Nmap Development mailing list archives
Djalal's Status Report #17 of 17
From: Djalal Harouni <tixxdz () opendz org>
Date: Tue, 23 Aug 2011 11:01:34 +0100
Hi, The last GSoC status report. Accomplishments: * Committed a patch to optimize stdnse.format_output() http://seclists.org/nmap-dev/2011/q3/623 * Have committed a lot of code to the vulnerability library: * Made the vuln_table.dates.disclosure a table. * Regroup and store vulnerabilities in different tables according to their state. o VULNERABLE will include: VULNERABLE, LIKELY VULNERABLE, DoS, EXPLOIT o NOT VULNERABLE will only include: NOT VULNERABLE The new output will be: -- 25/tcp open smtp -- | smtp-vuln-cve2010-4344: -- | VULNERABLE: -- | Exim string_format Function Remote Overflow -- | State: VULNERABLE -- | IDs: CVE-2010-4344; OSVDB 69685 -- | References: -- | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344 -- | http://osvdb.org/show/osvdb/69685 -- | -- | Exim X vulnerability -- | State: LIKELY VULNERABLE -- | References: -- | http://example.com/... -- | -- | NOT VULNERABLE: -- | Exim Y vulnerability -- | State: NOT VULNERABLE -- | References: -- |_ http://example.com/... For more information check commit r25975. * Removed the 'UNKNOWN' vulnerability state. * Added the 'vulns.showall' to report and show NON VULNERABLE entries. * Fixed several bugs. * Optimized a lot of parts of the library. * Added the NSEDoc to some functions, and have documented some parts of the code. * Made the library report and show the list of scripts that have checked and tested the same vulnerability that affect the same host. * Made the library in the post-processing mode show all the results of all the scripts. * ... * Added some scripts to test the vulnerability library: vulns-test-1.nse and vulns-test-2.nse hostrule scripts. vulns-post-processing.nse A postrule script. Priorities: * Finish and clean the vulnerability library, and update the other vulnerability scripts to use it. Most of the features of the library are finished, still the: vulns.make_output() and vulns.get_vulnerabilities() functions for post-processing scripts, then I'll do some benchmarking tests. * Work on my script list when time permits. Finally it was a great GSoC, thanks for all the epic meetings, to others on nmap-dev, and to my mentor Henri who was very helpful. Merci Henri :) -- tixxdz http://opendz.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Djalal's Status Report #17 of 17 Djalal Harouni (Aug 23)