Re: Seeking NMAP Version Detection dataset

[Nick Besant <lists () hwf cc>]

Hi. 

A couple of suggestions;

1. Download the source code for nmap and have a browse to see how the
fingerprinting works - [1]
2. Quick search for "nmap fingerprint database" shows up a
BackTrack-specific shell script [2] which includes a reference to
[3]<https://svn.nmap.org/nmap/nmap-os-db>, which is a copy of the
database (part of the source tree from 1 above)
 
[1] http://nmap.org/download.html
[2] http://www.backtrack-linux.org/forums/showthread.php?t=28006
[3] https://svn.nmap.org/nmap/nmap-os-db


Regards

Nick



On 06/11/2012 00:37, billy wrote:

> Hi,
> I'm working on a project for school which involves correlating version
> detection output from NMAP with a local copy of OSVDB to identify
> (possible) vulnerabilities quickly. Thus far I have been able to run
> NMAP against 'metasploitable' as well as other similar environments I
> have the resources to simulate, but this provides a very limited basis
> for testing.
>
> I am seeking a large dataset of NMAP version detection output,
> especially for proprietary products that I do not have the financial
> resources to obtain.  I was hoping that nmap's source code would
> contain something to but the file 'nmap-service-probes' is composed of
> intense regular expressions and even if I took the time to read them
> all and write out the possibilities I'm apprehensive to do so for two
> reasons: humans make mistakes and my time to work on this is limited.
>
> The Nmap Fingerprint Database
> (http://insecure.org/cgi-bin/submit.cgi?new-service) looks like it has
> what I am looking for, but I can only find a submit fingerprint page,
> it does not appear to have public lookup/browsing capability.
>
> If anyone has any suggestions, even if it's a relatively incomplete
> list of versions nmap can detect, please let me know.
>
> If this was the incorrect place to post this and anyone has a
> suggestion on where else I could ask this question also let me know.
>
> Thank you for reading,
> Bill
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------