vulnDB: Does the DB have a 'how to fix' or 'solution' field or parameter?

[Davetheraveuk]

Hi, I have some questions regarding your project: 1) Does your vulnDB have all relevant CVE information including a 'how to fix CVE' or a 'CVE solution' field that will tell me how to fix the CVE vulnerability - if any are detected?

2) In addition, can the vulnDB (or similar database) be integrated into nmap?

3) Can the vulnDB be updated on a daily/weekly/monthly basis?

Thank you for your time. David

[llazzaro]

1. We have the resolution field on the vulnerability. You can extend the vulnerability model using custom fields to add the solution field to the vuln. If the plugin populates the resolution field this will be shown. The same applies for the CVE, if the plugin imports the CVE you will see it on the database. If the vuln has the CVE field you can search for exploits also. However we don't have a tool tht will look into the CVE and search for a solution.
2. Not sure if by vulndb you refer to the vulnerabilities in the faraday database or about vulndb.com. Try to look for nmap scripts, I think there should be some script on github.
3. You can import data to faraday every day/week/monthly. Copy the scan data to .faraday/reports/WORKSPACE_NAME and cron the python manage.py process-reports command.

Hope I answered all your questions, feel free to ask more! Thanks!