[Openvas-commits] r1344 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Sep 15 15:02:06 CEST 2008


Author: timb
Date: 2008-09-15 15:02:04 +0200 (Mon, 15 Sep 2008)
New Revision: 1344

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/ike-scan.nasl
Log:
Completely rewritten, it will now attempt to enumerate supported cipher suites, bruteforce valid groupnames and fingerprint any endpoint identified


Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-09-14 15:36:19 UTC (rev 1343)
+++ trunk/openvas-plugins/ChangeLog	2008-09-15 13:02:04 UTC (rev 1344)
@@ -1,47 +1,60 @@
+2008-09-14 Tim Brown <timb at nth-dimension.org.uk>
+
+	* scripts/ike-scan.nasl: Completely rewritten, it will now
+	attempt to enumerate supported cipher suites, bruteforce
+	valid groupnames and fingerprint any endpoint identified.
+
+	* ChangeLog: Tidied.
+
 2008-09-12 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/secpod_ssh_sys_info.nasl:
-	  Removed secpod_ssh_sys_info.nasl	
+	Removed secpod_ssh_sys_info.nasl.
 
 2008-09-12  Thomas Reinke <reinke at securityspace.com>
-	* Fixed apache_access_wo_netmask.nasl to rely on
-	gather-package-list.nasl and kb entry created by it.
 
+	* scripts/apache_access_wo_netmask.nasl: Fixed apache_access_wo_netmask.nasl
+	to rely on gather-package-list.nasl and kb entry created by it.
+
 2008-09-12  Thomas Reinke <reinke at securityspace.com>
-	* scripts/freebsd* fixed revcomp function call names that
-	were incorrectly converted from secspace's proprietary fn call names
 
+	* scripts/freebsd*: Fixed revcomp function call names that
+	were incorrectly converted from secspace's proprietary function
+	call names.
+
 2008-09-11 Chandrashekhar B <bchandra at secpod.com>
-         * scripts/gather-package-list.nasl:
-          Modified to include \n character in all 'rpm -qa'
-          queries
+
+	* scripts/gather-package-list.nasl:
+	Modified to include \n character in all 'rpm -qa'
+	queries.
  
-        * scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl,
-          scripts/secpod_wireshark_mult_vuln_sept08_lin_900213.nasl,
-          scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl,
-          scripts/secpod_opera_mult_vuln_aug08_lin_900039.nasl,
-          scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl,
-          scripts/secpod_openoffice_code_exec_vuln_lin_900043.nasl,
-          scripts/remote-detect-sybase-easerver-mgmt.nasl,
-          scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl,
-          scripts/secpod_opera_detection_linux_900037.nasl,
-          scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl,
-          scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl,
-          scripts/secpod_python_mult_vuln_lin_900106.nasl,
-          scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl,
-          scripts/secpod_novell_edir_mult_vuln_linux_900210.nasl:
-          Updated as per the new gather-package-list.nasl
- 
-        * scripts/pirelli_router_default_password.nasl,
-          scripts/remote-detect-filemaker.nasl,
-          scripts/remote-detect-sybase-easerver.nasl:
-          Corrected script parse errors
- 
-        * scripts/telnet_func.inc,
-          scripts/http_keepalive.inc,
-          scripts/misc_func.inc:
-          Merged with the GPL 2006 release scripts, that included fixes and
-          new functions.
+	* scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl,
+	scripts/secpod_wireshark_mult_vuln_sept08_lin_900213.nasl,
+	scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl,
+	scripts/secpod_opera_mult_vuln_aug08_lin_900039.nasl,
+	scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl,
+	scripts/secpod_openoffice_code_exec_vuln_lin_900043.nasl,
+	scripts/remote-detect-sybase-easerver-mgmt.nasl,
+	scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl,
+	scripts/secpod_opera_detection_linux_900037.nasl,
+	scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl,
+	scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl,
+	scripts/secpod_python_mult_vuln_lin_900106.nasl,
+	scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl,
+	scripts/secpod_novell_edir_mult_vuln_linux_900210.nasl:
+	Updated as per the new gather-package-list.nasl.
 
+	* scripts/pirelli_router_default_password.nasl,
+	scripts/remote-detect-filemaker.nasl,
+	scripts/remote-detect-sybase-easerver.nasl:
+	Corrected script parse errors.
+
+	* scripts/telnet_func.inc,
+	scripts/http_keepalive.inc,
+	scripts/misc_func.inc:
+	Merged with the GPL 2006 release scripts, that included fixes and
+	new functions.
+
 2008-09-12  Michael Wiegand <michael.wiegand at intevation.de>
 
 	* scripts/gather-package-list.nasl: Merged functionality from -sigkeyid
@@ -50,120 +63,123 @@
 	* scripts/gather-package-list-sigkeyid.nasl: Removed.
 
 2008-09-11  Thomas Reinke <reinke at securityspace.com>
-	* scripts/pkg-lib-rpm.inc: added to provide template
-	for parsing and checking rpm versions
 
-2008-09-09   Vlatko Kosturjak <kost at linux.hr>
+	* scripts/pkg-lib-rpm.inc: Added to provide template
+	for parsing and checking rpm versions.
 
+2008-09-09  Vlatko Kosturjak <kost at linux.hr>
+
 	* scripts/ike-scan.nasl: fix false positive if the ike-scan
 	is executing on the same box as openvas, added more options
-	to pass to ike-scan (like -2 for IKE v2)
+	to pass to ike-scan (like -2 for IKE v2).
 
 2008-09-10 Chandrashekhar B <bchandra at secpod.com>
+
 	* scripts/secpod_ms08-054_900045.nasl,
-	  scripts/secpod_wireshark_mult_vuln_sept08_lin_900213.nasl,
-	  scripts/secpod_google_chrome_mult_vuln_900214.nasl,
-	  scripts/secpod_ms_org_chart_remote_code_exe_vuln_900120.nasl,
-	  scripts/secpod_softalk_mail_serv_imap_dos_vuln_900119.nasl,
-	  scripts/secpod_ms08-053_900044.nasl,
-	  scripts/secpod_wireshark_mult_vuln_sept08_win_900212.nasl,
-	  scripts/secpod_ms08-055_900046.nasl: 
-	  New Plugins added, including MS Bulletins Sept08
+	scripts/secpod_wireshark_mult_vuln_sept08_lin_900213.nasl,
+	scripts/secpod_google_chrome_mult_vuln_900214.nasl,
+	scripts/secpod_ms_org_chart_remote_code_exe_vuln_900120.nasl,
+	scripts/secpod_softalk_mail_serv_imap_dos_vuln_900119.nasl,
+	scripts/secpod_ms08-053_900044.nasl,
+	scripts/secpod_wireshark_mult_vuln_sept08_win_900212.nasl,
+	scripts/secpod_ms08-055_900046.nasl: 
+	New Plugins added, including MS Bulletins Sept 08.
 
 2008-09-10 Chandrashekhar B <bchandra at secpod.com>
+	
 	* scripts/smb_nt_ms03-041.nasl,
-	  scripts/smb_nt_ms03-007.nasl,
-	  cripts/smb_nt_ms02-009.nasl,
-	  scripts/trillian_installed.nasl,
-	  scripts/aol_installed.nasl,
-	  scripts/zone_alarm_local_dos.nasl,
-	  scripts/smb_nt_ms03-045.nasl,
-	  scripts/smb_nt_ms04-026.nasl,
-	  scripts/smb_nt_ms02-050.nasl,
-	  scripts/smb_xp_ms01-059.nasl,
-	  scripts/smb_nt_ms02-016.nasl,
-	  scripts/smb_nt_ms02-071.nasl,
-	  scripts/smb_nt_ms02-054.nasl,
-	  scripts/smb_nt_ms04-016.nasl,
-	  scripts/smb_nt_ms02-006.nasl,
-	  scripts/smb_nt_ms03-042.nasl,
-	  scripts/smb_nt_ms02-048.nasl,
-	  scripts/securecrt_remote_overflow.nasl,
-	  scripts/smb_nt_ms02-051.nasl,
-	  scripts/smb_nt_ms02-017.nasl,
-	  scripts/smb_nt_ms02-072.nasl,
-	  scripts/smb_nt_ms02-055.nasl,
-	  scripts/smb_nt_ms02-024.nasl,
-	  scripts/smb_nt_ms03-005.nasl,
-	  scripts/smb_nt_ms03-043.nasl,
-	  scripts/plaxo_installed.nasl,
-	  scripts/smb_nt_ms02-052.nasl,
-	  scripts/mercora_imradio_installed.nasl,
-	  scripts/smb_nt_ms02-018.nasl,
-	  scripts/smb_nt_kb870669.nasl,
-	  scripts/smb_nt_ms02-042.nasl,
-	  scripts/smb_nt_ms03-023.nasl,
-	  scripts/smb_nt_ms02-025.nasl,
-	  scripts/smb_nt_ms02-008.nasl,
-	  scripts/quicktime_heap_overflow.nasl,
-	  scripts/smb_nt_ms04-039.nasl,
-	  scripts/smb_nt_ms02-063.nasl,
-	  scripts/sophos_installed.nasl,
-	  scripts/smb_nt_ms02-070.nasl,
-	  scripts/smb_nt_ms04-029.nasl,
-	  scripts/smb_nt_ms04-001.nasl,
-	  scripts/smb_nt_ms02-005.nasl:
-	  Modified smb_hotfixes.nasl and smb_reg.inc to
-	  secpod_reg_enum.nasl and secpod_reg.inc as they 
-	  are re-written
+	scripts/smb_nt_ms03-007.nasl,
+	cripts/smb_nt_ms02-009.nasl,
+	scripts/trillian_installed.nasl,
+	scripts/aol_installed.nasl,
+	scripts/zone_alarm_local_dos.nasl,
+	scripts/smb_nt_ms03-045.nasl,
+	scripts/smb_nt_ms04-026.nasl,
+	scripts/smb_nt_ms02-050.nasl,
+	scripts/smb_xp_ms01-059.nasl,
+	scripts/smb_nt_ms02-016.nasl,
+	scripts/smb_nt_ms02-071.nasl,
+	scripts/smb_nt_ms02-054.nasl,
+	scripts/smb_nt_ms04-016.nasl,
+	scripts/smb_nt_ms02-006.nasl,
+	scripts/smb_nt_ms03-042.nasl,
+	scripts/smb_nt_ms02-048.nasl,
+	scripts/securecrt_remote_overflow.nasl,
+	scripts/smb_nt_ms02-051.nasl,
+	scripts/smb_nt_ms02-017.nasl,
+	scripts/smb_nt_ms02-072.nasl,
+	scripts/smb_nt_ms02-055.nasl,
+	scripts/smb_nt_ms02-024.nasl,
+	scripts/smb_nt_ms03-005.nasl,
+	scripts/smb_nt_ms03-043.nasl,
+	scripts/plaxo_installed.nasl,
+	scripts/smb_nt_ms02-052.nasl,
+	scripts/mercora_imradio_installed.nasl,
+	scripts/smb_nt_ms02-018.nasl,
+	scripts/smb_nt_kb870669.nasl,
+	scripts/smb_nt_ms02-042.nasl,
+	scripts/smb_nt_ms03-023.nasl,
+	scripts/smb_nt_ms02-025.nasl,
+	scripts/smb_nt_ms02-008.nasl,
+	scripts/quicktime_heap_overflow.nasl,
+	scripts/smb_nt_ms04-039.nasl,
+	scripts/smb_nt_ms02-063.nasl,
+	scripts/sophos_installed.nasl,
+	scripts/smb_nt_ms02-070.nasl,
+	scripts/smb_nt_ms04-029.nasl,
+	scripts/smb_nt_ms04-001.nasl,
+	scripts/smb_nt_ms02-005.nasl:
+	Modified smb_hotfixes.nasl and smb_reg.inc to
+	secpod_reg_enum.nasl and secpod_reg.inc as they 
+	are re-written.
 
 2008-09-10 Tim Brown <timb at nth-dimension.org.uk>
 
 	* openvas-nvt-sync.in: Fixed rsync options not to trust remote
-        group and user.
+	group and user.
 
 	* ChangeLog: Tidied.
 
 2008-09-10 Chandrashekhar B <bchandra at secpod.com>
 	
 	* scripts/smb_login.nasl,
-	  scripts/smb_registry_access.nasl:
-	 Added re-written scripts, keeping the file names as original for
-	 backward compatibility.
+	scripts/smb_registry_access.nasl:
+	Added re-written scripts, keeping the file names as original for
+	backward compatibility.
 
 	* scripts/java_jre_jdk_dos.nasl,
-	  scripts/W32.Sasser.Worm.nasl,
-	  scripts/js.scob.trojan.nasl,
-	  scripts/secpod_apple_safari_detect_win_900003.nasl,
-	  scripts/secpod_reg_enum.nasl,
-          scripts/mssql_version.nasl,
-          scripts/smb_nt_ms03-009.nasl,
-          scripts/ gator.nasl:
-	 Changed the dependency from smb_registry_full_access.nasl to
-	 smb_registry_access.nasl as the KB item is implemented in the
-	 latter.  
+	scripts/W32.Sasser.Worm.nasl,
+	scripts/js.scob.trojan.nasl,
+	scripts/secpod_apple_safari_detect_win_900003.nasl,
+	scripts/secpod_reg_enum.nasl,
+	scripts/mssql_version.nasl,
+	scripts/smb_nt_ms03-009.nasl,
+	scripts/gator.nasl:
+	Changed the dependency from smb_registry_full_access.nasl to
+	smb_registry_access.nasl as the KB item is implemented in the
+	latter.  
 
 2008-09-09  Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>.
 
-        * scripts/samba_CB-A08-0085.nasl: Changed proto.
+	* scripts/samba_CB-A08-0085.nasl: Changed proto.
 
         * scripts/smbcl_func: Added function check_smbcl() for easy
-          smbclient/win check. Added function to all scripts using 
-          smbcl_func.inc.
+	smbclient/win check. Added function to all scripts using 
+	smbcl_func.inc.
 
-        * scripts/libpng_CB-A08-0064.nasl: Fixed proto.
+	* scripts/libpng_CB-A08-0064.nasl: Fixed proto.
 
-        * scripts/smbcl_openoffice_CB-A08-0068.nasl: New.
+	* scripts/smbcl_openoffice_CB-A08-0068.nasl: New.
 
-        * scripts/version_func.inc: Changed function find_file.
+	* scripts/version_func.inc: Changed function find_file.
 
-        * scripts/gnutls_CB-A08-0079.nasl: Fixed script_dependencies.
+	* scripts/gnutls_CB-A08-0079.nasl: Fixed script_dependencies.
 
-        * scripts/openoffice_CB-A08-0068.nasl: New.
+	* scripts/openoffice_CB-A08-0068.nasl: New.
 
-        * scripts/smbcl_mozilla.nasl: Removed win_dir check, cosmetics.
+	* scripts/smbcl_mozilla.nasl: Removed win_dir check, cosmetics.
 
-2008-09-09   Vlatko Kosturjak <kost at linux.hr>
+2008-09-09  Vlatko Kosturjak <kost at linux.hr>
 
 	* Added contribution from Christian Eric Edjenguele
 	remote-detect-filemaker.nasl: New.
@@ -172,7 +188,7 @@
 	remote-detect-sybase-easerver.nasl: New.
 	remote-MS00-006.nasl: New.
 
-2008-09-09   Vlatko Kosturjak <kost at linux.hr>
+2008-09-09  Vlatko Kosturjak <kost at linux.hr>
 
 	* scripts/ike-scan.nasl scripts/portbunny.nasl scripts/pnscan.nasl:
 	added correct script_id.
@@ -192,15 +208,15 @@
 2008-09-08  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/secpod_ssh_sys_info.nasl:
-	  Changed the dependency to ssh_authorization.nasl.
+	Changed the dependency to ssh_authorization.nasl.
 
 2008-09-06  Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>.
 
-        * scripts/samba_CB-A08-0085.nasl: New.
+	* scripts/samba_CB-A08-0085.nasl: New.
 
-        * scripts/smbcl_gnutls_CB-A08-0079.nasl: New.
+	* scripts/smbcl_gnutls_CB-A08-0079.nasl: New.
 
-        * scripts/win_CVE-2007-0043.nasl familiy changed to Windows.
+	* scripts/win_CVE-2007-0043.nasl familiy changed to Windows.
 
         * scripts/smbcl_func.inc changed get_host_name() to get_host_ip().
 
@@ -215,7 +231,7 @@
 2008-09-05  Chandrashekhar <bchandra at secpod.com>
 
 	* scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl,
-        scripts/secpod_hp_openview_nnm_dos_vuln_900211.nasl:
+	scripts/secpod_hp_openview_nnm_dos_vuln_900211.nasl:
 	Added new plugins.
 
 2008-09-04  Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>.
@@ -811,7 +827,7 @@
 2008-09-04  Thomas Reinke <reinke at securityspace.com>
 
 	* deb_1629_1.nasl deb_1629_2.nasl deb_1630_1.nasl deb_1631_1.nasl
-	  New debian scripts.
+	New debian scripts.
 
 2008-09-04   Vlatko Kosturjak <kost at linux.hr>
 
@@ -844,55 +860,55 @@
 	* scripts/kiwi_cattools_dir_traversal.nasl: changed ID to fit a loose
 	scheme for contributors.
 
-2008-09-02 Chandrashekhar B <bchandra at secpod.com>
+2008-09-02  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/secpod_dotproject_mult_xss_n_sql_inj_vuln_900116.nasl,
-	  scripts/secpod_novell_edir_mult_vuln_linux_900210.nal,
-	  scripts/secpod_novell_edir_mult_vuln_win_900209.nasl:
-	  Added new plugins.
+	scripts/secpod_novell_edir_mult_vuln_linux_900210.nal,
+	scripts/secpod_novell_edir_mult_vuln_win_900209.nasl:
+	Added new plugins.
 
-2008-09-02 Chandrashekhar B <bchandra at secpod.com>
+2008-09-02  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl,
-	  scripts/secpod_opera_detection_linux_900037.nasl,
-	  scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl,
-	  scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl,
-	  scripts/secpod_python_mult_vuln_lin_900106.nasl,
-	  scripts/secpod_ssh_sys_info.nasl,
-	  scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl,
-	  scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl:
-	  Updated the dependent plugins for changes in secpod_ssh_sys_info.nasl.
+	scripts/secpod_opera_detection_linux_900037.nasl,
+	scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl,
+	scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl,
+	scripts/secpod_python_mult_vuln_lin_900106.nasl,
+	scripts/secpod_ssh_sys_info.nasl,
+	scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl,
+	scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl:
+	Updated the dependent plugins for changes in secpod_ssh_sys_info.nasl.
 
 2008-09-02 Chandrashekhar B <bchandra at secpod.com>
 	
 	* scripts/secpod_anzio_web_print_obj_bof_vuln_900115.nasl,
-	  scripts/secpod_eset_smart_sec_local_prv_esc_vuln_900114.nasl,
-	  scripts/secpod_justsystems_ichitaro_code_exec_vuln_900207.nasl,
-	  scripts/secpod_openoffice_code_exec_vuln_lin_900043.nasl,
-	  scripts/secpod_openoffice_code_exec_vuln_win_900042.nasl,
-	  scripts/secpod_ultra_office_activex_control_mult_vuln_900208.nasl:
-	  Added new plugins.
+	scripts/secpod_eset_smart_sec_local_prv_esc_vuln_900114.nasl,
+	scripts/secpod_justsystems_ichitaro_code_exec_vuln_900207.nasl,
+	scripts/secpod_openoffice_code_exec_vuln_lin_900043.nasl,
+	scripts/secpod_openoffice_code_exec_vuln_win_900042.nasl,
+	scripts/secpod_ultra_office_activex_control_mult_vuln_900208.nasl:
+	Added new plugins.
 
-2008-09-01   Vlatko Kosturjak <kost at linux.hr>
+2008-09-01  Vlatko Kosturjak <kost at linux.hr>
 
 	* plugins/openvas_tcp_scanner/openvas_tcp_scanner.c,	
 	plugins/synscan/synscan.c:
 	commented out dependency on proprietary plugin (ping_host.nasl) 
 	in port scanners in C, once when we implement, we can uncomment it.
 
-2008-09-01   Vlatko Kosturjak <kost at linux.hr>
+2008-09-01  Vlatko Kosturjak <kost at linux.hr>
 
 	* scripts/snmpwalk_portscan.nasl, scripts/netstat_portscan.nasl: 
 	commented out dependency on proprietary plugin (ping_host.nasl) 
 	in other port scanners, once when we implement, we can uncomment it.
 
-2008-09-01   Vlatko Kosturjak <kost at linux.hr>
+2008-09-01  Vlatko Kosturjak <kost at linux.hr>
 
 	* scripts/amap.nasl, scripts/nmap.nasl: commented out dependency 
 	on proprietary plugin (ping_host.nasl), once when we implement, 
 	we can uncomment it.
 
-2008-09-01   Vlatko Kosturjak <kost at linux.hr>
+2008-09-01  Vlatko Kosturjak <kost at linux.hr>
 
 	* scripts/url_func.inc: removed TODO items as they are implemented,
 	thanks to Chandrashekhar.
@@ -901,46 +917,46 @@
 
 	* scripts/url_func.inc: Added URL Encode and Decode functions.
 
-2008-08-31   Vlatko Kosturjak <kost at linux.hr>
+2008-08-31  Vlatko Kosturjak <kost at linux.hr>
 
 	* scripts/ike-scan.nasl, scripts/pnscan.nasl, scripts/portbunny.nasl:
 	remove unneeded dependencies.
 
-2008-08-31   Vlatko Kosturjak <kost at linux.hr>
+2008-08-31  Vlatko Kosturjak <kost at linux.hr>
 
 	* scripts/url_func.inc: started implementation of standard  
 	(nessus compatible) URL library of functions
 	code taken from amap.nasl from svn of openvas-plugins
 	(Revision: 1257).
 
-2008-08-31   Vlatko Kosturjak <kost at linux.hr>
+2008-08-31  Vlatko Kosturjak <kost at linux.hr>
 
 	* scripts/ike-scan.nasl, scripts/pnscan.nasl, scripts/portbunny.nasl:
 	added support for two more TCP port scanners (as NASL wrappers)
 	and one for IKE (VPN's).
 
-2008-08-28   Vlatko Kosturjak <kost at linux.hr>
+2008-08-28  Vlatko Kosturjak <kost at linux.hr>
 
 	* plugins/openvas_tcp_scanner/openvas_tcp_scanner.c: added
 	support to run openvas_tcp_scanner as standalone scanner
 	for easier debugging (taken from nessus release 2.2.11 GPL).
 
-2008-08-28   Chandrashekhar B <bchandra at secpod.com>
+2008-08-28  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/ssh_func.inc: Removed 'Nessus' comments
 	and retained other changes in ssh_cmd() and
 	ssh_reuse_connection().
 
-2008-08-27   Chandrashekhar B <bchandra at secpod.com>
+2008-08-27  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/smb_reg_service_pack.nasl: New. Added with number
 	of modifications from the original GPL.
 
-2008-08-27   Chandrashekhar B <bchandra at secpod.com>
+2008-08-27  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/ssh_func.inc: Bug fixes.
 
-2008-08-27   Chandrashekhar B <bchandra at secpod.com>
+2008-08-27  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/secpod_novell_iprint_client_actvx_mult_vuln_900040.nasl,
 	scripts/secpod_trendmicro_officescan_auth_bypass_vuln_900205.nasl,
@@ -980,7 +996,7 @@
 	* scripts/clamav-CB-A08-0001.nasl: only if verbose report requested,
 	display informational messages.
 
-2008-08-22   Chandrashekhar B <bchandra at secpod.com>
+2008-08-22  Chandrashekhar B <bchandra at secpod.com>
 
 	* secpod_adobe_presenter_xss_vuln_900110.nasl,
 	scripts/secpod_apache_mod_proxy_ftp_xss_vuln_900107.nasl,
@@ -1023,15 +1039,15 @@
 	scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl:
 	Added new plugins
 
-2008-08-22   Chandrashekhar B <bchandra at secpod.com>
+2008-08-22  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/secpod_apache_tomcat_xss_n_bypass_vuln_900021.nasl: Updated.
 
-2008-08-22   Chandrashekhar B <bchandra at secpod.com>
+2008-08-22  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/secpod_smb_func.inc: Enhanced to consider ',' in file versions.
 
-2008-08-22   Chandrashekhar B <bchandra at secpod.com>
+2008-08-22  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/smb_nt.inc: Minor bug fixes and formatting changes.
 

Modified: trunk/openvas-plugins/scripts/ike-scan.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ike-scan.nasl	2008-09-14 15:36:19 UTC (rev 1343)
+++ trunk/openvas-plugins/scripts/ike-scan.nasl	2008-09-15 13:02:04 UTC (rev 1344)
@@ -1,166 +1,302 @@
-# This script was written by Vlatko Kosturjak <kost at linux.hr>
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: ike-scan (NASL wrapper)
 #
-# Distributed under GPL v2+
+# Authors:
+# Vlatko Kosturjak <kost at linux.hr> (Original development)
+# Tim Brown <timb at nth-dimension.org.uk> (Complete rewrite)
 #
-# TODO:
-# - script_oid
-# - references to vulns
-# - sign the script
+# Copyright:
+# Copyright (c) 2008 Vlatko Kosturjak
+# Copyright (c) 2008 Tim Brown
+# Text descriptions are largerly excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Adapted code by from Hackin9/Uncon, and ported to perl and then NASL.
+# Additional checks curtesy of NTA Monitor wiki at:
+# <http://www.nta-monitor.com/wiki/index.php/Ike-scan_User_Guide>
+#
+# To do:
+# * Script OIDs
+# * Reference to known vulnerabilities
+# * IKE v2 (not yet fully supported by ike-scan)
+# * IKE over TCP
+# * NAT-Traversal (RFC 3947)
+# * Support for known vendor IDs
+# * PSK crack
+#
+# Tested against Racoon and Openswan
 
-if ( ! defined_func("pread") || ! defined_func("fread") ||
-     ! defined_func("get_preference") ) exit(0);
-if ( ! find_in_path("ike-scan") ) exit(0);
-
-
-if(description)
+if (description)
 {
- script_id(80000);
- script_version ("1.12");
- name["english"] = "ike-scan (NASL wrapper)";
- script_name(english:name["english"]);
- 
- desc["english"] = "
-This plugin runs ike-scan to identify open VPN's.
-See the section 'plugins options' to configure it
+	script_id(80000);
+	name["english"] = "ike-scan (NASL wrapper)";
+	script_name(english:name["english"]);
+	desc["english"] = "ike-scan (NASL wrapper)
 
-";
+	This plugin runs ike-scan to identify IPSEC VPN endpoints.  It will attempt to enumerate supported cipher suites, bruteforce valid groupnames and fingerprint any endpoint identified.
 
- script_description(english:desc["english"]);
- 
- summary["english"] = "Performs portscan";
- script_summary(english:summary["english"]);
- 
- script_category(ACT_SCANNER);
- 
- script_copyright(english:"This script is Copyright (C) 2008 Vlatko Kosturjak");
- family["english"] = "Port scanners";
- family["francais"] = "Scanners de ports";
- script_family(english:family["english"], francais:family["francais"]);
-
- if (NASL_LEVEL < 2181) exit(0);	# Cannot run
-
- script_add_preference(name:"Run ike-scan in main mode", type:"checkbox", value: "yes");
- # aggressive mode is safe, so it's yes by default
- script_add_preference(name:"Run ike-scan in aggressive mode", type:"checkbox", value: "yes");
- script_add_preference(name:"ike-scan use IKE v2", type:"checkbox", value: "no");
- script_add_preference(name:"ike-scan source port", type:"entry", value: "");
- script_add_preference(name:"ike-scan destination port", type:"entry", value: "");
- script_add_preference(name:"ike-scan retry", type:"entry", value: "");
- script_add_preference(name:"ike-scan timeout", type:"entry", value: "");
-
- exit(0);
+	See the section 'plugins options' to configure it";
+	script_description(english:desc["english"]);
+	summary["english"] = "Identifies IPSEC VPN endpoints";
+	script_summary(english:summary["english"]);
+	script_category(ACT_SCANNER);
+	family["english"] = "Port scanners";
+	family["francais"] = "Scanners de ports";
+	script_family(english:family["english"], francais:family["francais"]);
+	copyright = "(c) Tim Brown and Vlatko Kosturjak, 2008";
+	script_copyright(english:copyright);
+	# Not sure how much value there is in supporting IKE v2
+	#script_add_preference(name:"Use IKE v2", type:"checkbox", value:"no");
+	script_add_preference(name:"Source port number", type:"entry", value:"500");
+	script_add_preference(name:"Destination port number", type:"entry", value:"500");
+	script_add_preference(name:"Enable Aggressive Mode", type:"checkbox", value:"yes");
+	script_add_preference(name:"Enable Main Mode", type:"checkbox", value:"yes");
+	script_add_preference(name:"Enable fingerprint using Aggressive Mode", type:"checkbox", value:"yes");
+	script_add_preference(name:"Enable fingerprint using Main Mode", type:"checkbox", value:"yes");
+	script_add_preference(name:"Group names", type:"entry", value:"vpn");
+	# (["1", "DES"], ["2", "IDEA"], ["3", "Blowfish"], ["4", "RC5"], ["5", "3DES"], ["6", "CAST"], ["7/128", "AES-128"], ["7/196", "AES-196"], ["7/256", "AES-256"], ["8", "Camellia"]);
+	script_add_preference(name:"Encryption algorithms", type:"entry", value:"1,2,3,4,5,6,7/128,7/196,7/256,8");
+	# (["1", "MD5"], ["2", "SHA1"], ["3", "Tiger"], ["4", "SHA2-256"], ["5", "SHA2-384"], ["6", "SHA2-512"]);
+	script_add_preference(name:"Hash algorithms", type:"entry", value:"1,2,3,4,5,6");
+	# (["1", "PSK"], ["2", "DSS-Signature"], ["3", "RSA-Signature"], ["4", "RSA-Encryption"], ["5", "Revised-RSA-Encryption"], ["6", "ElGamel-Encryption"], ["7", "Revised-ElGamel-Encryption"], ["8", "ECDSA-Signature"], ["64221", "Hybrid"], ["65001", "XAUTH"]);
+	script_add_preference(name:"Authentication methods", type:"entry", value:"1,2,3,4,5,6,7,8,64221,65001");
+	# (["1", "MODP-768"], ["2", "MODP-1024"], ["3", "EC2N-155"], ["4", "EC2N-185"], ["5", "MODP-1536"]);
+	# technically we should do 1-20 <http://www.nta-monitor.com/wiki/index.php/Ike-scan_User_Guide#Diffie-Hellman_Group_Values> but that's a bitch
+	script_add_preference(name:"Diffie-Hellman groups", type:"entry", value:"1,2,3,4,5");
+	script_add_preference(name:"Maximum retry", type:"entry", value:"3");
+	script_add_preference(name:"Maximum timeout", type:"entry", value:"");
+	exit(0);
 }
 
-if (NASL_LEVEL < 2181 || ! defined_func("pread") || ! defined_func("get_preference"))
+if (!find_in_path("ike-scan"))
 {
-  set_kb_item(name: "/tmp/UnableToRun/99992", value: TRUE);
-  display("Script #99992 (ike-scan_wrapper) cannot run - upgrade libnasl\n");
-  exit(0);
+	set_kb_item(name:"/tmp/UnableToRun/80000", value:true);
+	exit(0);
 }
 
-ip = get_host_ip();
-esc_ip = ""; l = strlen(ip);
-for (i = 0; i < l; i ++) 
-  if (ip[i] == '.')
-    esc_ip = strcat(esc_ip, "\.");
-  else
-    esc_ip = strcat(esc_ip, ip[i]);
+encryptionalgorithmname["1"] = "DES";
+encryptionalgorithmname["2"] = "IDEA";
+encryptionalgorithmname["3"] = "Blowfish";
+encryptionalgorithmname["4"] = "RC5";
+encryptionalgorithmname["5"] = "3DES";
+encryptionalgorithmname["6"] = "CAST";
+encryptionalgorithmname["7/128"] = "AES-128";
+encryptionalgorithmname["7/196"] = "AES-196";
+encryptionalgorithmname["7/256"] = "AES-256";
+encryptionalgorithmname["8"] = "Camellia";
+hashalgorithmname["1"] = "MD5";
+hashalgorithmname["2"] = "SHA1";
+hashalgorithmname["3"] = "Tiger";
+hashalgorithmname["4"] = "SHA2-256";
+hashalgorithmname["5"] = "SHA2-384";
+hashalgorithmname["6"] = "SHA2-512";
+authenticationmethodname["1"] = "PSK";
+authenticationmethodname["2"] = "DSS-Signature";
+authenticationmethodname["3"] = "RSA-Signature";
+authenticationmethodname["4"] = "RSA-Encryption";
+authenticationmethodname["5"] = "Revised-RSA-Encryption";
+authenticationmethodname["6"] = "ElGamel-Encryption";
+authenticationmethodname["7"] = "Revised-ElGamel-Encryption";
+authenticationmethodname["8"] = "ECDSA-Signature";
+authenticationmethodname["64221"] = "Hybrid";
+authenticationmethodname["65001"] = "XAUTH";
+diffiehellmangroupname["1"] = "MODP-768";
+diffiehellmangroupname["2"] = "MODP-1024";
+diffiehellmangroupname["3"] = "EC2N-155";
+diffiehellmangroupname["4"] = "EC2N-185";
+diffiehellmangroupname["5"] = "MODP-1536";
 
- i = 0;
- argv[i++] = "ike-scan";
+function command_construct(_ike2flag, _sourceportnumber, _destinationportnumber, _checkmode, _fingerprintmode, _groupname, _encryptionalgorithm, _hashalgorithm, _authenticationmethod, _diffiehellmangroup, _maximumretry, _maximumtimeout, _destinationipaddress)
+{
+	_argumentcounter = 0;
+	_commandarguments[_argumentcounter ++] = "ike-scan";
+	# Not sure how much value there is in supporting IKE v2
+	#if (_ike2flag == "yes")
+	#{
+	#	_commandarguments[_argumentcounter ++] = "--ikev2";
+	#}
+	if (_sourceportnumber != "")
+	{
+		_commandarguments[_argumentcounter ++] = "--sport=" + _sourceportnumber;
+	}
+	if (_destinationportnumber != "")
+	{
+		_commandarguments[_argumentcounter ++] = "--dport=" + _destinationportnumber;
+	}
+	if (_checkmode != "")
+	{
+		_commandarguments[_argumentcounter ++] = _checkmode;
+	}
+	if (_fingerprintmode != "")
+	{
+		_commandarguments[_argumentcounter ++] = _fingerprintmode;
+	}
+	if (_groupname != "")
+	{
+		_commandarguments[_argumentcounter ++] = "--id=" + _groupname;
+	}
+	_commandarguments[_argumentcounter ++] = "--trans=" + _encryptionalgorithm + "," + _hashalgorithm + "," + _authenticationmethod + "," + _diffiehellmangroup;
+	if (_maximumretry)
+	{
+		_commandarguments[_argumentcounter ++] = "--retry=" + _maximumretry;
+	}
+	if (_maximumtimeout)
+	{
+		_commandarguments[_argumentcounter ++] = "--timeount=" + _maximumtimeout;
+	}
+	_commandarguments[_argumentcounter ++] = _destinationipaddress;
+	return _commandarguments;
+}
 
- ikem = script_get_preference("Run ike-scan in main mode");
- ikea = script_get_preference("Run ike-scan in aggressive mode");
- retry = script_get_preference("ike-scan retry");
- timeout = script_get_preference("ike-scan timeout");
- ikev2 = script_get_preference("ike-scan use IKE v2");
- srcport = script_get_preference("ike-scan source port");
- destport = script_get_preference("ike-scan destination port");
+function command_parse(_responsedata, _securitynote, _destinationipaddress)
+{
+	if ((_destinationipaddress >< _responsedata) && ("NO-PROPOSAL-CHOSEN" >!< _responsedata))
+	{
+		scanner_add_port(proto:"udp", port:500);
+		_data = "IPSEC VPN endpoint detected.
 
- if (destport) {
-	 argv[i++] = "-s";
-	 argv[i++] = srcport;
- } else {
-	destport=500;
- }
-	
- if (srcport) {
-	argv[i++] = "-s";
-	argv[i++] = srcport;
- } else {
-	srcport=500;
- }
+" + _securitynote + "
 
- # if test is running on the same box as server, skip running ike-scan
- # but report ike-scan finished
- if (islocalhost() && srcport==destport) {
-	ikea = 0; 
-	ikem = 0;
- }
+ike-scan returned:
 
- if (ikev2) {
-	argv[i++] = "-2";
- }
+" + _responsedata;
+		security_note(proto:"udp", port:500, data:_data);
+	}
+	else
+	{
+		if (_destinationipaddress >< _responsedata)
+		{
+			scanner_add_port(proto:"udp", port:500);
+		}
+	}
+}
 
- if (retry) {
-	argv[i++] = "-r";
-	argv[i++] = retry;
- }
+# Not sure how much value there is in supporting IKE v2
+#ike2flag = script_get_preference("Use IKE v2");
+sourceportnumber = script_get_preference("Source port number");
+destinationportnumber = script_get_preference("Destination port number");
+if (islocalhost() && (sourceportnumber == destinationportnumber)) {
+	scanner_status(current:4, total:4);
+	set_kb_item(name:"Host/scanned", value:TRUE);
+	set_kb_item(name:'Host/scanners/ike-scan', value:TRUE);
+	exit(0);
+}
+aggressivemodeflag = script_get_preference("Enable Aggressive Mode");
+mainmodeflag = script_get_preference("Enable Main Mode");
+fingerprintaggressivemodeflag = script_get_preference("Enable fingerprint using Aggressive Mode");
+fingerprintmainmodeflag = script_get_preference("Enable fingerprint using Main Mode");
+groupnames = script_get_preference("Group names");
+encryptionalgorithms = script_get_preference("Encryption algorithms");
+hashalgorithms = script_get_preference("Hash algorithms");
+authenticationmethods = script_get_preference("Authentication methods");
+diffiehellmangroups = script_get_preference("Diffie-Hellman groups");
+maximumretry = script_get_preference("Maximum retry");
+maximumtimeout = script_get_preference("Maximum timeout");
+destinationipaddress = get_host_ip();
+if (aggressivemodeflag == "yes")
+{	
+	foreach groupname (split(groupnames, sep:",", keep:FALSE))
+	{
+		foreach encryptionalgorithm (split(encryptionalgorithms, sep:",", keep:FALSE))
+		{
+			foreach hashalgorithm (split(hashalgorithms, sep:",", keep:FALSE))
+			{
+				foreach authenticationmethod (split(authenticationmethods, sep:",", keep:FALSE))
+				{
+					foreach diffiehellmangroup (split(diffiehellmangroups, sep:",", keep:FALSE))
+					{
+						commandarguments = command_construct(_ike2flag:ike2flag, _sourceportnumber:sourceportnumber, _destinationportnumber:destinationportnumber, _checkmode:"--aggressive", _groupname:groupname, _encryptionalgorithm:encryptionalgorithm, _hashalgorithm:hashalgorithm, _authenticationmethod:authenticationmethod, _diffiehellmangroup:diffiehellmangroup, _maximumretry:maximumretry, _maximumtimeout:maximumtimeout, _destinationipaddress:destinationipaddress);
+						responsedata = pread(cmd:"ike-scan", argv:commandarguments, cd:1, nice:5);
+						securitynote = "Aggressive Mode Handshaking succeeded using groupname=" + groupname + ", encryption algorithm=" + encryptionalgorithmname[encryptionalgorithm] + "(" + encryptionalgorithm + "), hash algorithm=" + hashalgorithmname[hashalgorithm] + "(" + hashalgorithm + "), authentication method=" + authenticationmethodname[authenticationmethod] + "(" + authenticationmethod + "), diffie-hellman group=" + diffiehellmangroupname[diffiehellmangroup] + "(" + diffiehellmangroup + ").
 
- if (timeout) {
-	argv[i++] = "-t";
-	argv[i++] = timeout;
- }
+Since the VPN endpoint answers to requests using IKE Aggressive Mode Handshaking, an attacker could potentially carry out a bruteforce attack against this host.";
+						command_parse(_responsedata:responsedata, _securitynote:securitynote, _destinationipaddress:destinationipaddress);
+					}
+				}
+			}
+		}
+	}
+}
+scanner_status(current:1, total:4);
+if (mainmodeflag == "yes")
+{
+	foreach encryptionalgorithm (split(encryptionalgorithms, sep:",", keep:FALSE))
+	{
+		foreach hashalgorithm (split(hashalgorithms, sep:",", keep:FALSE))
+		{
+			foreach authenticationmethod (split(authenticationmethods, sep:",", keep:FALSE))
+			{
+				foreach diffiehellmangroup (split(diffiehellmangroups, sep:",", keep:FALSE))
+				{
+					commandarguments = command_construct(_ike2flag:ike2flag, _sourceportnumber:sourceportnumber, _destinationportnumber:destinationportnumber, _checkmode:"", _groupname:"", _encryptionalgorithm:encryptionalgorithm, _hashalgorithm:hashalgorithm, _authenticationmethod:authenticationmethod, _diffiehellmangroup:diffiehellmangroup, _maximumretry:maximumretry, _maximumtimeout:maximumtimeout, _destinationipaddress:destinationipaddress);
+					responsedata = pread(cmd:"ike-scan", argv:commandarguments, cd:1, nice:5);
+					securitynote = "Main Mode Handshaking succeeded using groupname=" + groupname + ", encryption algorithm=" + encryptionalgorithmname[encryptionalgorithm] + "(" + encryptionalgorithm + "), hash algorithm=" + hashalgorithmname[hashalgorithm] + "(" + hashalgorithm + "), authentication method=" + authenticationmethodname[authenticationmethod] + "(" + authenticationmethod + "), diffie-hellman group=" + diffiehellmangroupname[diffiehellmangroup] + "(" + diffiehellmangroup + ").";
+					command_parse(_responsedata:responsedata, _securitynote:securitynote, _destinationipaddress:destinationipaddress);
+				}
+			}
+		}
+	}
+}
+scanner_status(current:2, total:4);
+if (fingerprintaggressivemodeflag == "yes")
+{
+	foreach groupname (split(groupnames, sep:",", keep:FALSE))
+	{
+		foreach encryptionalgorithm (split(encryptionalgorithms, sep:",", keep:FALSE))
+		{
+			foreach hashalgorithm (split(hashalgorithms, sep:",", keep:FALSE))
+			{
+				foreach authenticationmethod (split(authenticationmethods, sep:",", keep:FALSE))
+				{
+					foreach diffiehellmangroup (split(diffiehellmangroups, sep:",", keep:FALSE))
+					{
+						commandarguments = command_construct(_ike2flag:ike2flag, _sourceportnumber:sourceportnumber, _destinationportnumber:destinationportnumber, _checkmode:"--aggressive", _fingerprintmode:"--showbackoff", _groupname:groupname, _encryptionalgorithm:encryptionalgorithm, _hashalgorithm:hashalgorithm, _authenticationmethod:authenticationmethod, _diffiehellmangroup:diffiehellmangroup, _maximumretry:maximumretry, _maximumtimeout:maximumtimeout, _destinationipaddress:destinationipaddress);
+						responsedata = pread(cmd:"ike-scan", argv:commandarguments, cd:1, nice:5);
+						securitynote = "Fingerprinting Aggressive Mode succeeded using groupname=" + groupname + ", encryption algorithm=" + encryptionalgorithmname[encryptionalgorithm] + "(" + encryptionalgorithm + "), hash algorithm=" + hashalgorithmname[hashalgorithm] + "(" + hashalgorithm + "), authentication method=" + authenticationmethodname[authenticationmethod] + "(" + authenticationmethod + "), diffie-hellman group=" + diffiehellmangroupname[diffiehellmangroup] + "(" + diffiehellmangroup + ").
 
- j=i;
-
-# execute ike-scan in main mode
-if (ikem) {
- argv[i++] = ip;
-
- resm = pread(cmd: "ike-scan", argv: argv, cd: 1, nice: 5);
- foreach line(split(resm))
- {
-   v = eregmatch(string: line, pattern: '^'+esc_ip+' *(.*)$');
-   if (! isnull(v))
-   {
-	 port = destport;
-	 proto = "udp";
-    scanner_add_port(proto: proto, port: port);
-	 security_note(port: port, data: 
-"ike-scan found that this host is answering to IKE main mode handshaking.
-This is response from the host:"+v[1]);
-   }
- }
+Since the VPN endpoint answers to requests using IKE Aggressive Mode Handshaking, an attacker could potentially carry out a bruteforce attack against this host.";
+						command_parse(_responsedata:responsedata, _securitynote:securitynote, _destinationipaddress:destinationipaddress);
+					}
+				}
+			}
+		}
+	}
 }
-
-i=j;
-
-# execute ike-scan in aggressive mode
-if (ikea) {
-	argv[i++] = "-A";
-	argv[i++] = ip;
-
-	resa = pread(cmd: "ike-scan", argv: argv, cd: 1, nice: 5);
-	foreach line(split(resa))
+scanner_status(current:3, total:4);
+if (fingerprintmainmodeflag == "yes")
+{
+	foreach encryptionalgorithm (split(encryptionalgorithms, sep:",", keep:FALSE))
 	{
-	  v = eregmatch(string: line, pattern: '^'+esc_ip+' *(.*)$');
-	  if (! isnull(v))
-	  {
-		port = destport;
-		proto = "udp";
-	   scanner_add_port(proto: proto, port: port);
-		security_hole(port: port, data: 
-"ike-scan found that this host is answering to IKE aggressive mode handshaking.
-If VPN is answering to IKE aggressive mode handshaking, attacker can start
-potentialy successful brute force attack against this host.
-This is the response from the host:"+v[1]);
-	  }
+		foreach hashalgorithm (split(hashalgorithms, sep:",", keep:FALSE))
+		{
+			foreach authenticationmethod (split(authenticationmethods, sep:",", keep:FALSE))
+			{
+				foreach diffiehellmangroup (split(diffiehellmangroups, sep:",", keep:FALSE))
+				{
+					commandarguments = command_construct(_ike2flag:ike2flag, _sourceportnumber:sourceportnumber, _destinationportnumber:destinationportnumber, _checkmode:"", _fingerprintmode:"--showbackoff", _groupname:"", _encryptionalgorithm:encryptionalgorithm, _hashalgorithm:hashalgorithm, _authenticationmethod:authenticationmethod, _diffiehellmangroup:diffiehellmangroup, _maximumretry:maximumretry, _maximumtimeout:maximumtimeout, _destinationipaddress:destinationipaddress);
+					responsedata = pread(cmd:"ike-scan", argv:commandarguments, cd:1, nice:5);
+					securitynote = "Fingerprinting Main Mode succeeded using groupname=" + groupname + ", encryption algorithm=" + encryptionalgorithmname[encryptionalgorithm] + "(" + encryptionalgorithm + "), hash algorithm=" + hashalgorithmname[hashalgorithm] + "(" + hashalgorithm + "), authentication method=" + authenticationmethodname[authenticationmethod] + "(" + authenticationmethod + "), diffie-hellman group=" + diffiehellmangroupname[diffiehellmangroup] + "(" + diffiehellmangroup + ").";
+					command_parse(_responsedata:responsedata, _securitynote:securitynote, _destinationipaddress:destinationipaddress);
+				}
+			}
+		}
 	}
 }
-
-set_kb_item(name: "Host/scanned", value: TRUE);
-set_kb_item(name: 'Host/scanners/ike-scan', value: TRUE);
-
-scanner_status(current: 65535, total: 65535);
-
+scanner_status(current:4, total:4);
+set_kb_item(name:"Host/scanned", value:TRUE);
+set_kb_item(name:'Host/scanners/ike-scan', value:TRUE);



More information about the Openvas-commits mailing list