Nmap Development mailing list archives
Re: [RFC] Vulnerability library proposal
From: Henri Doreau <henri.doreau () greenbone net>
Date: Sun, 7 Aug 2011 18:59:06 +0200
Hello, 2011/8/7 Rob Nicholls <robert () robnicholls co uk>:
Is it possible we can parse the IDS values to automatically create the references for popular IDs (e.g. CVE, OSVDB)? Otherwise you're duplicating holding 'CVE-2010-4344' and 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344' (this also ensures that people adding an OSVDB such as 69860 won't need to remember to also add the corresponding URL as a reference, which appears to have been missed in one of your examples).
Good point, that would be a simple and very useful feature.
[...] This probably goes outside the scope, but what would the XML output look like? It'd be great if we could somehow use the internal tags to create XML tags to easily identify the state/risk factor/references etc. (to save us from having to parse all of the script output first).
This is one of the long term goal, having vulnerabilities clearly identified within the XML output. So far we haven't discussed the format that this might have (or maybe do you Djalal have ideas about it?) but the plan was to make extensive use of stdnse.format_output() so that the vulns lib would benefit any improvement there.
Rob
Regards. -- Henri Doreau | Greenbone Networks GmbH | http://www.greenbone.net Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC] Vulnerability library proposal Djalal Harouni (Aug 06)
- RE: [RFC] Vulnerability library proposal Rob Nicholls (Aug 07)
- Re: [RFC] Vulnerability library proposal Henri Doreau (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- Re: [RFC] Vulnerability library proposal Daniel Miller (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- Re: [RFC] Vulnerability library proposal Henri Doreau (Aug 09)
- RE: [RFC] Vulnerability library proposal Rob Nicholls (Aug 07)
- Re: [RFC] Vulnerability library proposal Christian Heinrich (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- Re: [RFC] Vulnerability library proposal Christian Heinrich (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- RE: [RFC] Vulnerability library proposal Rob Nicholls (Aug 09)
- Re: [RFC] Vulnerability library proposal Christian Heinrich (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)