mailing list archives
Re: [NSE] Release of nmap nse vulscan 1.0, CPE coverage
From: Marc Ruef <marc.ruef () computec ch>
Date: Wed, 31 Jul 2013 15:05:45 +0200
You're able to download the latest release of Nmap NSE Vulscan 1.0
Good work on this release, Marc.
Thanks for your kind words! I'm currently working on release 2.0, which
will take version numbers into consideration. It will be released at the
new project web site at http://www.computec.ch/projekte/vulscan/
Would better CPE coverage in nmap-service-probes help you? We have a
program, cpeify-os.py, that automatically adds CPE entries for lots of
common OS and hardware name patterns to nmap-os-db. I think a similar
program for nmap-service-probes could greatly increase coverage without
very much effort.
OS information isn't very useful at the moment (although I'm going to
support it in a later release) ...
I'm attaching the cpeify-os.py and sv-tidy.py programs. sv-tidy is a
program that can parse nmap-service-probes. My idea is to copy the CPE
guessing code from cpeify-os into sv-tidy, and have sv-tidy
automatically add CPE templates where possible. What do you think?
... but CPE info for services would be brilliant! Some vulnerability
databases support CPE "by default". Examples:
* NIST - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1534
* scip VulDB - http://www.scip.ch/en/?vuldb.8293
I'd have to enhance the db file format, to work with CPE values. But
this would highly improve the accuracy.
CPE templates that are automatically added like this have a special "a"
flag (for "automatic"), like this:
That way, the program can know what existing CPE is safe to replace. If
a template lacks the "a" flag, it was added by a human and shouldn't be
Marc Ruef | marc.ruef () computec ch | http://www.computec.ch/mruef/
Meine letzte Publikation: "Anfang und Ende eines Security Tests"
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/