Hi, On 24.03.2017 17:25, Michal Chrobak wrote: >> On 23.03.2017 16:31, Michal Chrobak wrote: >>> Thanks for hints, you describe exactly what I need, but I need that in >>> OpenVAS, because this is one of many features, which I want from instanton, >>> which I am creating. One dashboard to view many aspects of network. >> >> you can have a look at existing NVTs like: >> >> http://plugins.openvas.org/nasl.php?oid=66286 >> >> how to achieve what you're looking for. The mentioned NVT is only running at >> the end of the scan and also only against unknown services but you can make >> a copy of it and update it to your needs so it is reporting the banners of >> all services. > > Hi, > > This NVTs looks good. All what I need to change is replace "Service/unknow" > with all ports: > # This will fork. Potential issue if large # of unknown services. > # (But then the other find_service*.nasl scripts have the same problem. > port = get_kb_item( "Services/unknown" ); > if( ! port ) exit( 0 ); > if( ! get_port_state( port ) ) exit( 0 ); > if( ! service_is_unknown( port:port ) ) exit( 0 ); > > To be honestly, I never edited nasl scripts before (it was on my todo list > from long time ago), so I have some probably dummy questions: > 1. As I have read, get/set_kb_item/list() is some global array witch is used > to make communication between forks and plugins. But how can I read all value > from kb? Somethink like get_kb_item(*), to get all values from which I could > find items which I need in my scenario
before we're diving into the implementation details it would make sense to clarify something before: 1. With this modification you will get one entry of the "Log" level for each service and nmap banner side by side to the other entries in your report. There is currently no way in adding these to the Asset Management -> Host details. 2. If you're just looking for improved service reporting within your report you could also report such missing banners reported by the NVTs: - "Report Unknown Service Banner" -> http://plugins.openvas.org/nasl.php?oid=11154 - "Identify Unknown Services with nmap" -> http://plugins.openvas.org/nasl.php?oid=66286 to the openvas-plugins mailinglist: https://lists.wald.intevation.org/pipermail/openvas-plugins/ so we can take these service into account and update the detection for these. This could also include services not detected at all or wrongly detected services. > 2. What are best practice for learning nasl script in 2017? I found lots of > materials, but they are quite old (most of them are before 2010). Is this > because there is nothing new to say and nasl has not new features from few > years? I don't say this is bad, if it is working and there is no feature > requests. What would you recommend to start learning nasl? > http://www.openvas.org/compendium/developers-guide-for-nvts.html ? Unfortunately there is no real documentation on how to write nasl scripts. The best practice to learn nasl scripts is to look into existing .nasl files to see how it is done and ask specific questions either at the OpenVAS IRC channel or the previously mentioned mailinglist: https://lists.wald.intevation.org/pipermail/openvas-plugins/ A few resources which might give additional info / background are: http://www.openvas.org/nvt-dev.html http://michel.arboi.free.fr/nasl2ref/ http://www.craigchamberlain.com/library/products/nasl2_reference.pdf https://www.brain-media.de/index/pages/freebooks (OpenVAS kompkat, German Ebook with some nasl scripting parts > Regards, > Michal > Michal Chrobak > IT Security Systems Engineer > tel. +48 22 122 09 42 > tel. +48 503 555 769 > > SANSEC Poland S.A. NIP: 7010352299, KRS: 0000429238, REGON: 146270315, Spółka > zarejestrowana przez Sąd Rejonowy dla M. St. Warszawy w Warszawie, XII > Wydział Gospodarczy Krajowego Rejestru Sądowego, Kapitał zakładowy: 1 000 000 > PLN. > Niniejsza wiadomość zawiera informacje zastrzeżone i stanowiące tajemnicę > przedsiębiorstwa SANSEC Poland S.A. Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
