Re: [Openvas-discuss] Scanning a hostname with more then three dots
I had a new issue with the host verification. I can't scan a domain name that contains a numeric bloc like www.123.com. On Wed, Jul 18, 2012 at 10:58 AM, rm4dillo D rm4di...@gmail.com wrote: Glad to know that it helped you. I don't think that you need to modify the nikto nasl script to use host's name instead of ip address. On Mon, Jul 16, 2012 at 9:28 PM, Juan José Pavlik Salles jjpav...@gmail.com wrote: rm4dillo, you have no idea how much work you saved me with this patch!!! Now i can scan vhosts by creating one target per vhost i have. Thanks Now i need that the nikto nasl uses that hostname instead of the ip addr. 2012/6/21 rm4dillo D rm4di...@gmail.com Well, after fixing this bug, I encountered a second issue ; the scanner overwrites my target's hostname by performing a reverse lookup on it's IP address ( www.target.com == lookup == 123.123.123.123 == reverse lookup == virtual.hosting.com). I was able to fix this by applying the following patch : --- hosts_gatherer.c(revision 13635) +++ hosts_gatherer.c(working copy) @@ -192,7 +192,7 @@ } else { -if (host-hostname (!hg_valid_ip_addr (host-hostname))) +if (host-hostname) { strncpy (hostname, host-hostname, sz - 1); } as I don't thing that hostname has to be a valid IP address. The only comment I could found about this code was the following commit message First set of changes to openvas-libraries towards IPv6 support. Rm4dillo On Thu, Jun 21, 2012 at 11:41 AM, rm4dillo D rm4di...@gmail.com wrote: Great ! Thank you ! On Tue, Jun 19, 2012 at 5:42 PM, Matthew Mundell matthew.mund...@greenbone.net wrote: I've been trying to create a target using the following hostname a.b.c.example.com (4 dots) but it didn't work while b.c.example.com (3 dots) works. This seems to be due to the following check which is mistakenly applied even if the host is alphanumeric. I think it should be moved somewhere deeper in validate_host. openvas-manager-3.0.1-modified/src/manage_sql.c (validate_host): 21448 : if (g_strv_length (split) 4) 21449 : return 1; Thanks. That was solved in trunk r13492 on 2012-05-24. I've now backported to the openvas-manager-3.0 branch (r13621) so it should appear in the next stable release. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Pavlik Juan José ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scanning a hostname with more then three dots
Glad to know that it helped you. I don't think that you need to modify the nikto nasl script to use host's name instead of ip address. On Mon, Jul 16, 2012 at 9:28 PM, Juan José Pavlik Salles jjpav...@gmail.com wrote: rm4dillo, you have no idea how much work you saved me with this patch!!! Now i can scan vhosts by creating one target per vhost i have. Thanks Now i need that the nikto nasl uses that hostname instead of the ip addr. 2012/6/21 rm4dillo D rm4di...@gmail.com Well, after fixing this bug, I encountered a second issue ; the scanner overwrites my target's hostname by performing a reverse lookup on it's IP address ( www.target.com == lookup == 123.123.123.123 == reverse lookup == virtual.hosting.com). I was able to fix this by applying the following patch : --- hosts_gatherer.c(revision 13635) +++ hosts_gatherer.c(working copy) @@ -192,7 +192,7 @@ } else { -if (host-hostname (!hg_valid_ip_addr (host-hostname))) +if (host-hostname) { strncpy (hostname, host-hostname, sz - 1); } as I don't thing that hostname has to be a valid IP address. The only comment I could found about this code was the following commit message First set of changes to openvas-libraries towards IPv6 support. Rm4dillo On Thu, Jun 21, 2012 at 11:41 AM, rm4dillo D rm4di...@gmail.com wrote: Great ! Thank you ! On Tue, Jun 19, 2012 at 5:42 PM, Matthew Mundell matthew.mund...@greenbone.net wrote: I've been trying to create a target using the following hostname a.b.c.example.com (4 dots) but it didn't work while b.c.example.com (3 dots) works. This seems to be due to the following check which is mistakenly applied even if the host is alphanumeric. I think it should be moved somewhere deeper in validate_host. openvas-manager-3.0.1-modified/src/manage_sql.c (validate_host): 21448 : if (g_strv_length (split) 4) 21449 : return 1; Thanks. That was solved in trunk r13492 on 2012-05-24. I've now backported to the openvas-manager-3.0 branch (r13621) so it should appear in the next stable release. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Pavlik Juan José ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scanning a hostname with more then three dots
rm4dillo, you have no idea how much work you saved me with this patch!!! Now i can scan vhosts by creating one target per vhost i have. Thanks Now i need that the nikto nasl uses that hostname instead of the ip addr. 2012/6/21 rm4dillo D rm4di...@gmail.com Well, after fixing this bug, I encountered a second issue ; the scanner overwrites my target's hostname by performing a reverse lookup on it's IP address ( www.target.com == lookup == 123.123.123.123 == reverse lookup == virtual.hosting.com). I was able to fix this by applying the following patch : --- hosts_gatherer.c(revision 13635) +++ hosts_gatherer.c(working copy) @@ -192,7 +192,7 @@ } else { -if (host-hostname (!hg_valid_ip_addr (host-hostname))) +if (host-hostname) { strncpy (hostname, host-hostname, sz - 1); } as I don't thing that hostname has to be a valid IP address. The only comment I could found about this code was the following commit message First set of changes to openvas-libraries towards IPv6 support. Rm4dillo On Thu, Jun 21, 2012 at 11:41 AM, rm4dillo D rm4di...@gmail.com wrote: Great ! Thank you ! On Tue, Jun 19, 2012 at 5:42 PM, Matthew Mundell matthew.mund...@greenbone.net wrote: I've been trying to create a target using the following hostname a.b.c.example.com (4 dots) but it didn't work while b.c.example.com (3 dots) works. This seems to be due to the following check which is mistakenly applied even if the host is alphanumeric. I think it should be moved somewhere deeper in validate_host. openvas-manager-3.0.1-modified/src/manage_sql.c (validate_host): 21448 : if (g_strv_length (split) 4) 21449 : return 1; Thanks. That was solved in trunk r13492 on 2012-05-24. I've now backported to the openvas-manager-3.0 branch (r13621) so it should appear in the next stable release. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Pavlik Juan José ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scanning a hostname with more then three dots
Great ! Thank you ! On Tue, Jun 19, 2012 at 5:42 PM, Matthew Mundell matthew.mund...@greenbone.net wrote: I've been trying to create a target using the following hostname a.b.c.example.com (4 dots) but it didn't work while b.c.example.com (3 dots) works. This seems to be due to the following check which is mistakenly applied even if the host is alphanumeric. I think it should be moved somewhere deeper in validate_host. openvas-manager-3.0.1-modified/src/manage_sql.c (validate_host): 21448 : if (g_strv_length (split) 4) 21449 : return 1; Thanks. That was solved in trunk r13492 on 2012-05-24. I've now backported to the openvas-manager-3.0 branch (r13621) so it should appear in the next stable release. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scanning a hostname with more then three dots
Well, after fixing this bug, I encountered a second issue ; the scanner overwrites my target's hostname by performing a reverse lookup on it's IP address ( www.target.com == lookup == 123.123.123.123 == reverse lookup == virtual.hosting.com). I was able to fix this by applying the following patch : --- hosts_gatherer.c(revision 13635) +++ hosts_gatherer.c(working copy) @@ -192,7 +192,7 @@ } else { -if (host-hostname (!hg_valid_ip_addr (host-hostname))) +if (host-hostname) { strncpy (hostname, host-hostname, sz - 1); } as I don't thing that hostname has to be a valid IP address. The only comment I could found about this code was the following commit message First set of changes to openvas-libraries towards IPv6 support. Rm4dillo On Thu, Jun 21, 2012 at 11:41 AM, rm4dillo D rm4di...@gmail.com wrote: Great ! Thank you ! On Tue, Jun 19, 2012 at 5:42 PM, Matthew Mundell matthew.mund...@greenbone.net wrote: I've been trying to create a target using the following hostname a.b.c.example.com (4 dots) but it didn't work while b.c.example.com (3 dots) works. This seems to be due to the following check which is mistakenly applied even if the host is alphanumeric. I think it should be moved somewhere deeper in validate_host. openvas-manager-3.0.1-modified/src/manage_sql.c (validate_host): 21448 : if (g_strv_length (split) 4) 21449 : return 1; Thanks. That was solved in trunk r13492 on 2012-05-24. I've now backported to the openvas-manager-3.0 branch (r13621) so it should appear in the next stable release. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Scanning a hostname with more then three dots
Hi, I've been trying to create a target using the following hostname a.b.c.example.com (4 dots) but it didn't work while b.c.example.com (3 dots) works. This seems to be due to the following check which is mistakenly applied even if the host is alphanumeric. I think it should be moved somewhere deeper in validate_host. openvas-manager-3.0.1-modified/src/manage_sql.c (validate_host): 21448 : if (g_strv_length (split) 4) 21449 : return 1; Rm4dillo ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Scanning a hostname with more then three dots
I've been trying to create a target using the following hostname a.b.c.example.com (4 dots) but it didn't work while b.c.example.com (3 dots) works. This seems to be due to the following check which is mistakenly applied even if the host is alphanumeric. I think it should be moved somewhere deeper in validate_host. openvas-manager-3.0.1-modified/src/manage_sql.c (validate_host): 21448 : if (g_strv_length (split) 4) 21449 : return 1; Thanks. That was solved in trunk r13492 on 2012-05-24. I've now backported to the openvas-manager-3.0 branch (r13621) so it should appear in the next stable release. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss