Nmap Development mailing list archives
Re: [NSE] Vulnerability Scan based on osvdb
From: David Fifield <david () bamsoftware com>
Date: Wed, 19 May 2010 10:53:01 -0600
On Wed, May 19, 2010 at 01:10:40PM +0200, Marc Ruef wrote:
I am currently working on a neat little nmap nse script. It uses the version detection module of nmap to lookup potential flaws within the offline csv export of osvdb. A first version of this script is running already :) [1] The basic idea is to use the version detection in port.version.product and port.version.version to get the known vulnerabilities[2]. I am going to match those with the offline cve export of osvdb[3]. As mentioned before in [4], there is some trouble regarding the coherence of product names (especially between different sources). For example: * nmap determines Apache as "Apache httpd" and osvdb uses "Apache" (id1800 in object_products). * nmap determines IIS as "Microsoft IIS httpd" and osvdb uses "IIS" (id1778 in object_products). Thus, it is not easy to match the products between those two sources. I am currently using an intermediate lookup table which considers the individual patterns. This is not that easy because there are many different product names to review (but I am expecting most of them are similar). However, my two questions are: 1) Has somebody done such a match table before and is able to share the results? 2) Does it make sense to follow the patterns of osvdb and replace them in nmap (or vice versa)?
I'm not aware of any mapping between Nmap-style names and OSVDB names. Nmap's names are meant to be human-readable, so they sometimes have a description of the server type along with the name. There are still probably inconsistencies in Nmap's database with regard to naming. If OSVDB's is more consistent, then I would recommend mapping Nmap names to OSVDB names. There was a proposal to use Common Platform Enumeration (CPE) in Nmap version and OS output, but it didn't promise to bring much benefit and no one implemented it. I admit something like that would make it easier to do machine matching against a database. http://seclists.org/nmap-dev/2008/q4/626 David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Vulnerability Scan based on osvdb Marc Ruef (May 19)
- Re: [NSE] Vulnerability Scan based on osvdb David Fifield (May 19)
- Re: [NSE] Vulnerability Scan based on osvdb Marc Ruef (May 19)
- Re: [NSE] Vulnerability Scan based on osvdb David Fifield (May 20)
- Re: [NSE] Vulnerability Scan based on osvdb Marc Ruef (May 20)
- Re: [NSE] Vulnerability Scan based on osvdb David Fifield (May 21)
- Re: [NSE] Vulnerability Scan based on osvdb Marc Ruef (May 21)
- Re: [NSE] Vulnerability Scan based on osvdb Marc Ruef (May 19)
- Re: [NSE] Vulnerability Scan based on osvdb David Fifield (May 19)