[Openvas-commits] r11688 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Sep 26 14:41:47 CEST 2011


Author: mime
Date: 2011-09-26 14:41:41 +0200 (Mon, 26 Sep 2011)
New Revision: 11688

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/ping_host.nasl
Log:
Added possibility to disable certain methods

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2011-09-26 12:24:43 UTC (rev 11687)
+++ trunk/openvas-plugins/ChangeLog	2011-09-26 12:41:41 UTC (rev 11688)
@@ -1,5 +1,10 @@
-2011-09-06  Henri Doreau <henri.doreau at greenbone.net>
+2011-09-26  Michael Meyer <michael.meyer at greenbone.net>
 
+	* scripts/ping_host.nasl:
+	Added possibility to disable certain methods.
+
+2011-09-26  Henri Doreau <henri.doreau at greenbone.net>
+
 	* scripts/gb_openssl_detect_win.nasl: Directly build and register the
 	CPE for OpenSSL.
 

Modified: trunk/openvas-plugins/scripts/ping_host.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ping_host.nasl	2011-09-26 12:24:43 UTC (rev 11687)
+++ trunk/openvas-plugins/scripts/ping_host.nasl	2011-09-26 12:41:41 UTC (rev 11688)
@@ -44,6 +44,8 @@
 
  script_add_preference(name:"Report about unrechable Hosts", type:"checkbox", value:"no");
  script_add_preference(name:"Mark unrechable Hosts as dead (not scanning)", type:"checkbox", value:"no");
+ script_add_preference(name:"Do a TCP ping", type:"checkbox", value:"yes");
+ script_add_preference(name:"Do an ICMP ping", type:"checkbox", value:"yes");
 
  exit(0);
 }
@@ -62,10 +64,13 @@
 
 report_dead = script_get_preference("Report about unrechable Hosts");
 mark_dead   = script_get_preference("Mark unrechable Hosts as dead (not scanning)");
+icmp_ping   = script_get_preference("Do an ICMP ping");
+tcp_ping    = script_get_preference("Do a TCP ping");
 
 set_kb_item(name: "/ping_host/mark_dead", value: mark_dead);
 set_kb_item(name: "/tmp/start_time", value: unixtime());
 if(islocalhost())exit(0);
+
 if(IP_IS_IPV6(ip:get_host_ip())) {
   if(!defined_func("forge_icmp_v6_packet")) {
     if("yes" >< report_dead || "yes" >< mark_dead) {
@@ -77,85 +82,89 @@
 
 if("no" >< mark_dead && "no" >< report_dead)exit(0);
 
-# Try ICMP (Ping) first
-if(IP_IS_IPV6(ip:get_host_ip())) {
-  # ICMPv6
-  IP6_v = 0x60;
-  IP6_P = 0x3a;#ICMPv6
-  IP6_HLIM = 0x40;
-  ICMP_ID = rand() % 65536;
+if("yes" >< icmp_ping) {
+  # Try ICMP (Ping) first
+  if(IP_IS_IPV6(ip:get_host_ip())) {
+    # ICMPv6
+    IP6_v = 0x60;
+    IP6_P = 0x3a;#ICMPv6
+    IP6_HLIM = 0x40;
+    ICMP_ID = rand() % 65536;
 
-  myhost = this_host();
+    myhost = this_host();
 
-  ip6_packet = forge_ipv6_packet(ip6_v: IP6_v,
-                                 ip6_p: IP6_P,
-                                 ip6_plen: 20,
-                                 ip6_hlim: IP6_HLIM,
-                                 ip6_src: myhost,
-                                 ip6_dst: get_host_ip());
-  d = rand_str(length: 56);
-  icmp = forge_icmp_v6_packet(ip6: ip6_packet, icmp_type:128, icmp_code:0, icmp_seq:0,
-                              icmp_id: ICMP_ID, icmp_cksum:-1, data: d);
+    ip6_packet = forge_ipv6_packet(ip6_v: IP6_v,
+                                   ip6_p: IP6_P,
+                                   ip6_plen: 20,
+                                   ip6_hlim: IP6_HLIM,
+                                   ip6_src: myhost,
+                                   ip6_dst: get_host_ip());
+    d = rand_str(length: 56);
+    icmp = forge_icmp_v6_packet(ip6: ip6_packet, icmp_type:128, icmp_code:0, icmp_seq:0,
+                                icmp_id: ICMP_ID, icmp_cksum:-1, data: d);
   
-  filter = "icmp6 and dst host " + myhost + " and src host " + get_host_ip()  + " and ip6[40] = 129";
+    filter = "icmp6 and dst host " + myhost + " and src host " + get_host_ip()  + " and ip6[40] = 129";
   
-  ret = NULL;
-  attempt = 2;
+    ret = NULL;
+    attempt = 2;
 
-  while (!ret && attempt--) {
-    ret = send_v6packet(icmp, pcap_active: TRUE, pcap_filter: filter);
-    if(ret) { 
-      set_kb_item(name: "/tmp/ping/ICMP", value: 1);
-      exit(0);
+    while (!ret && attempt--) {
+      ret = send_v6packet(icmp, pcap_active: TRUE, pcap_filter: filter);
+      if(ret) { 
+        set_kb_item(name: "/tmp/ping/ICMP", value: 1);
+        exit(0);
+      }
     }
-  }
 
-} else {  
-  # ICMPv4
-  ICMP_ECHO_REQUEST = 8;
-  IP_ID = 0xBABA;
-  ICMP_ID = rand() % 65536;
+  } else {  
+    # ICMPv4
+    ICMP_ECHO_REQUEST = 8;
+    IP_ID = 0xBABA;
+    ICMP_ID = rand() % 65536;
 
-  data =
-  raw_string(0x0c,0xf5,0xf3,0x4a,0x88,0x39,0x08,0x00,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
-  	     0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,
-	     0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f,
-  	     0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37);
+    data =
+    raw_string(0x0c,0xf5,0xf3,0x4a,0x88,0x39,0x08,0x00,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
+    	       0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,
+ 	       0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f,
+  	       0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37);
 
-  ip_packet =
-          forge_ip_packet(ip_tos : 6,
-                          ip_id  : IP_ID,
-                          ip_off : IP_DF,
-                          ip_p   : IPPROTO_ICMP,
-                          ip_src : this_host());
+    ip_packet =
+            forge_ip_packet(ip_tos : 6,
+                            ip_id  : IP_ID,
+                            ip_off : IP_DF,
+                            ip_p   : IPPROTO_ICMP,
+                            ip_src : this_host());
 
-  icmp_packet =
-         forge_icmp_packet(icmp_type : ICMP_ECHO_REQUEST,
-                           icmp_code : 123,
-                           icmp_seq  : 256,
-                           icmp_id   : ICMP_ID,
-	  	           data      : data,
-                           ip        : ip_packet);
-  attempt = 2;
-  ret = NULL;
+    icmp_packet =
+           forge_icmp_packet(icmp_type : ICMP_ECHO_REQUEST,
+                             icmp_code : 123,
+                             icmp_seq  : 256,
+                             icmp_id   : ICMP_ID,
+	    	             data      : data,
+                             ip        : ip_packet);
+    attempt = 2;
+    ret = NULL;
 
-  filter = "icmp and dst host " + this_host() + " and src host " + get_host_ip() + " and icmp[0] = 0 " + " and icmp[4:2] = " + ICMP_ID;
+    filter = "icmp and dst host " + this_host() + " and src host " + get_host_ip() + " and icmp[0] = 0 " + " and icmp[4:2] = " + ICMP_ID;
 
-  while (!ret && attempt--) {
-   ret = send_packet(icmp_packet, pcap_active: TRUE, pcap_filter: filter, pcap_timeout: 3);
-   if(ret) {
-    set_kb_item(name: "/tmp/ping/ICMP", value: 1);
-    exit(0);
-   }
+    while (!ret && attempt--) {
+     ret = send_packet(icmp_packet, pcap_active: TRUE, pcap_filter: filter, pcap_timeout: 3);
+     if(ret) {
+      set_kb_item(name: "/tmp/ping/ICMP", value: 1);
+      exit(0);
+     }
+    }
   }
-}
 
-# ICMP fails. Try TCP SYN 
-if(tcp_ping()) {
-  set_kb_item(name: "/tmp/ping/TCP", value: 1);
-  exit(0);
 }  
 
+if("yes" >< tcp_ping) {
+  # ICMP fails. Try TCP SYN 
+  if(tcp_ping()) {
+    set_kb_item(name: "/tmp/ping/TCP", value: 1);
+    exit(0);
+  }  
+}
 # Host seems to be dead.
 
 if("yes" >< report_dead) {



More information about the Openvas-commits mailing list