Nmap Development mailing list archives

Re: [NSE] Release of nmap nse vulscan 0.6


From: Fyodor <fyodor () insecure org>
Date: Wed, 9 Jun 2010 01:14:57 -0700

On Sat, Jun 05, 2010 at 10:28:23AM +0200, Marc Ruef wrote:
But assuming that can't be found, I think the best idea is to do our
own system with signatures designed just for Nmap's needs.  That will

David Fifield and I were discussing adopting CPE earlier[1]. Perhaps we 
can follow the guidelines. Coincidentally Nessus announced CPE support 
just a few days after our discussion[2].

I don't yet know enough about CPE to have an opinion on that.  If
someone had a concrete proposal for how Nmap OS detection and/or
Version detection could use CPE, it would definitely be worth
investigating.  CPE would have to do all the things we need that the
old system does, and also provide enough benefits to be worth the
major canonicalization effort.  The proposal wouldn't have to be
massive, but would have to include concrete examples of what the new
system would look like and how it would work.  Suggestions for the
migration would be welcome too.

On the other hand: Why not enhancing the osvdb records with all the 
correct products-vulnerabilities linking and use this dataset? This 
would improve both projects at the same time.

That sounds like a good option too.  And if we contribute data back to
them with their license, maybe they'll let us use all the data under
our license.

make it a much smaller and easier project than OSVDB as a whole.  I
think if we started with a decent DB (even just 100 or 200 key
vulnerabilities), we could get community contributions to help
maintain it.  They key is that it has to start out in a useful enough

Do you think of this feature as completely independent from version 
detection? Wouldn't it make sense to merge version detection and 
"vulnerability detection" (e.g. naming conventions, data in the same 
fingerprint file, etc.)?

Well we would clearly have to use the same names as version detection,
but I think we might as well put it in a different file.  For example,
we might have 100+ version detection signatures for Apache.  And we
dont' want to augment each of those with the same information.  But if
we're going to store this information separate from the signatures, we
might as well put it in a different file rather than a different place
in the same file.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Current thread: