[Openvas-commits] r12155 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue Nov 22 08:37:50 CET 2011


Author: jan
Date: 2011-11-22 08:37:44 +0100 (Tue, 22 Nov 2011)
New Revision: 12155

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_7zip_detect_lin.nasl
   trunk/openvas-plugins/scripts/gb_openssl_detect_lin.nasl
   trunk/openvas-plugins/scripts/gb_wireshark_detect_lin.nasl
   trunk/openvas-plugins/scripts/secpod_subversion_detect.nasl
Log:
* scripts/secpod_subversion_detect.nasl,
scripts/gb_openssl_detect_lin.nasl: Revised according to CR#57.

* scripts/gb_wireshark_detect_lin.nasl: Removed unecessary call
of ssh_close_connection.

* scripts/gb_7zip_detect_lin.nasl: Revised according to CR#57.
Also fixed a bug of too early exit.



Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2011-11-21 19:48:35 UTC (rev 12154)
+++ trunk/openvas-plugins/ChangeLog	2011-11-22 07:37:44 UTC (rev 12155)
@@ -1,3 +1,14 @@
+2011-11-22  Jan-Oliver Wagner <jan-oliver.wagner at greenbone.net>
+
+	* scripts/secpod_subversion_detect.nasl,
+	scripts/gb_openssl_detect_lin.nasl: Revised according to CR#57.
+
+	* scripts/gb_wireshark_detect_lin.nasl: Removed unecessary call
+	of ssh_close_connection.
+
+	* scripts/gb_7zip_detect_lin.nasl: Revised according to CR#57.
+	Also fixed a bug of too early exit.
+
 2011-11-21  Jan-Oliver Wagner <jan-oliver.wagner at greenbone.net>
 
 	* scripts/gb_wireshark_detect_lin.nasl: Reworked according to CR#57.

Modified: trunk/openvas-plugins/scripts/gb_7zip_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_7zip_detect_lin.nasl	2011-11-21 19:48:35 UTC (rev 12154)
+++ trunk/openvas-plugins/scripts/gb_7zip_detect_lin.nasl	2011-11-22 07:37:44 UTC (rev 12155)
@@ -7,6 +7,9 @@
 # Authors:
 # Sujit Ghosal <sghosal at secpod.com>
 #
+# Updated by: <jan-oliver.wagner at greenbone.net> on 2011-11-21
+# Revised to comply with Change Request #57.
+#
 # Copyright:
 # Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
 #
@@ -24,23 +27,29 @@
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 ###############################################################################
 
+SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.800255";
+
 if(description)
 {
-  script_id(800255);
+  script_oid(SCRIPT_OID);
   script_version("$Revision$");
   script_tag(name:"last_modification", value:"$Date$");
   script_tag(name:"creation_date", value:"2009-04-02 08:15:32 +0200 (Thu, 02 Apr 2009)");
   script_tag(name:"risk_factor", value:"None");
+  script_tag(name:"cvss_base", value:"0.0");
+  script_tag(name:"detection", value:"executable version check");
   script_name("7zip Version Detection (Linux)");
-  desc = "
-  Overview : This script finds the installed version of 7zip and saves the
-  result in KB.";
+  script_description("Detection of installed version of 7zip.
 
-  script_description(desc);
-  script_summary("Set KB for the version of 7zip");
+The script logs in via ssh, searches for executable '7za' and
+queries the found executables via command line option 'invalidcmd'.
+The error message output of 7za is normal because 7za in fact
+offers no version command and thus an invalid command has to be
+passed to obtain the version number.");
+  script_summary("Detection of installed version of 7zip");
   script_category(ACT_GATHER_INFO);
   script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
-  script_family("General");
+  script_family("Product detection");
   exit(0);
 }
 
@@ -49,34 +58,31 @@
 include("ssh_func.inc");
 include("version_func.inc");
 
-## Constant values
-SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.800255";
-SCRIPT_DESC = "7zip Version Detection (Linux)";
-
 sock = ssh_login_or_reuse_connection();
 if(!sock){
-  exit(0);
+  if (defined_func("error_message"))
+    error_message(port:port, data:"Failed to open ssh port.");
+  exit(-1);
 }
 
 paths = find_file(file_name:"7za", file_path:"/", useregex:TRUE,
                   regexpar:"$", sock:sock);
-foreach zipBin (paths)
+foreach executableFile (paths)
 {
-  zipVer = get_bin_version(full_prog_name:chomp(zipBin), sock:sock,
-                           version_argv:"version",
+  zipVer = get_bin_version(full_prog_name:chomp(executableFile), sock:sock,
+                           version_argv:"invalidcmd",
                            ver_pattern:"p7zip Version ([0-9]\.[0-9][0-9]?)");
   if(zipVer[1] != NULL)
   {
     set_kb_item(name:"7zip/Lin/Ver", value:zipVer[1]);
-    security_note(data:"7zip version " + zipVer[1] + " was detected on the host");
-    ssh_close_connection();
+    log_message(data:'Detected 7zip version: ' + zipVer[1] +
+        '\nLocation: ' + executableFile +
+        '\n\nConcluded from version identification result:\n' + zipVer[max_index(zipVer)-1]);
 
-    ## build cpe and store it as host_detail
     cpe = build_cpe(value: zipVer[1], exp:"^([0-9.]+)",base:"cpe:/a:7-zip:7-zip:");
     if(!isnull(cpe))
-       register_host_detail(name:"App", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);
-
-    exit(0);
+      register_product(cpe:cpe, location:executableFile, nvt:SCRIPT_OID);
   }
 }
+
 ssh_close_connection();

Modified: trunk/openvas-plugins/scripts/gb_openssl_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openssl_detect_lin.nasl	2011-11-21 19:48:35 UTC (rev 12154)
+++ trunk/openvas-plugins/scripts/gb_openssl_detect_lin.nasl	2011-11-22 07:37:44 UTC (rev 12155)
@@ -7,6 +7,9 @@
 # Authors:
 # Sharath S <sharaths at secpod.com>
 #
+# Updated by: <jan-oliver.wagner at greenbone.net> on 2011-11-21
+# Revised to comply with Change Request #57.
+#
 # Copyright:
 # Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
 #
@@ -24,60 +27,60 @@
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 ###############################################################################
 
+SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.800335";
+
 if(description)
 {
-  script_id(800335);
+  script_oid(SCRIPT_OID);
   script_version("$Revision$");
   script_tag(name:"last_modification", value:"$Date$");
   script_tag(name:"creation_date", value:"2009-01-09 13:48:55 +0100 (Fri, 09 Jan 2009)");
   script_tag(name:"risk_factor", value:"None");
+  script_tag(name:"cvss_base", value:"0.0");
+  script_tag(name:"detection", value:"executable version check");
   script_name("OpenSSL Version Detection (Linux)");
-  desc = "
-  Overview : This script finds the installed version of OpenSSL and saves
-  in KB.";
+  script_description("Detection of installed version of OpenSSL.
 
-  script_description(desc);
-  script_summary("Set KB for the version of OpenSSL");
+The script logs in via ssh, searches for executable 'openssl' and
+queries the found executables via command line option 'version'.");
+  script_summary("Detection of installed version of OpenSSL");
   script_category(ACT_GATHER_INFO);
   script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
-  script_family("General");
+  script_family("Product detection");
   exit(0);
 }
 
-
 include("ssh_func.inc");
 include("version_func.inc");
 include("cpe.inc");
 include("host_details.inc");
 
-## Constant values
-SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.800335";
-SCRIPT_DESC = "OpenSSL Version Detection (Linux)";
-
 sock = ssh_login_or_reuse_connection();
 if(!sock){
-  exit(0);
+  if (defined_func("error_message"))
+    error_message(port:port, data:"Failed to open ssh port.");
+  exit(-1);
 }
 
 paths = find_bin(prog_name:"openssl",sock:sock);
-foreach sslBin (paths)
+foreach executableFile (paths)
 {
-  sslVer = get_bin_version(full_prog_name:chomp(sslBin), sock:sock,
+  sslVer = get_bin_version(full_prog_name:chomp(executableFile), sock:sock,
                            version_argv:"version",
                            ver_pattern:"OpenSSL ([0-9.a-z\-]+)");
   if(sslVer[1] != NULL)
   {
     set_kb_item(name:"OpenSSL/Linux/Ver", value:sslVer[1]);
     security_note(data:"OpenSSL version " + sslVer[1] + " running at location " 
-                         + sslBin + " was detected on the host");
-    ssh_close_connection();
+                         + executableFile + " was detected on the host");
+    log_message(data:'Detected OpenSSL version: ' + sslVer[1] +
+        '\nLocation: ' + executableFile +
+        '\n\nConcluded from version identification result:\n' + sslVer[max_index(sslVer)-1]);
    
-    ## build cpe and store it as host_detail
     cpe = build_cpe(value:sslVer[1], exp:"^([0-9.]+[a-z0-9]*)", base:"cpe:/a:openssl:openssl:");
     if(!isnull(cpe))
-       register_host_detail(name:"App", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);
-
-    #exit(0);
+      register_product(cpe:cpe, location:executableFile, nvt:SCRIPT_OID);
   }
 }
+
 ssh_close_connection();

Modified: trunk/openvas-plugins/scripts/gb_wireshark_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wireshark_detect_lin.nasl	2011-11-21 19:48:35 UTC (rev 12154)
+++ trunk/openvas-plugins/scripts/gb_wireshark_detect_lin.nasl	2011-11-22 07:37:44 UTC (rev 12155)
@@ -74,9 +74,7 @@
     log_message(data:'Detected Wireshark version: ' + sharkVer[1] +
         '\nLocation: ' + executableFile +
         '\n\nConcluded from version identification result:\n' + sharkVer[max_index(sharkVer)-1]);
-    ssh_close_connection();
    
-    ## build cpe and store it as host_detail
     cpe = build_cpe(value:sharkVer[1], exp:"^([0-9.]+)", base:"cpe:/a:wireshark:wireshark:");
     if(!isnull(cpe))
        register_product(cpe:cpe, location:executableFile, nvt:SCRIPT_OID);

Modified: trunk/openvas-plugins/scripts/secpod_subversion_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_subversion_detect.nasl	2011-11-21 19:48:35 UTC (rev 12154)
+++ trunk/openvas-plugins/scripts/secpod_subversion_detect.nasl	2011-11-22 07:37:44 UTC (rev 12155)
@@ -7,10 +7,12 @@
 # Authors:
 # Antu Sanadi <santu at secpod.com>
 #
+# Updated by: <jan-oliver.wagner at greenbone.net> on 2011-11-21
+# Revised to comply with Change Request #57.
+#
 # Copyright:
 # Copyright (c) 2009 SecPod, http://www.secpod.com
 #
-#
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2
 # (or any later version), as published by the Free Software Foundation.
@@ -25,59 +27,57 @@
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 ###############################################################################
 
+SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.101103";
+
 if(description)
 {
-  script_id(101103);
+  script_oid(SCRIPT_OID);
   script_version("$Revision$");
   script_tag(name:"last_modification", value:"$Date$");
   script_tag(name:"creation_date", value:"2009-08-20 09:27:17 +0200 (Thu, 20 Aug 2009)");
   script_tag(name:"risk_factor", value:"None");
+  script_tag(name:"cvss_base", value:"0.0");
+  script_tag(name:"detection", value:"executable version check");
   script_name("Subversion Version Detection");
-  desc = "
+  script_description("Detection of installed version of Subversion.
 
-  Overview : This script retrieves the version of Subversion
-  and saves the result in KB.";
-
-  script_description(desc);
-  script_family("Service detection");
+The script logs in via ssh, searches for executable 'svnversion' and
+queries the found executables via command line option '--version'.");
+  script_family("Product detection");
   script_category(ACT_GATHER_INFO);
   script_copyright("Copyright (C) 2009 SecPod");
-  script_summary("Set Version of Subversion in KB");
+  script_summary("Detecion of installed version of Subversion");
   exit(0);
 }
 
-
 include("ssh_func.inc");
 include("version_func.inc");
 include("cpe.inc");
 include("host_details.inc");
 
-## Constant values
-SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.101103";
-SCRIPT_DESC = "Subversion Version Detection";
-
 sock = ssh_login_or_reuse_connection();
 if(!sock){
-  exit(0);
+  if (defined_func("error_message"))
+    error_message(port:port, data:"Failed to open ssh port.");
+  exit(-1);
 }
 
 getPath = find_bin(prog_name:"svnversion", sock:sock);
-foreach binaryFile (getPath)
+foreach executableFile (getPath)
 {
-   svnVer = get_bin_version(full_prog_name:chomp(binaryFile),
+   svnVer = get_bin_version(full_prog_name:chomp(executableFile),
              version_argv:"--version", ver_pattern:"[0-9.]+", sock:sock);
 
    if(svnVer[0] != NULL){
       set_kb_item(name:"Subversion/Ver", value:svnVer[0]);
-      security_note(data:"Subversion version " + svnVer[0] + " running at " +
-                         "location " + binaryFile +
-                         " was detected on the host");
+      log_message(data:'Detected Subversion version: ' + svnVer[0] +
+        '\nLocation: ' + executableFile +
+        '\n\nConcluded from version identification result:\n' + svnVer[max_index(svnVer)-1]);
    
-      ## build cpe and store it as host_detail
       cpe = build_cpe(value:svnVer[0], exp:"^([0-9.]+)", base:"cpe:/a:subversion:subversion:");
       if(!isnull(cpe))
-         register_host_detail(name:"App", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);
-
+        register_product(cpe:cpe, location:executableFile, nvt:SCRIPT_OID);
   }
 }
+
 ssh_close_connection();



More information about the Openvas-commits mailing list