Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: vulnerability scanning with nmap_nse_vulnscan

From: Brahim Sakka <brahim.sakka () gmail com>
Date: Sat, 10 Dec 2011 15:20:30 +0100
Hello everyone.

As a penetration tester, I'd like to say that vulnerability scanning would
be a _very_ useful feature in Nmap.
I do need the functionality provided by vulscan script even though I do
have expensive licenses for well regarded vulnerability scanners.

Would vulscan be packaged with Nmap at some point?

2011/12/8 Djalal Harouni <tixxdz () opendz org>


On Thu, Dec 08, 2011 at 09:14:43AM +0100, Matthias Becker wrote:

hi all,

I was wondering, if the vulnscan capability within nmap

(nmap_nse_vulnscan

script developed marc ruef) will be extended in future releases i.e. if
anybody else is actually using it or doing any development around this
topic.
I'd appreciate any feedback.

The script was not integrated into Nmap, I think the problem was the
vulnerability database [1], if we are allowed to use it or not ?

Now Nmap and NSE support CPE and there is also an NSE vulnerability
library [2] which scripts like this can use to organize and report data,
so I think that Nmap needs a script like this.

I was planning to work on it, but currently I can't (no time).

I've Cc'ed Marc so he can update us.

Thanks.

[1] https://secwiki.org/w/Nmap/Script_Ideas#vulndb
[2] http://nmap.org/nsedoc/lib/vulns.html

--
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: