I have been contemplating putting together a web accessible database to catalogue nasl files and related files. Any recognizable property would be included in the db. For example:
- descriptions - CVE identifiers - vendor specific identifiers - is this a local or remote check? - script family - and so on... Perhaps adding a text search for the nasl scripts is good idea, too. Particularly if you are not exactly clear on what you are looking for as a developer or user or if you need to identify certain functions or system calls in the event they are deprecated and need to change to remain compatible (speaking from past experience). This is relevant for the Top20 discussion because a filter could be implemented pretty easily to identify these vulnerabilities and create an up-to-date scanning profile. I currently don't have a lot of time to devote to new projects at this moment, but if folks think this would be useful (and not redundant) I'd explore doing this. If someone out there would be willing to fund such a project... then I could certainly move it up the list of priorities. I welcome all thoughts. -geoff --------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ > -----Original Message----- > From: [email protected] [mailto:openvas-discuss- > [email protected]] On Behalf Of Curt Shaffer > Sent: Montag, 18. Mai 2009 23:41 > To: 'Chandrashekhar B'; [email protected] > Subject: Re: [Openvas-discuss] SANS Top 20 > > OK. Thanks. Guess my next question is who out there has already written a > Perl script to do this to save me some time :) > > -----Original Message----- > From: Chandrashekhar B [mailto:[email protected]] > Sent: Monday, May 18, 2009 1:40 PM > To: 'Curt Shaffer'; [email protected] > Subject: RE: [Openvas-discuss] SANS Top 20 > > Hello Curt, > > There's no existing profile for SANS Top 20. One could search all the > CVE's > from SANS Top 20 list inside the Plugins folder and create a scan profile > based on that. > > Hopefully in future, we should start creating these important profiles. > > Thanks, > Chandra. > > ________________________________________ > From: [email protected] > [mailto:[email protected]] On Behalf Of Curt > Shaffer > Sent: Monday, May 18, 2009 11:06 PM > To: [email protected] > Subject: [Openvas-discuss] SANS Top 20 > > Is there an easy way that I am missing to choose to scan for the SANS Top > 20 > list only? If not has anyone created a scan option like this that they can > share? > > Thanks > > Curt > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
