Re: Vulscan - NSE script for vulnerability detection based on version detection

[Patricio Castagnaro <pcastagnaro () gmail com>]

Dear,

Vulscan is a great job. Will be a great change if script can handle
duplicated vulnerabilities. e. g.: If there is the same vulnerability
in securityfocus
and securityfoocus, it would be good if the script shows only one alert and
no both.

Thank you very much for give to us the chance of bring to you our ideas.

Regards!


*Lic. Patricio Castagnaro*
*MSN/Gtalk/Mail* *pcastagnaro () gmail com <pcastagnaro () gmail com>*
*Twitter* @*pcastagnaro* <https://twitter.com/pcastagnaro>
*Skype:*
* pcastagnaro**LinkedIn* *http://ar.linkedin.com/in/pcastagnaro
<http://ar.linkedin.com/in/pcastagnaro>*
*Google+* *https://plus.google.com/+PatricioCastagnaro
<https://plus.google.com/+PatricioCastagnaro>*

Think before you print

2015-06-10 19:21 GMT-03:00 Paulino Calderon Pale <paulino () calderonpale com>:

> Hi list,
>
> Jiayi is working on improving/updating Marc Ruef’s vulscan script (
> http://www.computec.ch/projekte/vulscan/?) to finally get it ready for
> inclusion. For those unfamiliar with the script, it takes the results of
> version detection and matches possible vulnerabilities existing in several
> databases (cve, exploitdb, openvas, osvdb, securityfocus, securitytracker,
> xforce, scipvuldb) that will be distributed separately. The script aims to
> turn nmap into a vulnerability scanner that takes advantage of our powerful
> version detection engine.
>
> Some time ago Marc even posted a second enhanced version of the script (
> http://seclists.org/fulldisclosure/2013/Aug/166) but unfortunately it
> seems it slipped by our attention. This week I asked Marc if he got any
> feedback and he mentioned something about Fyodor recommending him to
> include an ‘update databases’ function in the script but I wanted to see if
> others had also different comments/issues. The script seems to work as
> expected as it is. However, we have a couple of different ideas for
> improvements like:
> * The script can suggest the users to run other NSE scripts if the CVE id
> matches (and we have a script for it)
> * Reducing the number of false positives by not printing information if
> version detection was not accurate enough.
>
> Does anyone remember if there was another reason why it didn’t get
> included? Can you think of other improvements that can done?  We would love
> to hear your ideas!
>
> Cheers.
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/