Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Release of nmap nse vulscan 1.0, CPE coverage
From: Marc Ruef <marc.ruef () computec ch>
Date: Wed, 31 Jul 2013 15:05:45 +0200

Hello David,

You're able to download the latest release of Nmap NSE Vulscan 1.0
here:
http://www.computec.ch/mruef/software/nmap_nse_vulscan-1.0.tar.gz

Good work on this release, Marc.

Thanks for your kind words! I'm currently working on release 2.0, which will take version numbers into consideration. It will be released at the new project web site at http://www.computec.ch/projekte/vulscan/

Would better CPE coverage in nmap-service-probes help you? We have a
program, cpeify-os.py, that automatically adds CPE entries for lots of
common OS and hardware name patterns to nmap-os-db. I think a similar
program for nmap-service-probes could greatly increase coverage without
very much effort.

OS information isn't very useful at the moment (although I'm going to support it in a later release) ...

I'm attaching the cpeify-os.py and sv-tidy.py programs. sv-tidy is a
program that can parse nmap-service-probes. My idea is to copy the CPE
guessing code from cpeify-os into sv-tidy, and have sv-tidy
automatically add CPE templates where possible. What do you think?

... but CPE info for services would be brilliant! Some vulnerability databases support CPE "by default". Examples:

* NIST - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1534
* scip VulDB - http://www.scip.ch/en/?vuldb.8293

I'd have to enhance the db file format, to work with CPE values. But this would highly improve the accuracy.

CPE templates that are automatically added like this have a special "a"
flag (for "automatic"), like this:
         cpe:/a:proftpd:proftpd/a
That way, the program can know what existing CPE is safe to replace. If
a template lacks the "a" flag, it was added by a human and shouldn't be
overwritten.

Nice feature!

Regards,
        
Marc

--
Marc Ruef | marc.ruef () computec ch | http://www.computec.ch/mruef/
_________________________________________________________________
Meine letzte Publikation: "Anfang und Ende eines Security Tests" http://www.computec.ch/news.php?item.405
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault