On 02/01/2011 09:20 AM, Michael Meyer wrote: > *** NopSec <[email protected]> wrote: >> On 01/28/2011 02:58 AM, Felix Wolfsteller wrote: >>> Without further information it is difficult to tell. >>> Quick ideas: >>> >>> - In /etc/openvas/openvassd.conf >>> "nasl_no_signature_check = no" ? >>> - OID already given to another script? >>> >>>> I am testing a newly created plugin with openvas-nasl and it runs fine >>>> spawning the related process. >>>> >>>> But when I go load it on the server and configure in the Client, the >>>> related process does not run and neither results are reported. >> thanks for the reply. I check both the >> >> nasl_no_signature_check >> >> which is set to "yes" >> >> and if the new NVT script has an already assigned OID, which it does not. >> >> I think it is easier to include the NVT script here for your review. >> >> It is OpenVAS plugin wrapper for the arachni web application vulnerability >> scanner (https://github.com/Zapotek/arachni) >> >> The script is validated and runs perfectly with openvas-nasl -X -t >> but it does not run when I load it in the Openvas server plugin >> directory. The script loads fine and when I connect with the client, >> I see it, I can select it and I also see the options but when I >> launch the scan with port 80 only it does not run. > please see the attached patch. With that patch it works for me. There > was a problem with the script preferences. E.G: > > if (p =~ '^[0-9]+$') { argv[i++] = "--http-req-limit="; argv[i++] = p; } > > Will result in "--http-req-limit= 60". Arachni seems to interfere with the > blank. > It works with openvas-nasl because there are no preferences set. > > I also changed the creation of the "repfilename" and fixed a bug in > the "if (file_stat(repfilename)) {" statement. > > The real problem is that arachni seems to be too slow. Here it never > finished because it reached the timeout (see "plugins_timeout" in > openvassd.conf). I got > > "[Tue Feb 1 11:45:17 2011][26895] remote-web-arachni.nasl (pid 27012) is > slow to finish - killing it" > > in openvassd.messages. > > HTH > > Micha > > > > _______________________________________________ > Openvas-plugins mailing l > [email protected] > http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins Mark,
thanks a bunch for checking on this. I applied the patch you provided but it gave some other problem with the URL it was passing. I made few other changes and now it runs like a charm and reports great results. arachni is a very complete scanner and it really goes in depth in the scans. In order to run a large sample scan I had to see the specific NVT timeout at 6000. Do you take care of signature and the OID assignment for inclusion in the open source feed? I attach the latest working version. Thanks. Michelangelo
############################################################################## # OpenVAS Vulnerability Test # # Assess web security with arachni # # Authors: # Michelangelo Sidagni <[email protected]> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # (or any later version), as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ############################################################################### if ( ! defined_func("pread")) exit(0); if(description) { script_id(40001); script_version ("1.0"); script_tag(name:"risk_factor", value:"None"); name = "arachni (NASL wrapper)"; script_name(name); desc = " This plugin uses arachni ruby command line to find web security issues. See the preferences section for arachni options. Note that OpenVAS is using limited set of arachni options. Therefore, for more complete web assessment, you should use standalone arachni tool for deeper/customized checks. Risk factor : None"; script_description(desc); summary = "Assess web security with arachni"; script_summary(summary); script_category(ACT_GATHER_INFO); script_copyright("This script is Copyright (C) 2011 Michelangelo Sidagni"); family = "Web application abuses"; script_family(family); script_add_preference(name: "Modules", type:"radio",value:"All;Audit;Recon"); script_add_preference(name: "Concurrent Request Limit", type: "entry", value: "60"); script_add_preference(name: "User Agent", type: "entry", value: "arachni"); script_add_preference(name: "Authorized by", type: "entry", value: "arachni"); script_add_preference(name: "Exclude URLs", type: "entry", value: ""); script_add_preference(name: "Include URLs", type: "entry", value: ""); script_add_preference(name: "Follow Subdomains", type:"checkbox", value: "no"); script_add_preference(name: "Obey robot.txt", type:"checkbox", value: "no"); script_add_preference(name: "Audit Headers", type:"checkbox", value: "no"); script_add_preference(name: "Autologin Login URL", type: "entry", value: "http://url/loginpage";); script_add_preference(name: "Autologin Login Parameters", type: "entry", value: "parameter-username=user¶meter-password=pass"); script_add_preference(name: "Seed URL", type: "entry", value: ""); script_dependencies("find_service.nes","httpver.nasl","http_login.nasl","no404.nasl"); script_require_ports("Services/www", 80); script_timeout(0); exit(0); } # Install Notes # Before running this wrapper with Openvas make sure that: # 1. You installed ruby version 1.9.2 and all arachni dependencies (for the gem install they are already included) # 2. If you installed arachni 0.2.2 via the gem availble on the web site, the arachni file is already on your path. Just make sure it is executable. # 3. If you installed arachni 0.2.2 from github experimental branch, make sure that ./bin/arachni is executable and it is on your PATH. # 4. You entered arachni path in your environmental variables: export PATH=$PATH:/path/to/your/arachni/install/bin/ if (! defined_func("pread")) { set_kb_item(name: "/tmp/UnableToRun/40001", value: TRUE); display("Script #40001 (arachni_wrapper) cannot run\n"); exit(0); } arachni = ""; if ( find_in_path("arachni.rb") ) { arachni = "arachni.rb"; } else if ( find_in_path("arachni") ) { arachni = "arachni"; } else { text = 'Arachni could not be found in your system path.\n'; text += 'OpenVAS was unable to execute Arachni and to perform the scan you requested.\nPlease make sure that Arachni is installed and that arachni is available in the PATH variable defined for your environment.'; security_note(port: port, data: text); exit(0); } #user = get_kb_item("http/login"); #pass = get_kb_item("http/login"); repfilename = get_tmp_dir() + "openvas-arachni-" + rand() + "-" + get_host_ip() + "-" + port + "-report.txt"; i = 0; argv[i++] = arachni; argv[i++] = "--report=txt:outfile=" + repfilename; p = script_get_preference("Modules"); if (p == "All") argv[i++] = "--mods=*"; else if (p == "Audit") argv[i++] = "--mods=audit*"; else if (p == "Recon") argv[i++] = "--mods=recon*"; p = script_get_preference("Concurrent Request Limit"); if (p =~ '^[0-9]+$') { argv[i++] = "--http-req-limit=" + p; } p = script_get_preference("User Agent"); if (p =~ '^[0-9a-zA-Z]+$') { argv[i++] = "--user-agent=" + p; } p = script_get_preference("Authorized by"); if (p =~ '^[0-9a-zA-Z]+$') { argv[i++] = "--authed-by=" + p; } p = script_get_preference("Exclude URLs"); if (p =~ '^[0-9a-zA-Z]+$') { argv[i++] = "--exclude=" + p; } p = script_get_preference("Include URLs"); if (p =~ '^[0-9a-zA-Z]+$') { argv[i++] = "--include=" + p; } p = script_get_preference("Follow Subdomains"); if ("yes" >< p) argv[i++] = "--follow-subdomains"; p = script_get_preference("Obey robot.txt"); if ("yes" >< p) argv[i++] = "--obey-robots-txt"; p = script_get_preference("Audit Headers"); if ("yes" >< p) argv[i++] = "--audit-headers"; p = script_get_preference("Autologin - Login URL"); r = script_get_preference("Autologin - Login Parameters"); if ((p =~ '^[0-9a-zA-Z]+$') || (r =~ '^[0-9a-zA-Z]+$')) { argv[i++] = "--plugin=autologin:url=" + p; argv[i++] =","; argv[i++] = "params=" + r; } port = get_kb_item("Services/www"); if (! port) port = 80; if (! get_port_state(port)) exit(0); encaps = get_port_transport(port); if (encaps > 1) httprefix="https://";; else httprefix="http://";; httpver = get_kb_item("http/"+port); if (httpver == "11") { httparg=get_host_name(); } else { httparg=get_host_ip(); } httpurl=httprefix+httparg+":"+port; seed = script_get_preference ("Seed URL"); if (seed) { if (ereg(pattern: "^/", string: seed)) { httpurl = httpurl + seed; } else { httpurl = httpurl + "/" + seed; } } argv[i++] = httpurl; display("remote-web-arachni.nasl now running...\n"); display("CMD: ",argv,"\n"); r = pread(cmd: arachni, argv: argv, cd: 1); if (! r) exit(0); # error function on_exit() { if (file_stat (repfilename)) unlink(repfilename); } if (file_stat(repfilename)) { rfile=fread(repfilename); report = 'Here is the arachni report:\n'; report += rfile; # rhttp=fread(httpfilename); if ('[~] Severity: High' >< report) { security_hole(port: port, data: report); exit(0); } if ('[~] Severity: Medium' >< report) { security_warning(port: port, data: report); exit(0); } else { security_note(port: port, data: report); exit(0); } } else { text = 'arachni report filename is empty. that could mean that\n'; text += 'wrong version of arachni is used or tmp dir is not accessible.\n'; text += 'In short: check installation of arachni and OpenVAS'; log_message(port: port, data: text); }
_______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
