328
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Vulnerability Scan based on osvdb Marc Ruef (May 19)
- Re: [NSE] Vulnerability Scan based on osvdb David Fifield (May 19)
- Re: [NSE] Vulnerability Scan based on osvdb Marc Ruef (May 19)
- Re: [NSE] Vulnerability Scan based on osvdb David Fifield (May 20)
- Re: [NSE] Vulnerability Scan based on osvdb Marc Ruef (May 20)
- Re: [NSE] Vulnerability Scan based on osvdb David Fifield (May 21)
- Re: [NSE] Vulnerability Scan based on osvdb Marc Ruef (May 21)
- Re: [NSE] Vulnerability Scan based on osvdb Marc Ruef (May 19)
- Re: [NSE] Vulnerability Scan based on osvdb David Fifield (May 19)
