Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [RFC] Vulnerability library proposal

From: Christian Heinrich <christian.heinrich () cmlh id au>
Date: Mon, 8 Aug 2011 09:58:05 +1000
Djalal,

On Sun, Aug 7, 2011 at 9:40 AM, Djalal Harouni <tixxdz () opendz org> wrote:

It would be really great if we can have suggestions from pen-testers and
from people that integrate and use Nmap in their security tools.
Thanks in advance.


http://dradisframework.org/ integrates nmap (XML) and they offer a
similar concept i.e. http://securityroots.com/vulndb/


 - "Risk factor": if present then show it (optional).


Would this be the "Base Metrics" from CVSSv2?


 - "References": reference links (optional).


nmap could use a single reference value, such as CVE #.

The other references (i.e. blogs, advisories, etc) could be retrieved
when the results from Nikto, skipfish, etc are consumed, such as when
they are uploaded to http://dradisframework.org/

However, it would assist with error checking/quality if nmap also
mentioned these values.


 - "Description": vulnerability description (optional).


This could be obtained in real time with http://scap.nist.gov/


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: