Comments (8)
I think this can be a good workaround. We can improve the json with the most common services, maybe people can improve the list over time opening an ISSUE. Would you mind doing a PR with your implementation? I'll check NMAP code, maybe I can kind of automate the generation of the first initial list.
from cvescannerv2.
Hi, thanks for the PR, I've merged it. I relocated your code to leverage the logging functionality, otherwise the new CVEs wouldn't be logged.
I've seen this https://nvd.nist.gov/products/cpe/detail/A43289F0-8E95-4C9E-A0BC-A906D3CA0325, it seems that NVD kind of knows the deprecated CPEs, maybe I can check the API and obtain this information and build the json. I need to check it.
cpe:2.3:a:microsoft:iis:7.5 - NVD - Detail
This CPE has been deprecated to:
cpe:2.3:a:microsoft:internet_information_server:7.5:*:*:*:*:*:*:*
from cvescannerv2.
Nothing I can't do here... IIS is defined as internet_information_services
in NVD data
cpe:2.3:a:microsoft:internet_information_services:7.5:*:*:*:*:*:*:*
but NMAP returns
cpe:/a:microsoft:iis:7.5
Obv, querying
iis
in the database yields 0 rows
Maybe would be possible to build some kind of heuristic, but that would be overkill in the long term.
This is one of the shortcomings of this method, CPE weren't standardized (and I think, still aren't). Some CVEs use different vendor-product-version than others, so you end up with multiple entries referring to the same product.
product_id vendor product version version_update
80024 microsoft iis 7.5 *
486471 microsoft internet_information_services 7.5 *
Two different entries for the same product yet only one is linked in NVD.
from cvescannerv2.
Yes, I understand the problem. For myself, I decided to add a file with product aliases. Here is my solution, maybe it will be useful to someone:
products-aliases.json
{
"iis": ["internet_information_services"]
}
cvescannerv2.nse
...
local regex_arg = stdnse.get_script_args('regex') or 'http-regex-vulnerscom.json'
local products_aliases_arg = stdnse.get_script_args('products-aliases') or 'products-aliases.json'
local service_arg = stdnse.get_script_args('service') or 'all'
...
if not exists(db_arg) then
ret = fmt("Database %s not found. " ..
"Run ./databases.py before running nmap script.",
db_arg)
elseif not exists(path_arg) then
ret = fmt("Paths file %s not found.", path_arg)
elseif not valid_json(path_arg, 'path') then
ret = fmt("Invalid json %s.", path_arg)
elseif not exists(regex_arg) then
ret = fmt("Regexes file %s not found.", regex_arg)
elseif not valid_json(regex_arg, 'regex') then
ret = fmt("Invalid json %s.", regex_arg)
elseif not exists(products_aliases_arg) then
ret = fmt("CPE products aliases file %s not found.", products_aliases_arg)
elseif not valid_json(products_aliases_arg, 'products-aliases') then
ret = fmt("Invalid json %s.", products_aliases_arg)
end
...
local function valid_json (arg, type)
local f = io.open(arg, 'r')
local status, data = json.parse(f:read('*all'))
if status then
if type == 'path' then
registry.path = data
elseif type == 'regex' then
registry.regex = data
elseif type == 'products-aliases' then
registry.products_aliases = data
end
end
f:close()
return status
end
...
tmp_vulns = vulnerabilities(host, port, cpe, product, info)
-- Product aliases
if registry.products_aliases[product] then
for _, alias in pairs(registry.products_aliases[product]) do
local tmp_alias_vulns = vulnerabilities(host, port, cpe, alias, info)
if tmp_alias_vulns then
tmp_vulns[1] = tmp_vulns[1] + table.remove(tmp_alias_vulns, 1)
for _, v in pairs(tmp_alias_vulns) do
table.insert(tmp_vulns, v)
end
end
end
end
local nvulns = table.remove(tmp_vulns, 1)
from cvescannerv2.
Hey, I've been checking the code of NMAP, it seems that the latest version (7.94) has the correct CPEs. After rechecking your comments, it seems that you're running a very outdated version (7.80). I'll try to setup a container with IIS to test again with CVEScannerV2 3.1.2, but I think the problem here was your NMAP version. Anyway, this feature should improve the scan quality overall.
from cvescannerv2.
You're right, it looks like it's time for me to upgrade. Version 7.80 is the latest for my ubuntu release - 20.04.5 LTS
from cvescannerv2.
You could run NMap from a container (only 36MB). I'm currently working on migrating all of my CI/CD running on a self-hosted GitLab to GitHub. I expect to have a working action in the following days to build docker containers with CVEScannerV2 (no db) and another one with the database embedded. I'm also planning to detach entirely CVEScannerV2DB (removed as submodule) to keep "small" the main repository but still build the database automatically.
from cvescannerv2.
Closed as completed in c957afa. New containers can be found in dockerhub under scmanjarrez/cvescanner
, variants db and nodb.
from cvescannerv2.
Related Issues (11)
- Add SPDX identifier HOT 1
- Add flag to skip exploit-db scrape. HOT 1
- Parsing Error HOT 5
- attempt to index a nil value (local 'cur') HOT 4
- Product version and printed CVEs doesn't match HOT 16
- Duplication HOT 4
- Db updater error HOT 13
- Implement custom wordlist (and extension)
- Improve script by using pipelines from http module
- Allow follow redirections in http.get HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cvescannerv2.