Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Release of nmap nse vulscan 1.0, CPE coverage
From: David Fifield <david () bamsoftware com>
Date: Fri, 26 Jul 2013 16:41:54 -0700

On Tue, Jun 25, 2013 at 07:08:42AM +0200, Marc Ruef wrote:
As some of you might remember, I have published a NSE script back in
2010, which added a vulnerability scanning feature to Nmap[1].

I've been doing a complete re-write of the script, which introduces
some neat features:

* Much better performance and accuracy of search engine
* Deployment of scip VulDB, CVE, OSVDB, SecurityFocus, Secunia and
* Correlated analysis of all available databases in the same run
* Support for single database scan mode (vulscandb)
* Support for your own CSV-based vulnerability database
* Support of dynamic report templates (vulscanoutput)
* Intelligent interactive mode remembers your definitions per
session (vulscaninteractive)
* Full support for Nmap 5.x/6.x on Linux and Windows
* More debug output possible (-d1)
* Better error handling

You're able to download the latest release of Nmap NSE Vulscan 1.0

Further details about usage and data processing are available in the
description field of the script and in my blog post about the
release: http://www.scip.ch/en/?labs.20130625

Good work on this release, Marc.

Would better CPE coverage in nmap-service-probes help you? We have a
program, cpeify-os.py, that automatically adds CPE entries for lots of
common OS and hardware name patterns to nmap-os-db. I think a similar
program for nmap-service-probes could greatly increase coverage without
very much effort.

I'm attaching the cpeify-os.py and sv-tidy.py programs. sv-tidy is a
program that can parse nmap-service-probes. My idea is to copy the CPE
guessing code from cpeify-os into sv-tidy, and have sv-tidy
automatically add CPE templates where possible. What do you think?

CPE templates that are automatically added like this have a special "a"
flag (for "automatic"), like this:
That way, the program can know what existing CPE is safe to replace. If
a template lacks the "a" flag, it was added by a human and shouldn't be

David Fifield

Attachment: cpeify-os.py

Attachment: sv-tidy.py

Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]