From 4eceddebb365992abe45bda77c1fd9ab0f79791b Mon Sep 17 00:00:00 2001
From: fyodor <fyodor@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sun, 23 May 2010 21:47:07 +0000
Subject: [PATCH] Add script idea for vulnscan based on detected os/versions

---
 todo/nmap.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/todo/nmap.txt b/todo/nmap.txt
index 946e0ef00..85a43b7dc 100644
--- a/todo/nmap.txt
+++ b/todo/nmap.txt
@@ -103,6 +103,14 @@ o We should offer partial results when a host
     printed that out only, we could potentially isolate it in just one
     place.
 
+o [NSE] Consider a script which uses Nmap's detected OS and open port
+  information to print out _possible_ (unverified) vulnerabilities.
+  Of course it is better to have scripts which actually check for
+  vulnerability, but we don't have comprehensive vuln detection yet,
+  so this could still be quite useful.
+  o Marc Ruef is working on a vulnscan.nse script which uses CVE to do
+    this. See this thread: http://seclists.org/nmap-dev/2010/q2/527
+
 o Consider providing an option which causes Nmap to scan ALL IP
   addresses returned for a given name.  So if "google.com" returns 4
   names, scan them all (right now we print them all but only scan