vulnmap: vulnerability scanning modifications to nmap        by ajax@mobis.com
------------------------------------------------------------------------------

The format of exploit.dat is as follows:
    OSTYPE,PORT,PROT,WAIT_DATA1,SEND_DATA1,WAIT_DATA2,SEND_DATA2,
    EXEC_PROG,COMMENT
   
 Definitions:
    OSTYPE=string to match against fingerprint returned from host
           i.e. "SunOS" would match all fingerprints with "SunOS" in them.
    PORT=[0-65536]
    PROT=TCP,UDP,RPC (tcp only implemented)
    WAIT_DATA1=data to expect to recieve to compare if vulnerable
               This does not currently use regular expression matching.
               This can not be an empty string.
    SEND_DATA1=data to send (if null use "NULL")
    WAIT_DATA2=data to expect (if null use "NULL")
               if SEND_DATA1 is NULL, WAIT_DATA2 is skipped.
    EXEC_PROG=pathname/filename to exec with variable substitution, or "NULL"
        options: %IP = ip address in dot notation
    COMMENTS=comments to log if vulnerable


TODO:
  .  RPC service scanning and probing
  .  expand the config file languae/variables.
  .  allow regular expression matching in waitdata and ostype fields of
     config file
  .  socket session probing