Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Release of nmap nse vulscan 1.0, CPE coverage
From: David Fifield <david () bamsoftware com>
Date: Fri, 26 Jul 2013 16:41:54 -0700

On Tue, Jun 25, 2013 at 07:08:42AM +0200, Marc Ruef wrote:
As some of you might remember, I have published a NSE script back in
2010, which added a vulnerability scanning feature to Nmap[1].

I've been doing a complete re-write of the script, which introduces
some neat features:

* Much better performance and accuracy of search engine
* Deployment of scip VulDB, CVE, OSVDB, SecurityFocus, Secunia and
Securitytracker
* Correlated analysis of all available databases in the same run
* Support for single database scan mode (vulscandb)
* Support for your own CSV-based vulnerability database
* Support of dynamic report templates (vulscanoutput)
* Intelligent interactive mode remembers your definitions per
session (vulscaninteractive)
* Full support for Nmap 5.x/6.x on Linux and Windows
* More debug output possible (-d1)
* Better error handling

You're able to download the latest release of Nmap NSE Vulscan 1.0
here:
http://www.computec.ch/mruef/software/nmap_nse_vulscan-1.0.tar.gz

Further details about usage and data processing are available in the
description field of the script and in my blog post about the
release: http://www.scip.ch/en/?labs.20130625

Good work on this release, Marc.

Would better CPE coverage in nmap-service-probes help you? We have a
program, cpeify-os.py, that automatically adds CPE entries for lots of
common OS and hardware name patterns to nmap-os-db. I think a similar
program for nmap-service-probes could greatly increase coverage without
very much effort.

I'm attaching the cpeify-os.py and sv-tidy.py programs. sv-tidy is a
program that can parse nmap-service-probes. My idea is to copy the CPE
guessing code from cpeify-os into sv-tidy, and have sv-tidy
automatically add CPE templates where possible. What do you think?

CPE templates that are automatically added like this have a special "a"
flag (for "automatic"), like this:
         cpe:/a:proftpd:proftpd/a
That way, the program can know what existing CPE is safe to replace. If
a template lacks the "a" flag, it was added by a human and shouldn't be
overwritten.

David Fifield

Attachment: cpeify-os.py
Description:

Attachment: sv-tidy.py
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]