Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Shodan exploits database library (and demo script)

From: Fyodor <fyodor () insecure org>
Date: Sun, 12 Dec 2010 11:37:02 -0800
On Sun, Dec 12, 2010 at 12:19:29PM +0100, Gutek wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just an update. As promised, I've started working from scratch on a real
exploits search script.


Great!


This gives something like this (example from one of the dozen exploits
matching "apache"):
NSE: [EXPLOIT VERSION]
2.0.52                                                                                                  
 
NSE: [NUMERIZE]  i=1
k=2(2)                                                                                
 
NSE: [NUMERIZE]  i=2
k=0(0)                                                                                
 
NSE: [NUMERIZE]  i=3
k=52(17.333333333333)                                                                 
 
NSE: [NUMERIZE] serial=19.333333333333


I'm not sure that this will work well.  For example, Apache 2.2.17 is
much newer and yet would only get a value of 9.67 (2/1 + 2/2 + 17/3).
In general, after you split the version numb in to segments like "2",
"2", "17", I think a higher value in an earlier segment should
overrule a higher value in a later segment.  So I'd count 2.2.17
higher than even 2.1.999.  Maybe you rather than divide the values by
i above, you should divide by something like a million to the i power.
Or maybe a better interface would talke both version numbers and
return a value whether the test one is less, equal to, or more than
the reference.  After all, version numbers can have a lot of
compexity.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: