Nmap Development mailing list archives

Re: [NSE] Release of nmap nse vulscan 1.0, CPE coverage

From: Marc Ruef <marc.ruef () computec ch>
Date: Wed, 31 Jul 2013 15:05:45 +0200

Hello David,

You're able to download the latest release of Nmap NSE Vulscan 1.0
here:
http://www.computec.ch/mruef/software/nmap_nse_vulscan-1.0.tar.gz


Good work on this release, Marc.

Thanks for your kind words! I'm currently working on release 2.0, whichwill take version numbers into consideration. It will be released at thenew project web site at http://www.computec.ch/projekte/vulscan/

Would better CPE coverage in nmap-service-probes help you? We have a
program, cpeify-os.py, that automatically adds CPE entries for lots of
common OS and hardware name patterns to nmap-os-db. I think a similar
program for nmap-service-probes could greatly increase coverage without
very much effort.

OS information isn't very useful at the moment (although I'm going tosupport it in a later release) ...

I'm attaching the cpeify-os.py and sv-tidy.py programs. sv-tidy is a
program that can parse nmap-service-probes. My idea is to copy the CPE
guessing code from cpeify-os into sv-tidy, and have sv-tidy
automatically add CPE templates where possible. What do you think?

... but CPE info for services would be brilliant! Some vulnerabilitydatabases support CPE "by default". Examples:


* NIST - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1534
* scip VulDB - http://www.scip.ch/en/?vuldb.8293

I'd have to enhance the db file format, to work with CPE values. Butthis would highly improve the accuracy.

CPE templates that are automatically added like this have a special "a"
flag (for "automatic"), like this:
         cpe:/a:proftpd:proftpd/a
That way, the program can know what existing CPE is safe to replace. If
a template lacks the "a" flag, it was added by a human and shouldn't be
overwritten.


Nice feature!

Regards,
        
Marc

--
Marc Ruef | marc.ruef () computec ch | http://www.computec.ch/mruef/
_________________________________________________________________

Meine letzte Publikation: "Anfang und Ende eines Security Tests"http://www.computec.ch/news.php?item.405

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: [NSE] Release of nmap nse vulscan 1.0, CPE coverage David Fifield (Jul 26)
- Re: [NSE] Release of nmap nse vulscan 1.0, CPE coverage Marc Ruef (Jul 31)