Hi, On 23.05.2017 10:44, margaus M. wrote: > Hello > > I want your opinion on how to structure plugins properly. What I am > doing right now is making the following NVTs: > -product detection NVT, where I detect the model of the product and the > firmware version, via http or snmp. > > -second NVT which is focused on a known vulnerability, this means > searching in the kb if there is a vulnerable model (previously known > thanks to the first NVT), and checking if the firmware version is less > or equal to anotherone in order to be able to say that this product is > vulnerable. > > What do you think about this squeme?
> Could it be better if I divide the > first NVT into various NVTs? One to detect the information via http, > anotherone to detect it via snmp, and os on? from my experience this is the better approach for the simple reason that you can choose different script_require_key/script_mandatory_keys, script_require_ports/script_require_udp_ports and script_exclude_keys for each protocol. Have a look at e.g. the following commit how distribute such Detections in various NVTs and collect them at one place again: https://lists.wald.intevation.org/pipermail/openvas-nvts-commits/2017-May/006177.html This e.g. also helps to not report multiple vulnerabilities against a product if you just have detected it at via two or more protocols. > Thanks! Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-plugins mailing list Openvas-plugins@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
