[prev in list] [next in list] [prev in thread] [next in thread]
List: security-basics
Subject: Re: Seeking NMAP Version Detection dataset
From: Nick Besant <lists () hwf ! cc>
Date: 2012-11-06 10:00:33
Message-ID: 5098DFC1.8040905 () hwf ! cc
[Download RAW message or body]
Hi.
A couple of suggestions;
1. Download the source code for nmap and have a browse to see how the
fingerprinting works - [1]
2. Quick search for "nmap fingerprint database" shows up a
BackTrack-specific shell script [2] which includes a reference to
[3]<https://svn.nmap.org/nmap/nmap-os-db>, which is a copy of the
database (part of the source tree from 1 above)
[1] http://nmap.org/download.html
[2] http://www.backtrack-linux.org/forums/showthread.php?t=28006
[3] https://svn.nmap.org/nmap/nmap-os-db
Regards
Nick
On 06/11/2012 00:37, billy wrote:
> Hi,
> I'm working on a project for school which involves correlating version
> detection output from NMAP with a local copy of OSVDB to identify
> (possible) vulnerabilities quickly. Thus far I have been able to run
> NMAP against 'metasploitable' as well as other similar environments I
> have the resources to simulate, but this provides a very limited basis
> for testing.
>
> I am seeking a large dataset of NMAP version detection output,
> especially for proprietary products that I do not have the financial
> resources to obtain. I was hoping that nmap's source code would
> contain something to but the file 'nmap-service-probes' is composed of
> intense regular expressions and even if I took the time to read them
> all and write out the possibilities I'm apprehensive to do so for two
> reasons: humans make mistakes and my time to work on this is limited.
>
> The Nmap Fingerprint Database
> (http://insecure.org/cgi-bin/submit.cgi?new-service) looks like it has
> what I am looking for, but I can only find a submit fingerprint page,
> it does not appear to have public lookup/browsing capability.
>
> If anyone has any suggestions, even if it's a relatively incomplete
> list of versions nmap can detect, please let me know.
>
> If this was the incorrect place to post this and anyone has a
> suggestion on where else I could ask this question also let me know.
>
> Thank you for reading,
> Bill
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL \
> certificate. We look at how SSL works, how it benefits your company and how your \
> customers can tell if a site is secure. You will find out how to test, purchase, \
> install and use a thawte Digital Certificate on your Apache web server. Throughout, \
> best practices for set-up are highlighted to help you ensure efficient ongoing \
> management of your encryption keys and digital certificates.
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL \
certificate. We look at how SSL works, how it benefits your company and how your \
customers can tell if a site is secure. You will find out how to test, purchase, \
install and use a thawte Digital Certificate on your Apache web server. Throughout, \
best practices for set-up are highlighted to help you ensure efficient ongoing \
management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic