Nmap Development mailing list archives
Re: Formal CPE conformance?
From: David Fifield <david () bamsoftware com>
Date: Sat, 22 Oct 2016 10:45:41 -0700
On Fri, Oct 21, 2016 at 03:46:38PM -0600, nnposter wrote:
I have noticed that the service probe file is not always using standard CPE entries. As an example, one entry has been "dlink:dls-2750u". In r36385 I have fixed the obvious typo, changing it to "dlink:dsl-2750u". However, reviewing the official CPE dictionary, the entry should be "d-link:dsl2750u". I can fix this particular one but my question is whether such deviations from official CPE entries are purely accidental or sometimes intentional. Put differently, does Nmap have any dependency on keeping around these custom entries?
You should fix those bugs when you see them. The CPE dictionary itself is full of errors and inconsistencies. In the early days of CPE support I wanted to conform closely with CPE and even took the time to file reports for bugs and omissions in the dictionary. But it wasn't very rewarding as getting anything changed upstream took ages. Not to mention that the majority of nmap-service-probes's devices aren't even present in the dictionary (or at least that's what it was like a few years ago). My philosophy was to make entries match the dictionary when it was obvious and easy, but not to spend an inordinate amount of time on it. As you can see, the official dictionary can't decide whether it should be "dlink" or "d-link": $ zgrep -c 'cpe-item.*/h:dlink:' official-cpe-dictionary_v2.3.xml.gz 11 $ zgrep -c 'cpe-item.*/h:d-link:' official-cpe-dictionary_v2.3.xml.gz 47 It is also confused about whether there should be a hyphen after "dsl": $ zgrep 'cpe-item.*/h:d-link:dsl' official-cpe-dictionary_v2.3.xml.gz <cpe-item name="cpe:/h:d-link:dsl-2640r:-"> <cpe-item name="cpe:/h:d-link:dsl-2641r:-"> <cpe-item name="cpe:/h:d-link:dsl-2730b:c1"> <cpe-item name="cpe:/h:d-link:dsl-2730u:-"> <cpe-item name="cpe:/h:d-link:dsl-2760u-e1:-"> <cpe-item name="cpe:/h:d-link:dsl2740u:-"> <cpe-item name="cpe:/h:d-link:dsl2750u:-">
A related question is whether it is OK to make these corrections directly in nmap-service-probes or is there some upstream source that needs to be updated?
For any CPEs that end in "/a", there is a script that generates them, /nmap-private-dev/misc-scripts/sv-tidy.py For all the rest you can edit nmap-service-probes directly. Incidentally, the related script cpeify-os.py has a mapping of vendor names that maps "D-Link" to "dlink". Presumably that was the prevailing usage in the dictionary at the time the script was written. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Formal CPE conformance? nnposter (Oct 21)
- Re: Formal CPE conformance? David Fifield (Oct 22)