By Romain Thursday, February 14 2008 - 19:14 UTC - Information - Permalink
Tomorrow will start SATE 2008: the registered participants will be able to get the test cases associated to the tracks they want to participate in. They will have until the 29th of February to send the report of the tools. We are all pretty excited here before the start. It was a real rush for finding the test cases that we think are good for such an event...
Anyway, just a news to release a python script which is definitely SATE oriented. The idea is only to convert the output of some free tools into the SATE XML format. The script is handling Flawfinder, ITS4 and RATS. It can also look at the NVD for the product and the version in order to retrieve the known vulnerabilities.
You can download the script weaknesses walker as a zip file or just the python script (you will need wwwCall for the NVD scrapping part; wwwCall is also included in the zip).
Example how to use ww with flawfinder:
./ww.py --tool flawfinder --file myproject.out.xml --format sate /home/romain/myproject
or for the NVD scrapper:
./ww.py --vdb winamp 5.2 --file winamp_5.2.nvd.xml
For the next version of ww, I may add the possiblity to play with the SATE XML format itself, such as merging the results of different tools with comparison of report or even just the report of multiple tools...
Also, if you are coming downtown DC this weekend for ShmooCon or even BlackHat DC 2008, if you wanna have a beer just drop me a mail. I wasn't able to find a ticket for Shmoo so will not go, but I will meet with dre and marcin from ts/sci security... so if you are around, just tell me I would be happy to meet more sec. people
The last thing is that this post is my number 100!
Comments
Hey Romain, I'm at DCA right now waiting on dre.. Shoot me an email when you get a chance.
are you in dulles right now? or just in the hotel?
Ronald Reagan national airport... Which is which?
dulles is the internationnal airport in virginia (orange line at the very end)
regan is in DC itself