Nmap Development mailing list archives
Re: [NSE] Release of nmap nse vulscan 0.6
From: Fyodor <fyodor () insecure org>
Date: Wed, 9 Jun 2010 01:14:57 -0700
On Sat, Jun 05, 2010 at 10:28:23AM +0200, Marc Ruef wrote:
But assuming that can't be found, I think the best idea is to do our own system with signatures designed just for Nmap's needs. That willDavid Fifield and I were discussing adopting CPE earlier[1]. Perhaps we can follow the guidelines. Coincidentally Nessus announced CPE support just a few days after our discussion[2].
I don't yet know enough about CPE to have an opinion on that. If someone had a concrete proposal for how Nmap OS detection and/or Version detection could use CPE, it would definitely be worth investigating. CPE would have to do all the things we need that the old system does, and also provide enough benefits to be worth the major canonicalization effort. The proposal wouldn't have to be massive, but would have to include concrete examples of what the new system would look like and how it would work. Suggestions for the migration would be welcome too.
On the other hand: Why not enhancing the osvdb records with all the correct products-vulnerabilities linking and use this dataset? This would improve both projects at the same time.
That sounds like a good option too. And if we contribute data back to them with their license, maybe they'll let us use all the data under our license.
make it a much smaller and easier project than OSVDB as a whole. I think if we started with a decent DB (even just 100 or 200 key vulnerabilities), we could get community contributions to help maintain it. They key is that it has to start out in a useful enoughDo you think of this feature as completely independent from version detection? Wouldn't it make sense to merge version detection and "vulnerability detection" (e.g. naming conventions, data in the same fingerprint file, etc.)?
Well we would clearly have to use the same names as version detection, but I think we might as well put it in a different file. For example, we might have 100+ version detection signatures for Apache. And we dont' want to augment each of those with the same information. But if we're going to store this information separate from the signatures, we might as well put it in a different file rather than a different place in the same file. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Release of nmap nse vulscan 0.6 Marc Ruef (Jun 03)
- Re: [NSE] Release of nmap nse vulscan 0.6 Fyodor (Jun 04)
- Re: [NSE] Release of nmap nse vulscan 0.6 Marc Ruef (Jun 05)
- Re: [NSE] Release of nmap nse vulscan 0.6 Fyodor (Jun 09)
- Re: [NSE] Release of nmap nse vulscan 0.6 Marc Ruef (Jun 05)
- Re: [NSE] Release of nmap nse vulscan 0.6 Fyodor (Jun 04)
