Re: CVE Security vulnerability database web site

[YGN Ethical Hacker Group <lists () yehg net>]

Hi Serkan

Thanks for your great effort and time.

One suggestion,
It's good to see if the site has its own indexing database for our
extensive search .

Currently the site is not search-engine friendly.
Google and a bit of others haven't indexed all pages, which triggers
our search no result page.

Please use .htaccess mod_rewrite rules for search-engine friendly url.

For example,

http://securityvulnerability.net/vendor.php?vendor_id=26&vendor=Microsoft

Then, it will be

http://securityvulnerability.net/vendor/26/Microsoft

This can be done in rule like:

RewriteRule ^/?vendor/([0-9_]+)/([a-zA-Z_]+)$ vendor.php?vendor_id=$1&vendor=$2




---------------------------------
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd



2010/5/19 Josh <joshmunson () gmail com>:
> Very nice. Thank you for your contribution, for this will be a very
> useful feature for all.
>
> 2010/5/14 Serkan Özkan <serkanozkan () gmail com>:
> > Hi again,
> > I added related metasploit modules pages for vendors, products and
> > versions. For example you can view list of metasploit modules related
> > to mac os x, sample here :
> > http://securityvulnerability.net/metasploit-modules.php?product_id=156
> > I added list of related metasploit modules to the bottom of cve
> > details page, so you can view metasploit modules related to a cve
> > entry easily.
> > I also added a one click nessus plugin search link to cve details
> > page, clicking to the nessus logo at cve details page takes you
> > directly to nessus plugin search results page.
> > That's all for now. These should make things much easier.
> >
> > Regards
> > Serkan Özkan
> >
> >
> > 2010/5/13 Serkan Özkan <serkanozkan () gmail com>:
> > > Hi,
> > > Adding references to tools may be possible if vendors publish mappings
> > > of their plugins to cve numbers. Even if such mappings exist at the
> > > moment they are in completely different formats; published at their
> > > web sites as a webpage or emailed to subscribers. So it's hard to
> > > automatically map those data to cve entries, and cover many tool
> > > references.
> > >
> > > I checked metasploit and nessus plugin/module data. I will add
> > > references to metasploit modules in a few days using the cve numbers
> > > associated with modules, as listed at
> > > http://www.metasploit.com/framework/modules.
> > > Nessus plugin data are huge compared to metasploit modules so that's a
> > > bit more complicated. First of all I will add a link to cve details
> > > page to the plugin search page at Nessus web site,
> > > http://www.nessus.org/plugins/index.php?view=search, it's not a big
> > > deal but may save you a few seconds. I will see what I can do later.
> > >
> > > Regards
> > > Serkan Özkan
> > >
> > > 2010/5/12 YGN Ethical Hacker Group <lists () yehg net>:
> > > > As far as we see,  only exploit-db.com and packetstorm have timely exploits.
> > > > However, these two sites cannot have complete exploit references.
> > > >
> > > > A lot of exploits are scattered across forums, individual hacker sites/blogs,
> > > > group hacker sites/blogs or some are featured as zero-day in
> > > > presentations in unknown/known
> > > > hacker/security conferences or informal meetups, also in security
> > > > companies' research > advisories sections.
> > > >
> > > > We've listed some of those sites:
> > > > http://yehg.net/hwd/?id=c&go=122  [Advisories]
> > > > http://yehg.net/hwd/?id=c&go=58  [Exploits]
> > > >
> > > > Your linking to vulnerability with available exploits is reasonable.
> > > > But sometimes, those listed exploits might not work/might have
> > > > backdoors/might not be trusted unless re-tested/re-coded/sanitized.
> > > > Also, running each exploit for each vulnerability might be a pain or
> > > > time consuming for pen tester as we usually/always have to pentest in
> > > > very limited time frame.
> > > > So, what we wish you is to link vulnerabilities to integrated
> > > > scanners/exploiters such as
> > > > - Nessus
> > > > - Metasploit
> > > > - Some scanners dedicated to one stuff (e.g., Tool ABC can check all
> > > > vulnerabilities of Product XYZ )
> > > >
> > > > So, upon seeing a vulnerability, we all can ensure that
> > > > Nessus/Metasploit/Tool ABC can cover this.
> > > > This can be achieved by community means or can be done with the aid of
> > > > intelligent data miner and analyzer.
> > > >
> > > >
> > > >
> > > > ---------------------------------
> > > > Best regards,
> > > > YGN Ethical Hacker Group
> > > > Yangon, Myanmar
> > > > http://yehg.net
> > > > Our Lab | http://yehg.net/lab
> > > > Our Directory | http://yehg.net/hwd
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review Board
> >
> > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> > and CEPT certs require a full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------