*** NopSec <[email protected]> wrote:
> On 01/28/2011 02:58 AM, Felix Wolfsteller wrote:
> > Without further information it is difficult to tell.
> > Quick ideas:
> >
> > - In /etc/openvas/openvassd.conf
> > "nasl_no_signature_check = no" ?
> > - OID already given to another script?
> >
> >> I am testing a newly created plugin with openvas-nasl and it runs fine
> >> spawning the related process.
> >>
> >> But when I go load it on the server and configure in the Client, the
> >> related process does not run and neither results are reported.
>
> thanks for the reply. I check both the
>
> nasl_no_signature_check
>
> which is set to "yes"
>
> and if the new NVT script has an already assigned OID, which it does not.
>
> I think it is easier to include the NVT script here for your review.
>
> It is OpenVAS plugin wrapper for the arachni web application vulnerability
> scanner (https://github.com/Zapotek/arachni)
>
> The script is validated and runs perfectly with openvas-nasl -X -t
> but it does not run when I load it in the Openvas server plugin
> directory. The script loads fine and when I connect with the client,
> I see it, I can select it and I also see the options but when I
> launch the scan with port 80 only it does not run.
please see the attached patch. With that patch it works for me. There
was a problem with the script preferences. E.G:
if (p =~ '^[0-9]+$') { argv[i++] = "--http-req-limit="; argv[i++] = p; }
Will result in "--http-req-limit= 60". Arachni seems to interfere with the
blank.
It works with openvas-nasl because there are no preferences set.
I also changed the creation of the "repfilename" and fixed a bug in
the "if (file_stat(repfilename)) {" statement.
The real problem is that arachni seems to be too slow. Here it never
finished because it reached the timeout (see "plugins_timeout" in
openvassd.conf). I got
"[Tue Feb 1 11:45:17 2011][26895] remote-web-arachni.nasl (pid 27012) is slow
to finish - killing it"
in openvassd.messages.
HTH
Micha
--
Michael Meyer OpenPGP Key: 52A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
--- /tmp/remote-web-arachni.nasl 2011-02-01 11:46:51.954862129 +0100
+++ /opt/openvas/lib/openvas/plugins/remote-web-arachni.nasl 2011-02-01
11:47:28.681770013 +0100
@@ -107,9 +107,15 @@
#user = get_kb_item("http/login");
#pass = get_kb_item("http/login");
+port = get_kb_item("Services/www");
+if (! port) port = 80;
+if (! get_port_state(port)) exit(0);
+
+repfilename = get_tmp_dir() + "openvas-arachni-" + rand() + "-" +
get_host_ip() + "-" + port + "-report.txt";
+
i = 0;
argv[i++] = arachni;
-argv[i++] = "--report=txt:outfile=report.txt";
+argv[i++] = "--report=txt:outfile=" + repfilename;
p = script_get_preference("Modules");
@@ -118,19 +124,19 @@
else if (p == "Recon") argv[i++] = "--mods=recon*";
p = script_get_preference("Concurrent Request Limit");
-if (p =~ '^[0-9]+$') { argv[i++] = "--http-req-limit="; argv[i++] = p; }
+if (p =~ '^[0-9]+$') { argv[i++] = "--http-req-limit=" + p; }
p = script_get_preference("User Agent");
-if (p =~ '^[0-9a-zA-Z]+$') { argv[i++] = "--user-agent="; argv[i++] = p; }
+if (p =~ '^[0-9a-zA-Z]+$') { argv[i++] = "--user-agent=" + p; }
p = script_get_preference("Authorized by");
-if (p =~ '^[0-9a-zA-Z]+$') { argv[i++] = "--authed-by="; argv[i++] = p; }
+if (p =~ '^[0-9a-zA-Z]+$') { argv[i++] = "--authed-by=" + p; }
p = script_get_preference("Exclude URLs");
-if (p =~ '^[0-9a-zA-Z]+$') { argv[i++] = "--exclude="; argv[i++] = p; }
+if (p =~ '^[0-9a-zA-Z]+$') { argv[i++] = "--exclude=" + p; }
p = script_get_preference("Include URLs");
-if (p =~ '^[0-9a-zA-Z]+$') { argv[i++] = "--include="; argv[i++] = p; }
+if (p =~ '^[0-9a-zA-Z]+$') { argv[i++] = "--include=" + p; }
p = script_get_preference("Follow Subdomains");
if ("yes" >< p) argv[i++] = "--follow-subdomains";
@@ -143,11 +149,8 @@
p = script_get_preference("Autologin - Login URL");
r = script_get_preference("Autologin - Login Parameters");
-if ((p =~ '^[0-9a-zA-Z]+$') || (r =~ '^[0-9a-zA-Z]+$')) { argv[i++] =
"--plugin=autologin:url="; argv[i++] = p; argv[i++] =","; argv[i++] =
"params="; argv[i++] = r; }
+if ((p =~ '^[0-9a-zA-Z]+$') || (r =~ '^[0-9a-zA-Z]+$')) { argv[i++] =
"--plugin=autologin:url=" + p; argv[i++] =","; argv[i++] = "params=" + r; }
-port = get_kb_item("Services/www");
-if (! port) port = 80;
-if (! get_port_state(port)) exit(0);
encaps = get_port_transport(port);
if (encaps > 1) httprefix="https://";;
@@ -176,7 +179,8 @@
}
argv[i++] = httpurl;
-
+display("remote-web-arachni.nasl now running...\n");
+display("CMD: ",argv,"\n");
r = pread(cmd: arachni, argv: argv, cd: 1);
if (! r) exit(0); # error
@@ -184,9 +188,6 @@
{
if (file_stat (repfilename)) unlink(repfilename);
}
-
-repfilename = "report.txt";
-
if (file_stat(repfilename)) {
rfile=fread(repfilename);
report = 'Here is the arachni report:\n';
@@ -194,10 +195,14 @@
# rhttp=fread(httpfilename);
if ('[~] Severity: High' >< report) {
security_hole(port: port, data: report);
+ exit(0);
+ }
if ('[~] Severity: Medium' >< report) {
security_warning(port: port, data: report);
+ exit(0);
} else {
security_note(port: port, data: report);
+ exit(0);
}
} else {
text = 'arachni report filename is empty. that could mean that\n';
@@ -205,4 +210,4 @@
text += 'In short: check installation of w3af and OpenVAS';
log_message(port: port, data: text);
}
-}
+
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
