Security Basics mailing list archives
Re: Seeking NMAP Version Detection dataset
From: Nick Besant <lists () hwf cc>
Date: Tue, 06 Nov 2012 10:00:33 +0000
Hi. A couple of suggestions; 1. Download the source code for nmap and have a browse to see how the fingerprinting works - [1] 2. Quick search for "nmap fingerprint database" shows up a BackTrack-specific shell script [2] which includes a reference to [3]<https://svn.nmap.org/nmap/nmap-os-db>, which is a copy of the database (part of the source tree from 1 above) [1] http://nmap.org/download.html [2] http://www.backtrack-linux.org/forums/showthread.php?t=28006 [3] https://svn.nmap.org/nmap/nmap-os-db Regards Nick On 06/11/2012 00:37, billy wrote:
Hi, I'm working on a project for school which involves correlating version detection output from NMAP with a local copy of OSVDB to identify (possible) vulnerabilities quickly. Thus far I have been able to run NMAP against 'metasploitable' as well as other similar environments I have the resources to simulate, but this provides a very limited basis for testing. I am seeking a large dataset of NMAP version detection output, especially for proprietary products that I do not have the financial resources to obtain. I was hoping that nmap's source code would contain something to but the file 'nmap-service-probes' is composed of intense regular expressions and even if I took the time to read them all and write out the possibilities I'm apprehensive to do so for two reasons: humans make mistakes and my time to work on this is limited. The Nmap Fingerprint Database (http://insecure.org/cgi-bin/submit.cgi?new-service) looks like it has what I am looking for, but I can only find a submit fingerprint page, it does not appear to have public lookup/browsing capability. If anyone has any suggestions, even if it's a relatively incomplete list of versions nmap can detect, please let me know. If this was the incorrect place to post this and anyone has a suggestion on where else I could ask this question also let me know. Thank you for reading, Bill ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Seeking NMAP Version Detection dataset billy (Nov 06)
- Re: Seeking NMAP Version Detection dataset Jerome Athias (Nov 06)
- Re: Seeking NMAP Version Detection dataset Nick Besant (Nov 06)