[Openvas-commits] r1154 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Aug 21 14:43:26 CEST 2008 

Author: jan
Date: 2008-08-21 14:43:25 +0200 (Thu, 21 Aug 2008)
New Revision: 1154

Added:
   trunk/openvas-plugins/scripts/ossim_server_detect.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
* scripts/ossim_server_detect.nasl: New. Basic OSSIM server detection on default port.
Implemented by Ferdy Riphagen <f.riphagen at nsec.nl>.


Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-08-21 12:35:04 UTC (rev 1153)
+++ trunk/openvas-plugins/ChangeLog	2008-08-21 12:43:25 UTC (rev 1154)
@@ -1,3 +1,8 @@
+2008-08-21  Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>
+
+	* scripts/ossim_server_detect.nasl: New. Basic OSSIM server detection on default port.
+	Implemented by Ferdy Riphagen <f.riphagen at nsec.nl>.
+
 2008-08-19   Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/secpod_ms08-048_900031.nasl,

Added: trunk/openvas-plugins/scripts/ossim_server_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ossim_server_detect.nasl	2008-08-21 12:35:04 UTC (rev 1153)
+++ trunk/openvas-plugins/scripts/ossim_server_detect.nasl	2008-08-21 12:43:25 UTC (rev 1154)
@@ -0,0 +1,65 @@
+#
+# Script Written By Ferdy Riphagen 
+# Script distributed under the GNU GPLv2 License. 
+#
+
+if (description) {
+ script_id(9000001);
+ script_version("$Revision: 1.0 $");
+ name["english"] = "OSSIM Server Detection";
+ script_name(english:name["english"]);
+ desc["english"] = "
+Synopsis :
+
+A OSSIM server is listening on the remote system. 
+
+Description :
+
+The remote system is running an OSSIM server. OSSIM (Open Source
+Security Information Management) is a centralized security management 
+information system. 
+
+See also :
+
+http://www.ossim.net
+
+Solution :
+
+If possible, filter incoming connections to the service so that it is
+used by trusted sources only.
+
+Risk factor :
+
+None";
+ script_description(english:desc["english"]);
+ summary["english"] = "Checks for a OSSIM server on the default port tcp/40001";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2007 Ferdy Riphagen");
+
+ script_dependencies("find_service1.nasl");
+ script_require_ports("Services/unknown", 40001);
+ exit(0);
+}
+
+include("misc_func.inc");
+
+port = get_unknown_svc(40001);
+if (!port) port = 40001;
+if (known_service(port:port)) exit(0);
+if (!get_port_state(port)) exit(0);
+soc = open_sock_tcp(port);
+if (soc) { 
+	rand = rand() % 10;
+	data = 'connect id="' + rand + '" type="sensor"\n'; 
+	send(socket:soc, data:data);
+	recv = recv(socket:soc, length:64);
+
+	if (recv == 'ok id="' + rand + '"\n') {
+		security_note(port:port);
+		register_service(port:port, ipproto:"tcp", proto:"ossim_server");
+	}
+}
+exit(0);

More information about the Openvas-commits mailing list