[openvas-discuss] Future enhancements: plugins in perl??
oxdeadbeef at pit-of-despair.com
Thu Nov 24 06:50:53 CET 2005
On Thu, 24 Nov 2005, Michael Boman wrote:
> On 11/23/05, oxdeadbeef <oxdeadbeef at pit-of-despair.com>
> <oxdeadbeef at pit-of-despair.com> wrote:
>> I like python too. It just does not have the ample amount of extentions
>> that perl could bring to the table. I can forsee direct access to
>> metasploit and libwhisker with it. It is here not there ATM ;)
> Metasploit Framework 3.x will be written in Ruby... Personally I just
> picked Ruby up, but it seems like a pretty decent language. I nothing
> against perl either, except that when developers are trying to be
> clever the code can very quickly become hard to impossible to read
> (perl is also known as a write-only language).
> My biggest issue with the plugins at the moment is formating: At the
> moment the plugin output has line breaks where-ever the developer want
> it, not necessary where it is required. The plugins also has no clear
> Vulnerability, Impact and Solution section (which is labeled as such),
> and the static plugin output should be seperated from the dynamic
> output (server banners etc).
I agree whole heartedly with this. In addition to plugins that dont work
entirely, which I just discovered. Bad regexp's also seem to be an issue
sometimes. Sure, I thank the people who took the time to write the
plugins. But, I wonder if there are more issues, suchs as inadequate
checking of the test cases (i.e. improper application version checking
using bad regexp, or just relying on one item to verify a version, when
multiple exist). How are plugins verified to work? Am I relying on
someones word is just not going to cut it.
> Best regards
> Michael Boman
> IT Security Researcher & Developer
> http://proxy.11a.nu | http://www.boseco.com
More information about the Openvas-discuss