Re: [RFC] Vulnerability library proposal

[Henri Doreau <henri.doreau () greenbone net>]

Hello,

2011/8/7 Rob Nicholls <robert () robnicholls co uk>:
> Is it possible we can parse the IDS values to automatically create the
> references for popular IDs (e.g. CVE, OSVDB)? Otherwise you're duplicating
> holding 'CVE-2010-4344' and
> 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344&apos; (this also
> ensures that people adding an OSVDB such as 69860 won't need to remember to
> also add the corresponding URL as a reference, which appears to have been
> missed in one of your examples).
Good point, that would be a simple and very useful feature.

> [...]
> This probably goes outside the scope, but what would the XML output look
> like? It'd be great if we could somehow use the internal tags to create XML
> tags to easily identify the state/risk factor/references etc. (to save us
> from having to parse all of the script output first).
This is one of the long term goal, having vulnerabilities clearly
identified within the XML output. So far we haven't discussed the
format that this might have (or maybe do you Djalal have ideas about
it?) but the plan was to make extensive use of stdnse.format_output()
so that the vulns lib would benefit any improvement there.

> Rob
Regards.

-- 
Henri Doreau |  Greenbone Networks GmbH  |  http://www.greenbone.net
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/