Hi On 25.03.2017 11:21, Christian Fischer wrote: > Hi, > > On 24.03.2017 17:25, Michal Chrobak wrote: >>> On 23.03.2017 16:31, Michal Chrobak wrote: >>>> Thanks for hints, you describe exactly what I need, but I need that in >>>> OpenVAS, because this is one of many features, which I want from >>>> instanton, which I am creating. One dashboard to view many aspects of >>>> network. >>> >>> you can have a look at existing NVTs like: >>> >>> http://plugins.openvas.org/nasl.php?oid=66286 >>> >>> how to achieve what you're looking for. The mentioned NVT is only running >>> at the end of the scan and also only against unknown services but you can >>> make a copy of it and update it to your needs so it is reporting the >>> banners of all services. >> >> Hi, >> >> This NVTs looks good. All what I need to change is replace "Service/unknow" >> with all ports: >> # This will fork. Potential issue if large # of unknown services. >> # (But then the other find_service*.nasl scripts have the same problem. >> port = get_kb_item( "Services/unknown" ); >> if( ! port ) exit( 0 ); >> if( ! get_port_state( port ) ) exit( 0 ); >> if( ! service_is_unknown( port:port ) ) exit( 0 ); >> >> To be honestly, I never edited nasl scripts before (it was on my todo list >> from long time ago), so I have some probably dummy questions: >> 1. As I have read, get/set_kb_item/list() is some global array witch is used >> to make communication between forks and plugins. But how can I read all >> value from kb? Somethink like get_kb_item(*), to get all values from which I >> could find items which I need in my scenario > > before we're diving into the implementation details it would make sense > to clarify something before: > > 1. With this modification you will get one entry of the "Log" level for > each service and nmap banner side by side to the other entries in your > report. There is currently no way in adding these to the Asset > Management -> Host details. Yes, I know that I can achieve that only in this way and it is ok for me.
> > 2. If you're just looking for improved service reporting within your > report you could also report such missing banners reported by the NVTs: > > - "Report Unknown Service Banner" -> > http://plugins.openvas.org/nasl.php?oid=11154 > - "Identify Unknown Services with nmap" -> > http://plugins.openvas.org/nasl.php?oid=66286 > > to the openvas-plugins mailinglist: > > https://lists.wald.intevation.org/pipermail/openvas-plugins/ > > so we can take these service into account and update the detection for > these. > > This could also include services not detected at all or wrongly detected > services. Ok, I will remeber that if I will get some better results (or unknown or different). > >> 2. What are best practice for learning nasl script in 2017? I found lots of >> materials, but they are quite old (most of them are before 2010). Is this >> because there is nothing new to say and nasl has not new features from few >> years? I don't say this is bad, if it is working and there is no feature >> requests. What would you recommend to start learning nasl? >> http://www.openvas.org/compendium/developers-guide-for-nvts.html ? > > Unfortunately there is no real documentation on how to write nasl > scripts. The best practice to learn nasl scripts is to look into > existing .nasl files to see how it is done and ask specific questions > either at the OpenVAS IRC channel or the previously mentioned mailinglist: > > https://lists.wald.intevation.org/pipermail/openvas-plugins/ > > A few resources which might give additional info / background are: > > http://www.openvas.org/nvt-dev.html > http://michel.arboi.free.fr/nasl2ref/ > http://www.craigchamberlain.com/library/products/nasl2_reference.pdf > https://www.brain-media.de/index/pages/freebooks (OpenVAS kompkat, > German Ebook with some nasl scripting parts Thanks a lot, I'll take a look on that. Regards, Michal _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
