Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bringing CPE to NSE

From: David Fifield <david () bamsoftware com>
Date: Sat, 22 Oct 2011 11:09:32 -0700
On Tue, Oct 18, 2011 at 11:16:16PM +0200, Henri Doreau wrote:

Hello,

now that nmap is CPE-aware[1] it would be interesting to let NSE see
(and eventually set) CPEs. I am thinking about the best API for that.
I've experimented some things but I'm not entirely satisfied with the
API and would like to discuss it here to gather comments and
suggestions.

My approach was to add a new "cpe" table to port.version, table that
could contain three items: one slot per CPE type actually.
  - application (named "app")
  - operating system (named "os")
  - hardware (named "hw")

Another option would be to directly add the CPEs as fields of
port.version ("app_cpe", "os_cpe" and "hw_cpe" for instance).
In both cases, the CPEs can be set/modified from within a script by
calling set_port_version(), just like the other version detection
fields.


I would prefer not to explicitly separate the different CPE parts. It
may be desirable to have more than one app, for example. I suggest
having a flat list to store CPEs (perhaps enforcing new duplicates).

I guess it should just be a list of strings. We can provide auxiliary
functions to parse a CPE URL into a table, and convert a table back into
a string.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: