Nmap based open source vulnerability detection

Snort creator, Sourcefire, Inc. and Insecure.Org, the creator of the Nmap Security Scanner, today announced a licensing agreement for the parties to jointly develop open source vulnerability scanning technology based on the general purpose Nmap Scripting Engine (NSE) embedded within the popular Nmap network discovery tool. Under the agreement, Insecure.Org will develop the engine while the Sourcefire Vulnerability Research Team (VRT) will develop and contribute plug-ins for discovering specific vulnerabilities.
 
“Sourcefire was built on the premise of combining open source technologies with proprietary innovation and funded research to produce world-class solutions for our customers,” said Martin Roesch, Sourcefire’s Chief Technology Officer and the original author of Snort. “This joint effort exemplifies the spirit of the open source community, combining Insecure.Org’s active scanning expertise with Sourcefire’s vulnerability research capabilities to deliver a powerful new open source scanning technology. As open source leaders and innovators, both of our organisations are dedicated to providing users with the best possible technology to address their security issues, and we are very excited by the capabilities that this relationship will deliver.”
 
The new engine technology will be available within the open source Nmap Security Scanner as well as bundled into the Sourcefire 3Dâ„? System. When combined with Sourcefire RNA as part of the award-winning 3D System, these new active scanning capabilities will enable customers to coordinate passive network discovery with surgical active scanning for a sophisticated approach to vulnerability detection. Users of Sourcefire RNA will be able to identify real-time network changes and then use the Nmap capabilities to deliver specific vulnerability information for only those assets that have been added or changed, significantly reducing scanning times, enhancing network performance and providing detailed analysis much more quickly than traditional solutions.
 
“This partnership is an exciting moment for the Nmap project,” said Nmap creator and lead developer Fyodor. “Nmap has grown over the years from simply enumerating open port numbers to identifying remote operating systems and application versions. With NSE we are taking the next step forward by facilitating advanced network discovery and vulnerability detection. We are grateful to Sourcefire for lending the talents of their exceptional VRT team to this project, and we are happy to see the technology providing value to Sourcefire’s enterprise customers as well.”
 
Vulnerability management is a common security best practice required by a wide array of government and industry security regulations. This new scanning technology will help security professionals perform vulnerability assessments. As organisations migrate to IPv6 environments, Sourcefire believes that the efficiency of a combined approach using both passive and active assessment technologies will be necessary for effective risk assessment.
 
An alpha release of the Nmap Scripting Engine with a number of initial scripts is now available at http://insecure.org/nmap/download.html. The commercial Sourcefire version is expected to be embedded in the 3D System beginning in the first quarter of 2008.
Â