Hi,
On 28.03.2017 16:31, Michal Chrobak wrote:
> Hi
>
> On 25.03.2017 11:21, Christian Fischer wrote:
>> Hi,
>>
>> On 24.03.2017 17:25, Michal Chrobak wrote:
>>>> On 23.03.2017 16:31, Michal Chrobak wrote:
>>>>> Thanks for hints, you describe exactly what I need, but I need that in
>>>>> OpenVAS, because this is one of many features, which I want from
>>>>> instanton, which I am creating. One dashboard to view many aspects of
>>>>> network.
>>>>
>>>> you can have a look at existing NVTs like:
>>>>
>>>> http://plugins.openvas.org/nasl.php?oid=66286
>>>>
>>>> how to achieve what you're looking for. The mentioned NVT is only running
>>>> at the end of the scan and also only against unknown services but you can
>>>> make a copy of it and update it to your needs so it is reporting the
>>>> banners of all services.
>>>
>>> Hi,
>>>
>>> This NVTs looks good. All what I need to change is replace "Service/unknow"
>>> with all ports:
>>> # This will fork. Potential issue if large # of unknown services.
>>> # (But then the other find_service*.nasl scripts have the same problem.
>>> port = get_kb_item( "Services/unknown" );
>>> if( ! port ) exit( 0 );
>>> if( ! get_port_state( port ) ) exit( 0 );
>>> if( ! service_is_unknown( port:port ) ) exit( 0 );
>>>
>>> To be honestly, I never edited nasl scripts before (it was on my todo list
>>> from long time ago), so I have some probably dummy questions:
>>> 1. As I have read, get/set_kb_item/list() is some global array witch is
>>> used to make communication between forks and plugins. But how can I read
>>> all value from kb? Somethink like get_kb_item(*), to get all values from
>>> which I could find items which I need in my scenario
>>
>> before we're diving into the implementation details it would make sense
>> to clarify something before:
>>
>> 1. With this modification you will get one entry of the "Log" level for
>> each service and nmap banner side by side to the other entries in your
>> report. There is currently no way in adding these to the Asset
>> Management -> Host details.
> Yes, I know that I can achieve that only in this way and it is ok for me.
>
>>
>> 2. If you're just looking for improved service reporting within your
>> report you could also report such missing banners reported by the NVTs:
>>
>> - "Report Unknown Service Banner" ->
>> http://plugins.openvas.org/nasl.php?oid=11154
>> - "Identify Unknown Services with nmap" ->
>> http://plugins.openvas.org/nasl.php?oid=66286
>>
>> to the openvas-plugins mailinglist:
>>
>> https://lists.wald.intevation.org/pipermail/openvas-plugins/
>>
>> so we can take these service into account and update the detection for
>> these.
>>
>> This could also include services not detected at all or wrongly detected
>> services.
> Ok, I will remeber that if I will get some better results (or unknown or
> different).
>
>>
>>> 2. What are best practice for learning nasl script in 2017? I found lots of
>>> materials, but they are quite old (most of them are before 2010). Is this
>>> because there is nothing new to say and nasl has not new features from few
>>> years? I don't say this is bad, if it is working and there is no feature
>>> requests. What would you recommend to start learning nasl?
>>> http://www.openvas.org/compendium/developers-guide-for-nvts.html ?
>>
>> Unfortunately there is no real documentation on how to write nasl
>> scripts. The best practice to learn nasl scripts is to look into
>> existing .nasl files to see how it is done and ask specific questions
>> either at the OpenVAS IRC channel or the previously mentioned mailinglist:
>>
>> https://lists.wald.intevation.org/pipermail/openvas-plugins/
>>
>> A few resources which might give additional info / background are:
>>
>> http://www.openvas.org/nvt-dev.html
>> http://michel.arboi.free.fr/nasl2ref/
>> http://www.craigchamberlain.com/library/products/nasl2_reference.pdf
>> https://www.brain-media.de/index/pages/freebooks (OpenVAS kompkat,
>> German Ebook with some nasl scripting parts
>
> Thanks a lot, I'll take a look on that.
>
> Regards,
> Michal
i have attached an patch to the find_service_nmap.nasl to have an
example how such a NVT should look like. You can make a copy of the
find_service_nmap.nasl, apply the patch to it and choose a OID from the
Reserved OID range listed here:
http://openvas.org/openvas-oids.html
To get a full output of the service banner you might need to play around
with the nmap parameters and the parsing of the result to get the
expected output.
Regards,
--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Index: find_service_nmap.nasl
===================================================================
--- find_service_nmap.nasl (revision 5758)
+++ find_service_nmap.nasl (working copy)
@@ -44,12 +44,11 @@
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
script_tag(name:"cvss_base", value:"0.0");
script_name("Identify Unknown Services with nmap");
- script_category(ACT_END);
+ script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com";);
script_family("Service detection");
- script_require_ports("Services/unknown");
- script_dependencies("toolcheck.nasl", "unknown_services.nasl");
- script_mandatory_keys("Tools/Present/nmap");
+ script_dependencies("toolcheck.nasl", "secpod_open_tcp_ports.nasl");
+ script_mandatory_keys("Tools/Present/nmap", "TCP/PORTS");
script_tag(name:"summary", value:"This plugin performs service detection by launching nmap's
service probe (nmap -sV) against ports that are running unidentified services.");
@@ -75,10 +74,9 @@
# This will fork. Potential issue if large # of unknown services.
# (But then the other find_service*.nasl scripts have the same problem.
-port = get_kb_item( "Services/unknown" );
+port = get_kb_item( "TCP/PORTS" );
if( ! port ) exit( 0 );
if( ! get_port_state( port ) ) exit( 0 );
-if( ! service_is_unknown( port:port ) ) exit( 0 );
# Check if we can still open that port before throwing nmap on it
soc = open_sock_tcp( port, transport:ENCAPS_IP );
@@ -115,8 +113,6 @@
if( strlen( servicesig ) > 0 ) {
- register_service( port:port, proto:servicesig );
-
message = 'Nmap service detection result for this port: ' + servicesig;
if( guess ) {
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
