[Nikto-discuss] Help Nikto
Frank Breedijk
FBreedijk at schubergphilis.com
Sat Oct 13 16:02:11 CDT 2012
Mansour,
In this case, why don't you start with the databases, if you publish link between ID (CVE/OSVDB id) and class and it is meaningful it shouldn't be hard for tool makers to tie it in.
---
Sent from mobile, message may contain tyopos
On 13 okt. 2012, at 21:15, "Mansour Ahmadi" <mansourweb at gmail.com<mailto:mansourweb at gmail.com>> wrote:
Dear Alex,
Thank you for your reply.
As you said, It is a two-step process. At the moment, I want to focus at the first step, Then I want to use AI to generate exploit somewhat.
Now, I want to focus on the predicting of the class automatically. Before that I must cluster (Grouping) the vulnerabilities because :
1) There is no standard for different vulnerabilities databases. each vuln database has its own categories.
2) The total number of vulnerabilities is high each day ( the number of vulnerabilities reported in January 2012, amounts to 488<http://www.symantec.com/threatreport/topic.jsp?id=vulnerability_trends&aid=total_number_of_vulnerabilities>). so it is a cumbersome task.
3) Working with words in AI applications has many challenges (finding useful words to help classification and clustering)
Don't you agree with me that even the first step is useful and is not easy ?
On Sat, Oct 13, 2012 at 8:18 PM, Alex Brook <mailforalexb at googlemail.com<mailto:mailforalexb at googlemail.com>> wrote:
Hi Mansour,
How would you generate the exploit automatically? I think class of the exploit is simple enough but perhaps automatic generation of the exploit not so easy. Would there not be some variables?
Alex.
On Oct 13, 2012 12:22 PM, "Mansour Ahmadi" <mansourweb at gmail.com<mailto:mansourweb at gmail.com>> wrote:
Dear Sullo,
Thank you for your reply.
I mean, I want to detect the lable (class or category) of a vulnerability automatically. for example, In OSVDB or CVE, If a new bug release, I predict what is the calss of it (SQL inj, XSS, ...). then, generate the exploit of it automatically.
Do you think is it possible and useful ?
Thanks a lot
On Sat, Oct 13, 2012 at 4:39 AM, Sullo <csullo at gmail.com<mailto:csullo at gmail.com>> wrote:
I'm not sure I follow what you mean about "clustering" them... could you explain a bit further?
Thanks,
Sullo
On Sun, Oct 7, 2012 at 3:38 PM, Mansour Ahmadi <mansourweb at gmail.com<mailto:mansourweb at gmail.com>> wrote:
Dear Friends,
I want to cluster OSVDB vulnerabilities with a novel algorithm. if I cluster the vulnerabilities, how it can help Nikto ? Is it useful or not ?
Thank you so much
_______________________________________________
Nikto-discuss mailing list
Nikto-discuss at attrition.org<mailto:Nikto-discuss at attrition.org>
https://attrition.org/mailman/listinfo/nikto-discuss
--
http://www.cirt.net | http://richsec.com/
_______________________________________________
Nikto-discuss mailing list
Nikto-discuss at attrition.org<mailto:Nikto-discuss at attrition.org>
https://attrition.org/mailman/listinfo/nikto-discuss
_______________________________________________
Nikto-discuss mailing list
Nikto-discuss at attrition.org<mailto:Nikto-discuss at attrition.org>
https://attrition.org/mailman/listinfo/nikto-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20121013/07337296/attachment.html>
More information about the Nikto-discuss
mailing list