Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Propose vulners.nse to official nmap repo. #1126

Closed
wants to merge 2 commits into from

Conversation

Projects
None yet
7 participants
@GMedian
Copy link

commented Feb 2, 2018

The proposed script is the latest stable release of vulnersCom/nmap-vulners github repo.

Ilya Govorkov
Propose vulners.nse to official nmap repo.
The proposed script is the latest stable release of vulnersCom/nmap-vulners github repo.
@vulnersCom

This comment has been minimized.

Copy link

commented Jun 8, 2018

Ping?

@vulnersCom

This comment has been minimized.

Copy link

commented Jun 8, 2018

That's https://github.com/vulnersCom/nmap-vulners this one NSE plugin

@cldrn

This comment has been minimized.

Copy link
Member

commented Jun 8, 2018

@vulnersCom

This comment has been minimized.

Copy link

commented Jun 8, 2018

At the moment it's about 1000rps. No one user even gets close))
Has not figured performance issues yet. Caching and direct queries works fine.

Unfortunately no way to use local db, it's about 250gb in elastics and API works querying it on the fly.

What do you mean by "external option"?


author = 'gmedian AT vulners DOT com'
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"vuln", "safe"}

This comment has been minimized.

Copy link
@p-l-

p-l- Jun 8, 2018

If I understand well, this script must also be categorized as "external".

This comment has been minimized.

Copy link
@vulnersCom
Its work is pretty simple:
- work only when some software version is identified for an open port
- take all the known cpe for that software (from the standard nmap output)
- ask whether some known vulns exist for that cpe

This comment has been minimized.

Copy link
@p-l-

p-l- Jun 8, 2018

You probably want to mention here that it connects to a remote service.

This comment has been minimized.

Copy link
@vulnersCom

vulnersCom Jun 8, 2018

Definitely yes. Will refactor the description.

Update vulners.nse
Slightly change the description to explicitly mention the usage of the remote service.
Add the script to the "external" category.
@GMedian

This comment has been minimized.

Copy link
Author

commented Jun 9, 2018

@vulnersCom @cldrn @p-l-
Thank you for your time, I have updated the script to explicitly mention the remote API.

@vulnersCom

This comment has been minimized.

Copy link

commented Jun 13, 2018

Is it ok now?

@b4ldr

This comment has been minimized.

Copy link

commented Jun 13, 2018

message for the devs, the https://vulners.com/products web site explicitly mentions nmap scrips and the API seems to be free and open (https://vulners.com/docs) and all links from the main site point to the @vulnersCom github account so i think we think permission to use the API has been granted. anything else holding this up, it looks like a really nice addition?

@vulnersCom

This comment has been minimized.

Copy link

commented Jul 2, 2018

Hi fellows.
Anything we can do more?

@vulnersCom

This comment has been minimized.

Copy link

commented Aug 2, 2018

Gentle ping ^)

@aidylewis

This comment has been minimized.

Copy link

commented Jan 10, 2019

I use this script as a useful addition to the vuln category. I'd be nice for it to be in the main scripts.

@vulnersCom

This comment has been minimized.

Copy link

commented Feb 15, 2019

Hi devs! Any movements here?

@aidylewis

This comment has been minimized.

Copy link

commented Feb 15, 2019

Bump.

@aidylewis

This comment has been minimized.

Copy link

commented May 23, 2019

We use this script quite extensively in a large media company and it would be really nice if it was in the official scripts directory.

@aidylewis

This comment has been minimized.

Copy link

commented Jun 25, 2019

We use this script extensively and have built pretty printing, persistence and visualisation (which we will eventually open source). Can we please get this merged into the the nmap official scripts or is there something holding this back? Some users have a problem finding the scripts folder.

@vulnersCom

This comment has been minimized.

Copy link

commented Jun 25, 2019

Bump

@aidylewis

This comment has been minimized.

Copy link

commented Jun 25, 2019

Not sure if nmap needs a separate NSE chief maintainer and other lower down the chain. Some of those scripts are old, and this is where I see the innovation emerging. WDYT? @vulnersCom

This is that what we've got ATM with your Lua script:
https://giphy.com/gifs/lMs9EJ0386d5tKjjgo
https://giphy.com/gifs/YOGFYd0J4fFtvUZAf7

@dmiller-nmap

This comment has been minimized.

Copy link

commented Jun 26, 2019

@vulnersCom I'm working on getting this done with a few adjustments, but I can't seem to get any results. Every query is coming back with the following response:

HTTP/1.1 200 OK
Server: QRATOR
Date: Wed, 26 Jun 2019 03:46:45 GMT
Content-Type: application/json
Content-Length: 124
Connection: close
Vary: Accept-Encoding
X-Vulners-Ratelimit-Reqlimit: 300
X-Vulners-Ratelimit-Burstlimit: 50
X-Vulners-Ratelimit-Rate: 228.9639381797367
X-Vulners-View-Calltime: 60ms
X-Vulners-Calltime: 60ms
X-Vulners-Full-Calltime: 78ms
Set-Cookie: vulnersSession=6YYOKPTQAZNYK8MTROX1TITSZWILACFG0GC4LQOGQGLZ761ZI1ND62N72BQSVFBUT7GUE2MILYF1DDHKO784NJ3521BVHSKN7FWPSRCNBDWQ1ZCEUG6R0W2YT1VRZ00G:4q-_Xe2Kk2HzNAUT_dh88p73z9Q; Domain=.vulners.com; expires=Wed, 26 Jun 2019 03:46:55 GMT; HttpOnly; Max-Age=10; Path=/; Secure
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

{   
  "result": "warning",
  "data": {
    "warning": "Nothing found for Burpsuite search request",
    "errorCode": 401
  } 
}   

Is this expected? Is there a particular query (CPE, software name and version, etc.) that I could use to get a valid result for testing?

@vulnersCom

This comment has been minimized.

@dmiller-nmap

This comment has been minimized.

Copy link

commented Jun 26, 2019

Committed in 2056ef9 with further changes:

  • ba53053 - Whitespace and NSEdoc formatting
  • 86d448e - Avoid excessive string concatenation
  • 70f1cbb - Structured output
  • a08be75 - Enable vulners.nse to work during IPv6 scans
  • fbcaa39 - Document mincvss arg, ensure consistent ordering
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.