I've been working on the vulnerability scanner plugin for d3vscan utilizing the OSVDB database. With the correlation amongst the product_id, version_id and vendor_id, this correlation_id is then used to obtain the respective vulnerability. The issue thus far is that the correlation is made upon a larger subset when Nmap isn't able to populate the osmatch field. I have added checks on the generated osmatch but nonetheless, the accuracy depends on the OS identification. That is where I hope the work of Zaid and Hazwan for the improved Neural Network based OS identification comes in. Here are some screenshots:
The Plugin Screen
Vulnerability Scan Results in Scan View
Vulnerability Scan Results in List View
No comments:
Post a Comment