Hi, as discussed on irc yesterday, I've written a NASL script for reporting all open ports (including udp) if they are not reported elsewhere.
Teh script is enclosed. I would appreciate your comments and enhancements. The Script is meant to run *after* all other Service detectors (which are reporting results). But I doubt, I did this right. I've but the script into the 'Port Scanners' family since this is where I have looked for a script link this. -- Schönen Gruß - Regards Hartmut Goebel Dipl.-Informatiker (univ.), CISSP, CSSLP Goebel Consult Spezialist für IT-Sicherheit in komplexen Umgebungen http://www.goebel-consult.de Monatliche Kolumne: http://www.cissp-gefluester.de/ Goebel Consult mit Mitglied bei http://www.7-it.de
# OpenVAS Vulnerability Test # $Id$ # # Description: Report all open ports not reported elsewhere # # Authors: # Hartmut Goebel <[email protected]> # # Copyright: # Copyright (c) 2010 Hartmut Goebel <[email protected]> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # (or any later version), as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. if(description) { name = "Report all open ports not reported elsewhere"; script_id(99914259); #script_oid(FIXME); script_version("$Revision$"); script_family("Port scanners"); desc = " This plugin reports all open ports found by any of the port scanners but not reported elsewhere. This currently supports nmap, amap and the OpenVAS internal scanners. NB: As of today, the following scanners do not report their results to the knowledgebase and the ports found by them will be reported here, too: ikescan, pnscan, portbunny, strobe. "; script_name(name); script_summary("Reports all open ports"); script_description(desc); script_tag(name:"risk_factor", value:"None"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2010 by Hartmut Goebel"); script_dependencies("nmap.nasl", "amap.nasl", "find_service.nes", "find_service1.nasl", "find_service2.nasl", "openvas_tcp_scanner.nes", "synscan.nes", "pnscan.nasl", "portbunny.nasl", "portscan-strobe.nasl", "ike-scan.nasl" ); exit(0); } foreach port ( keys(get_kb_list('Ports/*')) ) { port = substr(port, 6); # 6 = strlen('Ports/') # check if nmap reported about this port if ( get_kb_item("Ident/"+port) ) continue; if ( get_kb_item("Nmap/"+port+"/version") ) continue; # nmap does not report rpc services to the knowledgebase :-( # check if amap reported about this port if ( get_kb_item("Amap/"+port+"/Svc") ) continue; if ( get_kb_item("Amap/"+port+"/PrintableBanner") ) continue; if ( get_kb_item("Amap/"+port+"/FullBanner") ) continue; # ikescan does not report open ports to the knowledgebase # pnscan does not report open ports to the knowledgebase # portbunny does not report open ports to the knowledgebase # strobe does not report open ports to the knowledgebase portnum = split(port, sep:'/', keep:0); proto = portnum[0]; portnum = portnum[1]; # todo: test whether some other service detector reported it # no scanner reported to the knowledgbase, so write a log message log_message(port: portnum, proto: proto, data: "FYI: This port is open."); }
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
