<span style="font-family: Arial;">I think clustering the vulnerabilities shouldn't be too difficult. Of course the work involved depends on the granularity. Considering that you want to automatically generate exploits then yes this will be difficult and time consuming.<br>Rather than full automation, I think it would save a lot of time and be more practical to cluster less specifically and provide some options to end user. One click exploits that ate up to date sounds too dreamy. Just my opinion though. I'm no professional. This is the first thread I've posted too and not really qualified through experience, only my thinking here.<br><br>Alex.<br><br><div id="htc_header" style="">----- Reply message -----<br>From: "Mansour Ahmadi" <mansourweb@gmail.com><br>To: "Alex Brook" <mailforalexb@googlemail.com><br>Cc: <nikto-discuss@attrition.org><br>Subject: [Nikto-discuss] Help Nikto<br>Date: Sun, Oct 14, 2012 2:14 AM<br><br></div></span><br><div dir="ltr">Dear Alex, <div><br></div><div>Thank you for your reply. </div><div>As you said, It is a two-step process. At the moment, I want to focus at the first step, Then I want to use AI to generate exploit somewhat.</div>
<div>Now, I want to focus on the predicting of the class automatically. Before that I must cluster (Grouping) the vulnerabilities because :</div><div><br></div><div>1) There is <u><b>no standard</b></u> for different vulnerabilities databases. each vuln database has its own categories.</div>
<div>2) The <u><b>total number</b></u> of vulnerabilities is high each day (<span style="background-color:rgb(255,255,255);color:rgb(85,85,85);font-family:arial,helvetica,sans-serif;font-size:12px;line-height:14.383333206176758px"> </span><span style="background-color:rgb(255,255,255);color:rgb(85,85,85);font-family:arial,helvetica,sans-serif;font-size:12px;line-height:14.383333206176758px"><a href="http://www.symantec.com/threatreport/topic.jsp?id=vulnerability_trends&aid=total_number_of_vulnerabilities">the number of vulnerabilities reported in January 2012, amounts to 488</a></span>). so it is a cumbersome task.</div>
<div>3) Working with words in AI applications has many challenges (finding <b><u>useful words</u></b> to help classification and clustering)</div><div><br></div><div>Don't you agree with me that even the first step is useful and is not easy ? </div>
<div>
<br><br><div class="gmail_quote">On Sat, Oct 13, 2012 at 8:18 PM, Alex Brook <span dir="ltr"><<a href="mailto:mailforalexb@googlemail.com" target="_blank">mailforalexb@googlemail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p>Hi Mansour,</p>
<p>How would you generate the exploit automatically? I think class of the exploit is simple enough but perhaps automatic generation of the exploit not so easy. Would there not be some variables?</p><span class="HOEnZb"><font color="#888888">
<p>Alex.</p></font></span><div class="HOEnZb"><div class="h5">
<div class="gmail_quote">On Oct 13, 2012 12:22 PM, "Mansour Ahmadi" <<a href="mailto:mansourweb@gmail.com" target="_blank">mansourweb@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Dear Sullo,<div><br></div><div>Thank you for your reply.</div><div><br></div><div>I mean, I want to detect the lable (class or category) of a vulnerability automatically. for example, In OSVDB or CVE, If a new bug release, I predict what is the calss of it (SQL inj, XSS, ...). then, generate the exploit of it automatically.</div>
<div><br></div><div>Do you think is it possible and useful ?</div><div><br></div><div>Thanks a lot<br><br><div class="gmail_quote">On Sat, Oct 13, 2012 at 4:39 AM, Sullo <span dir="ltr"><<a href="mailto:csullo@gmail.com" target="_blank">csullo@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I'm not sure I follow what you mean about "clustering" them... could you explain a bit further?<div><br>
</div>
<div>Thanks,</div><div>Sullo<br><br><div class="gmail_quote"><div><div>On Sun, Oct 7, 2012 at 3:38 PM, Mansour Ahmadi <span dir="ltr"><<a href="mailto:mansourweb@gmail.com" target="_blank">mansourweb@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr">Dear Friends,
<div><br></div><div><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">I want to cluster OSVDB vulnerabilities with a novel algorithm. if I cluster the vulnerabilities, how it can help Nikto ? Is it useful or not ?</div>
<div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif"><br></div><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">
Thank you so much</div></div></div>
<br></div></div>_______________________________________________<br>
Nikto-discuss mailing list<br>
<a href="mailto:Nikto-discuss@attrition.org" target="_blank">Nikto-discuss@attrition.org</a><br>
<a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
<br></blockquote></div><span><font color="#888888"><br><br clear="all"><div><br></div>-- <br><br><a href="http://www.cirt.net" target="_blank">http://www.cirt.net</a> | <a href="http://richsec.com/" target="_blank">http://richsec.com/</a><br>
</font></span></div>
</blockquote></div><br></div></div>
<br>_______________________________________________<br>
Nikto-discuss mailing list<br>
<a href="mailto:Nikto-discuss@attrition.org" target="_blank">Nikto-discuss@attrition.org</a><br>
<a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
<br></blockquote></div>
</div></div></blockquote></div><br></div></div>