Re: Linking security tracker with exploit-db ?
Hi all,
On Thu, Mar 21, 2013 at 11:53:33PM +0200, Henri Salo wrote:
> On Thu, Mar 21, 2013 at 10:38:47PM +0100, Raphael Hertzog wrote:
> > (I'm not subscribed to debian-security-tracker@lists.debian.org, please
> > keep me in CC)
> >
> > Hello,
> >
> > while discussing with someone at Offensive Security, I learned that
> > there's a mapping between CVE numbers and exploits registered in
> > http://www.exploit-db.com/.
> >
> > I was thinking that it could be interesting to know whether exploits
> > are available and as such that it could be interesting to link CVE to the
> > corresponding exploits within the Debian security-tracker.
> >
> > I believe that everything required is already available online,
> > albeit only on webpages and would thus require some heavy web
> > scraping.
> >
> > Thus if you want to pursue this idea, I can put you in contact with the
> > relevant person at Offensive Security. They might be willing to publish
> > this mapping in a more convenient way (possibly as part of the CSV file
> > in http://www.exploit-db.com/archive.tar.bz2 or something similar).
> >
> > I though that I would throw this idea away because I find it interesting
> > but I just don't have the time and the desire to implement it.
> >
> > Cheers,
> > --
> > Raphaël Hertzog ◈ Debian Developer
> >
> > Get the Debian Administrator's Handbook:
> > → http://debian-handbook.info/get/
>
> Good idea. I have been thinking same about OSVDB. If security team member
> approves I could try to implement this. OSVDB links also to exploit-db.com in
> some items.
FYI, this now was activated by Florian some days ago on the instance
for the security tracker.
Regards,
Salvatore
Reply to: