mmap now includes some cpe references (http://cpe.mitre.org)
you can use these cpes to do a correlation with NVD CVE or/and OSVDB databases
Good luck
/JA
On Nov 6, 2012, at 4:37 AM, billy <bsmartt13 (at) gmail (dot) com [email concealed]> wrote:
> Hi,
> I'm working on a project for school which involves correlating version
> detection output from NMAP with a local copy of OSVDB to identify
> (possible) vulnerabilities quickly. Thus far I have been able to run
> NMAP against 'metasploitable' as well as other similar environments I
> have the resources to simulate, but this provides a very limited basis
> for testing.
>
> I am seeking a large dataset of NMAP version detection output,
> especially for proprietary products that I do not have the financial
> resources to obtain. I was hoping that nmap's source code would
> contain something to but the file 'nmap-service-probes' is composed of
> intense regular expressions and even if I took the time to read them
> all and write out the possibilities I'm apprehensive to do so for two
> reasons: humans make mistakes and my time to work on this is limited.
>
> The Nmap Fingerprint Database
> (http://insecure.org/cgi-bin/submit.cgi?new-service) looks like it has
> what I am looking for, but I can only find a submit fingerprint page,
> it does not appear to have public lookup/browsing capability.
>
> If anyone has any suggestions, even if it's a relatively incomplete
> list of versions nmap can detect, please let me know.
>
> If this was the incorrect place to post this and anyone has a
> suggestion on where else I could ask this question also let me know.
>
> Thank you for reading,
> Bill
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
you can use these cpes to do a correlation with NVD CVE or/and OSVDB databases
Good luck
/JA
On Nov 6, 2012, at 4:37 AM, billy <bsmartt13 (at) gmail (dot) com [email concealed]> wrote:
> Hi,
> I'm working on a project for school which involves correlating version
> detection output from NMAP with a local copy of OSVDB to identify
> (possible) vulnerabilities quickly. Thus far I have been able to run
> NMAP against 'metasploitable' as well as other similar environments I
> have the resources to simulate, but this provides a very limited basis
> for testing.
>
> I am seeking a large dataset of NMAP version detection output,
> especially for proprietary products that I do not have the financial
> resources to obtain. I was hoping that nmap's source code would
> contain something to but the file 'nmap-service-probes' is composed of
> intense regular expressions and even if I took the time to read them
> all and write out the possibilities I'm apprehensive to do so for two
> reasons: humans make mistakes and my time to work on this is limited.
>
> The Nmap Fingerprint Database
> (http://insecure.org/cgi-bin/submit.cgi?new-service) looks like it has
> what I am looking for, but I can only find a submit fingerprint page,
> it does not appear to have public lookup/browsing capability.
>
> If anyone has any suggestions, even if it's a relatively incomplete
> list of versions nmap can detect, please let me know.
>
> If this was the incorrect place to post this and anyone has a
> suggestion on where else I could ask this question also let me know.
>
> Thank you for reading,
> Bill
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]