Software: nmap vulscan v1.0 NSE has been released
Two weeks ago I wrote Marc Ruef to inquire if he had any thoughts about a replacement for the no-longer-free OSVDB and if it was possible to port over another vulnerability definition source.
I also wrote the contact Email at osvdb.org to inquire about the database files.
I heard back from the osvdb folks, and learned that they commercially license, and said they would forward me to their licensing partner. When I replied that I needed two licenses, I heard nothing back.
I will update the Free vulnerability scanner comparison page with the latest info once the latest vulscan is released.
Update: v1.0 release:
I woke up today to see an email in my inbox addressed to firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com.
Hello, As some of you might remember, I have published a NSE script back in 2010, which added a vulnerability scanning feature to Nmap. I've been doing a complete re-write of the script, which introduces some neat features: * Much better performance and accuracy of search engine * Deployment of scip VulDB, CVE, OSVDB, SecurityFocus, Secunia and Securitytracker * Correlated analysis of all available databases in the same run * Support for single database scan mode (vulscandb) * Support for your own CSV-based vulnerability database * Support of dynamic report templates (vulscanoutput) * Intelligent interactive mode remembers your definitions per session (vulscaninteractive) * Full support for Nmap 5.x/6.x on Linux and Windows * More debug output possible (-d1) * Better error handling You're able to download the latest release of Nmap NSE Vulscan 1.0 here: http://www.computec.ch/mruef/software/nmap_nse_vulscan-1.0.tar.gz Further details about usage and data processing are available in the description field of the script and in my blog post about the release: http://www.scip.ch/en/?labs.20130625 Feel free to use and share the script. And please let me know if you miss any features or if you have assembled your own vulnerability database and would like to see it added to the official repository. Regards, Marc