[Openvas-nvts-commits] r545 - / scripts

scm-commit at wald.intevation.org scm-commit at wald.intevation.org
Fri Jul 4 11:32:26 CEST 2014


Author: antu123
Date: 2014-07-04 11:32:25 +0200 (Fri, 04 Jul 2014)
New Revision: 545

Modified:
   ChangeLog
   scripts/gb_ms_onenote_detect.nasl
   scripts/gb_ms_silverlight_detect.nasl
   scripts/gb_seamonkey_detect_win.nasl
   scripts/gb_tor_detect_win.nasl
   scripts/gb_trillian_detect.nasl
   scripts/gb_yahoo_msg_detect.nasl
Log:
Updated to support 32 and 64 bit applicationand

Modified: ChangeLog
===================================================================
--- ChangeLog	2014-07-04 05:10:23 UTC (rev 544)
+++ ChangeLog	2014-07-04 09:32:25 UTC (rev 545)
@@ -1,5 +1,16 @@
 2014-07-04 Antu Sanadi <santu at secpod.com>
 
+	* scripts/gb_ms_onenote_detect.nasl,
+	scripts/gb_ms_silverlight_detect.nasl,
+	scripts/gb_seamonkey_detect_win.nasl,
+	scripts/gb_tor_detect_win.nasl,
+	scripts/gb_trillian_detect.nasl,
+	scripts/gb_yahoo_msg_detect.nasl:
+	Updated to support 32 and 64 bit applicationa and
+	newest detection method.
+
+2014-07-04 Antu Sanadi <santu at secpod.com>
+
 	* scripts/2014/deb_2971.nasl:
 	Added new auto generated plugin.
 

Modified: scripts/gb_ms_onenote_detect.nasl
===================================================================
--- scripts/gb_ms_onenote_detect.nasl	2014-07-04 05:10:23 UTC (rev 544)
+++ scripts/gb_ms_onenote_detect.nasl	2014-07-04 09:32:25 UTC (rev 545)
@@ -25,66 +25,99 @@
 ###############################################################################
 
 include("revisions-lib.inc");
-tag_summary = "Detection of installed version of Microsoft OneNote.
 
-  The script logs in via smb, and detect the version of Microsoft OneNote
-  on remote host and sets the KB";
-
-SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.803436";
-
 if(description)
 {
-  script_oid(SCRIPT_OID);
+  script_oid("1.3.6.1.4.1.25623.1.0.803436");
   script_version("$Revision$");
   script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
   script_tag(name:"cvss_base", value:"0.0");
   script_tag(name:"risk_factor", value:"None");
   script_tag(name:"last_modification", value:"$Date$");
   script_tag(name:"creation_date", value:"2013-03-13 11:28:48 +0530 (Wed, 13 Mar 2013)");
+  script_tag(name:"detection", value:"registry version check");
   script_name("Microsoft OneNote Version Detection (Windows)");
+
+ tag_summary =
+"Detection of installed version of Microsoft OneNote.
+
+The script logs in via smb, and detect the version of Microsoft OneNote
+on remote host and sets the KB ";
+
   desc = "
   Summary:
   " + tag_summary;
+
+  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
+    script_tag(name : "summary" , value : tag_summary);
+  }
+
   script_description(desc);
-
   script_summary("Detection of installed version of Microsoft OneNote on Windows");
   script_category(ACT_GATHER_INFO);
   script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
   script_family("Product detection");
-  script_dependencies("secpod_reg_enum.nasl");
-  script_mandatory_keys("SMB/WindowsVersion");
+  script_dependencies("secpod_reg_enum.nasl", "smb_reg_service_pack.nasl");
+  script_mandatory_keys("SMB/WindowsVersion", "SMB/Windows/Arch");
   script_require_ports(139, 445);
-  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
-    script_tag(name : "summary" , value : tag_summary);
-  }
   exit(0);
 }
 
+include("cpe.inc");
 include("smb_nt.inc");
-include("cpe.inc");
+include("secpod_smb_func.inc");
 include("host_details.inc");
-include("secpod_smb_func.inc");
 include("version_func.inc");
 
+## Function to Register Product and Build report
+function build_report(app, ver, cpe, insloc)
+{
+  register_product(cpe:cpe, location:insloc);
+  log_message(data: build_detection_report(app: app,
+                                           version: ver,
+                                           install: insloc,
+                                           cpe: cpe,
+                                           concluded: ver));
+}
+
 ## Variable Initialization
 exePath = "";
 noteVer = "";
 share = "";
 file = "";
+osArch = "";
 
-if(!get_kb_item("SMB/WindowsVersion")){
-  exit(0);
+osArch = get_kb_item("SMB/Windows/Arch");
+if(!osArch)
+{
+  error_message(data:"Failed to get the OS architecture");
+  exit(-1);
 }
 
 # Check Office Installation
-if(!registry_key_exists(key:"SOFTWARE\Microsoft\Office")){
+if(!registry_key_exists(key:"SOFTWARE\Microsoft\Office") &&
+   !registry_key_exists(key:"SOFTWARE\Wow6432Node\Microsoft\Office"))
+{
   exit(0);
 }
 
-# Get OneNote Installed Path
-exePath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
+## if os is 32 bit iterate over comman path
+if("x86" >< osArch){
+ exePath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
                               "\App Paths\OneNote.exe", item:"Path");
+}
 
+## Check for 64 bit platform
+else if("x64" >< osArch)
+{
+  exePath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
+                              "\App Paths\OneNote.exe", item:"Path");
+  if(!exePath){
+   exePath = registry_get_sz(key:"SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion" +
+                                 "\App Paths\OneNote.exe", item:"Path");
+  }
+}
+
 if(exePath != NULL)
 {
   noteVer = fetch_file_version(sysPath:exePath, file_name:"onenote.exe");
@@ -99,9 +132,21 @@
     if(isnull(cpe))
       cpe = 'cpe:/a:microsoft:onenote';
 
-    register_product(cpe:cpe, location:exePath, nvt:SCRIPT_OID);
-    log_message(data: build_detection_report(app:"Microsoft OneNote",
-                                    version:noteVer, install:exePath,
-                                        cpe:cpe, concluded:noteVer));
+    ## Register Product and Build Report
+    build_report(app: "Microsoft OneNote", ver:noteVer, cpe:cpe, insloc:exePath);
+
+    if("x64" >< osArch && "Wow6432Node" >!< exePath)
+    {
+      ## Set the KB item
+      set_kb_item(name:"MS/Office/OneNote64/Ver", value:noteVer);
+
+      ## build cpe and store it as host_detail for 64 bit
+      cpe = build_cpe(value:noteVer, exp:"^([0-9.]+)", base:"cpe:/a:microsoft:onenote:x64:");
+      if(isnull(cpe))
+        cpe = "cpe:/a:microsoft:onenote:x64";
+
+      ## Register Product and Build Report
+      build_report(app: "Microsoft OneNote", ver:noteVer, cpe:cpe, insloc:exePath);
+    }
   }
 }


Property changes on: scripts/gb_ms_onenote_detect.nasl
___________________________________________________________________
Modified: svn:keywords
   - Id Revision Date
   + Author Revision Date Id

Modified: scripts/gb_ms_silverlight_detect.nasl
===================================================================
--- scripts/gb_ms_silverlight_detect.nasl	2014-07-04 05:10:23 UTC (rev 544)
+++ scripts/gb_ms_silverlight_detect.nasl	2014-07-04 09:32:25 UTC (rev 545)
@@ -10,8 +10,11 @@
 # Updated: Veerendra GG <veerendragg at secpod.com> on 2013-08-09
 # According to CR57 and New Style script_tags.
 #
+# Updated By: Shakeel <bshakeel at secpod.com> on 2014-07-02
+# To support 32 and 64 bit.
+#
 # Copyright:
-# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2
@@ -29,15 +32,13 @@
 
 include("revisions-lib.inc");
 
-SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.801934";
-
 if(description)
 {
-  script_oid(SCRIPT_OID);
+  script_oid("1.3.6.1.4.1.25623.1.0.801934");
+  script_version("$Revision$");
   script_tag(name:"cvss_base", value:"0.0");
   script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
   script_tag(name:"risk_factor", value:"None");
-  script_version("$Revision$");
   script_tag(name:"last_modification", value:"$Date$");
   script_tag(name:"creation_date", value:"2011-05-16 15:25:30 +0200 (Mon, 16 May 2011)");
   script_tag(name:"detection", value:"registry version check");
@@ -60,82 +61,128 @@
   script_description(desc);
   script_summary("Detection of installed version of Microsoft Silverlight on Windows");
   script_category(ACT_GATHER_INFO);
-  script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
+  script_copyright("Copyright (C) 2013 Greenbone Networks GmbH");
   script_family("Product detection");
-  script_dependencies("secpod_reg_enum.nasl");
-  script_mandatory_keys("SMB/WindowsVersion");
+  script_dependencies("secpod_reg_enum.nasl", "smb_reg_service_pack.nasl");
+  script_mandatory_keys("SMB/WindowsVersion", "SMB/Windows/Arch");
   script_require_ports(139, 445);
   exit(0);
 }
 
+
 include("smb_nt.inc");
+include("secpod_smb_func.inc");
 include("cpe.inc");
 include("host_details.inc");
-include("secpod_smb_func.inc");
 
+
+## Function to Register Product and Build report
+function build_report(app, ver, cpe, insloc)
+{
+  register_product(cpe:cpe, location:insloc);
+  log_message(data: build_detection_report(app: app,
+                                           version: ver,
+                                           install: insloc,
+                                           cpe: cpe,
+                                           concluded: ver));
+}
+
+
 ## Variable Initialization
+os_arch = "";
+key_list = "";
+key="";
 cpe = "";
-un_key = "";
-msl_key = "";
 ins_loc = "";
 msl_ver = "";
 
-## Check Silverlight is present or not
-msl_key = "SOFTWARE\Microsoft\Silverlight";
-if(!msl_key){
-  exit(0);
+## Get OS Architecture
+os_arch = get_kb_item("SMB/Windows/Arch");
+if(!os_arch){
+  error_message(data:"Failed to get the OS architecture");
+  exit(-1);
 }
 
-un_key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
-if(!registry_key_exists(key:un_key)){
+## Check Silverlight is present or not
+if(!registry_key_exists(key:"SOFTWARE\Microsoft\Silverlight")){
+  if(!registry_key_exists(key:"SOFTWARE\Wow6432Node\Microsoft\Silverlight")){
     exit(0);
+  }
 }
 
-msl_ver = registry_get_sz(key:msl_key, item:"Version");
+## Check for 32 bit platform
+if("x86" >< os_arch){
+  key_list = make_list("SOFTWARE\Microsoft\Silverlight");
+}
 
-## Need to iterate over Uninstall path to get installed path and display name.
-foreach item (registry_enum_keys(key:un_key))
+## Check for 64 bit platform
+else if("x64" >< os_arch){
+  key_list =  make_list("SOFTWARE\Wow6432Node\Microsoft\Silverlight",
+                        "SOFTWARE\Microsoft\Silverlight");
+}
+
+if(isnull(key_list)){
+  exit(0);
+}
+
+foreach key (key_list)
 {
-  ## Get application name
-  app_name = registry_get_sz(key:un_key + item, item:"DisplayName");
-  if("Microsoft Silverlight" >!< app_name){
-    continue;
+  msl_ver = registry_get_sz(key:key, item:"Version");
+  if("Wow6432Node" >< key){
+    unKey = "SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\";
+  } else {
+    unKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
   }
 
-  ## Get version if not available in previous path
-  if(!msl_ver || msl_ver == "0"){
-    msl_ver = registry_get_sz(key:un_key + item, item:"DisplayVersion");
+  foreach item (registry_enum_keys(key:unKey))
+  {
+    ## Get application name
+    app_name = registry_get_sz(key:unKey + item, item:"DisplayName");
+    if("Microsoft Silverlight" >!< app_name)
+    {
+       continue;
+    }
+
+    ## Get version if not available in previous path
+    if(!msl_ver || msl_ver == "0"){
+      msl_ver = registry_get_sz(key:unKey + item, item:"DisplayVersion");
+    }
+
+    ## Get installed location
+    ins_loc = registry_get_sz(key:unKey + item, item:"InstallLocation");
+    if(!ins_loc){
+      ins_loc = "Unable to find the install location from registry.";
+    }
+    break;
   }
 
-  ## Get installed location
-  ins_loc = registry_get_sz(key:un_key + item, item:"InstallLocation");
-  if(!ins_loc){
-    ins_loc = "Unable to find the install location from registry.";
+  ## Ths might be needed for older NVTs
+  if(msl_ver){
+    ## Set KB for Microsoft Silverlight
+    set_kb_item(name:"Microsoft/Silverlight", value:msl_ver);
   }
 
-  break;
-}
+  if(msl_ver && "Microsoft Silverlight" >< app_name)
+  {
+    ## build cpe and store it as host_detail
+    cpe = build_cpe(value:msl_ver, exp:"^([0-9.]+)", base:"cpe:/a:microsoft:silverlight:");
+    if(isnull(cpe))
+      cpe = "cpe:/a:microsoft:silverlight";
 
-## Ths might be needed for older NVTs
-if(msl_ver){
-  ## Set KB for Microsoft Silverlight
-  set_kb_item(name:"Microsoft/Silverlight", value:msl_ver);
+    ##Register Product and Build Report
+    build_report(app: "Microsoft Silverlight", ver:msl_ver, cpe:cpe, insloc:ins_loc);
 
-}
+    ## 64 bit apps on 64 bit platform
+    if("x64" >< os_arch && "Wow6432Node" >!< key)
+    {
+      set_kb_item(name:"Microsoft/Silverlight64", value:msl_ver);
 
-if(msl_ver && "Microsoft Silverlight" >< app_name)
-{
-  ## build cpe and store it as host_detail
-  cpe = build_cpe(value:msl_ver, exp:"^([0-9.]+)", base:"cpe:/a:microsoft:silverlight:");
-  if(isnull(cpe))
-    cpe = "cpe:/a:microsoft:silverlight";
+      cpe = build_cpe(value:msl_ver, exp:"^([0-9.]+)", base:"cpe:/a:microsoft:silverlight:x64:");
+      if(isnull(cpe))
+        cpe = "cpe:/a:microsoft:silverlight:x64";
 
-  ## Register product
-  register_product(cpe:cpe, location:ins_loc, nvt:SCRIPT_OID);
-
-  log_message(data: build_detection_report(app:app_name,
-                                           version:msl_ver,
-                                           install:ins_loc,
-                                           cpe:cpe,
-                                           concluded:msl_ver));
+      ## Register Product and Build Report
+      build_report(app: "Microsoft Silverlight", ver:msl_ver, cpe:cpe, insloc:ins_loc);
+    }
+  }
 }


Property changes on: scripts/gb_ms_silverlight_detect.nasl
___________________________________________________________________
Modified: svn:keywords
   - Id Revision Date
   + Author Revision Date Id

Modified: scripts/gb_seamonkey_detect_win.nasl
===================================================================
--- scripts/gb_seamonkey_detect_win.nasl	2014-07-04 05:10:23 UTC (rev 544)
+++ scripts/gb_seamonkey_detect_win.nasl	2014-07-04 09:32:25 UTC (rev 545)
@@ -10,6 +10,9 @@
 # Upgrade to detect the latest version
 # - By Sharath S <sharaths at secpod.com> On 2009-11-02 #5567
 #
+# Updated By: Thanga Prakash S <tprakash at secpod.com> on 2014-07-02
+# Updated to support 32 and 64 bit
+#
 # Copyright:
 # Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net
 #
@@ -29,11 +32,9 @@
 
 include("revisions-lib.inc");
 
-SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.800016";
-
 if(description)
 {
-  script_oid(SCRIPT_OID);
+  script_oid("1.3.6.1.4.1.25623.1.0.800016");
   script_version("$Revision$");
   script_tag(name:"cvss_base", value:"0.0");
   script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
@@ -62,8 +63,8 @@
   script_category(ACT_GATHER_INFO);
   script_copyright("Copyright (C) 2008 SecPod");
   script_family("Product detection");
-  script_dependencies("secpod_reg_enum.nasl");
-  script_mandatory_keys("SMB/WindowsVersion");
+  script_dependencies("secpod_reg_enum.nasl", "smb_reg_service_pack.nasl");
+  script_mandatory_keys("SMB/WindowsVersion", "SMB/Windows/Arch");
   script_require_ports(139, 445);
   exit(0);
 }
@@ -79,22 +80,41 @@
 insPath = "";
 seaVer = "";
 
-key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
-if(!registry_key_exists(key:key)){
-  exit(0);
+## Get OS Architecture
+os_arch = get_kb_item("SMB/Windows/Arch");
+if(!os_arch){
+  error_message(data:"Failed to get the OS architecture");
+  exit(-1);
 }
 
+## Check for 32 bit platform
+if("x86" >< os_arch){
+  key = "SOFTWARE";
+}
+
+## Presently 64bit application is not available
+## Check for 32 bit App on 64 bit platform
+else if("x64" >< os_arch){
+  key =  "SOFTWARE\Wow6432Node";
+}
+
 # Check for SeaMonkey version through Registry entry
-seaVer = registry_get_sz(key:"SOFTWARE\mozilla.org\SeaMonkey",
-                         item:"CurrentVersion");
+seaVer = registry_get_sz(key: key + "\mozilla.org\SeaMonkey",
+                               item:"CurrentVersion");
 if(!seaVer){
-  seaVer = registry_get_sz(key:"SOFTWARE\Mozilla\SeaMonkey",
-                           item:"CurrentVersion");
+  seaVer = registry_get_sz(key: key + "\Mozilla\SeaMonkey",
+                                 item:"CurrentVersion");
 }
 
 seaVer = eregmatch(pattern:"[0-9.]+", string:seaVer);
 seaVer = seaVer[0];
 
+# To get the appName and Path
+key = key + "\Microsoft\Windows\CurrentVersion\Uninstall\";
+if(!registry_key_exists(key:key)){
+  exit(0);
+}
+
 foreach item (registry_enum_keys(key:key))
 {
   appName = registry_get_sz(key:key + item, item:"DisplayName");
@@ -105,37 +125,29 @@
     if(!seaVer)
       seaVer = registry_get_sz(key:key + item, item:"DisplayVersion");
 
-    insPath = registry_get_sz(key:key + item, item:"InstallLocation");
+    if(seaVer)
+    {
+      ## Not sure about the purpose of the below line
+      if(seaVer <= 0)exit(0);
 
-    break;
-  }
-  appName = "";
-}
+      insPath = registry_get_sz(key:key + item, item:"InstallLocation");
+      if(!insPath)
+        insPath = "Could not find the install location";
 
-if(seaVer)
-{
+      set_kb_item(name:"Seamonkey/Win/Ver", value: seaVer);
 
-  if(!appName && !insPath) {
-    if(seaVer <= 0)exit(0);
-  }  
+      ## build cpe
+      cpe = build_cpe(value: seaVer, exp:"^([0-9.]+([a-z0-9]+)?)", base:"cpe:/a:mozilla:seamonkey:");
+      if(isnull(cpe))
+        cpe = 'cpe:/a:mozilla:seamonkey';
 
-  if(!appName) appName = "Mozilla SeaMonkey";
+      register_product(cpe:cpe, location:insPath);
 
-  if(!insPath)
-    insPath = "Could not find the install location";
-
-  set_kb_item(name:"Seamonkey/Win/Ver", value: seaVer);
-
-  ## build cpe
-  cpe = build_cpe(value: seaVer, exp:"^([0-9.]+([a-z0-9]+)?)", base:"cpe:/a:mozilla:seamonkey:");
-  if(isnull(cpe))
-    cpe = 'cpe:/a:mozilla:seamonkey';
-
-  register_product(cpe:cpe, location:insPath, nvt:SCRIPT_OID);
-
-  log_message(data: build_detection_report(app: appName,
-                                           version: seaVer,
-                                           install: insPath,
-                                           cpe: cpe,
-                                           concluded: seaVer));
+      log_message(data: build_detection_report(app: appName,
+                                               version: seaVer,
+                                               install: insPath,
+                                               cpe: cpe,
+                                               concluded: seaVer));
+    }
+  }
 }


Property changes on: scripts/gb_seamonkey_detect_win.nasl
___________________________________________________________________
Modified: svn:keywords
   - Id Revision Date
   + Author Revision Date Id

Modified: scripts/gb_tor_detect_win.nasl
===================================================================
--- scripts/gb_tor_detect_win.nasl	2014-07-04 05:10:23 UTC (rev 544)
+++ scripts/gb_tor_detect_win.nasl	2014-07-04 09:32:25 UTC (rev 545)
@@ -16,6 +16,9 @@
 # Updated to detect version from Uninstall.exe
 #   - By N Shashi Kiran N <nskiran at secpod.com> on 2011-06-16
 #
+# Updated By: Thanga Prakash S <tprakash at secpod.com> on 2014-07-02
+# Updated to support 32 and 64 bit
+#
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2
 # (or any later version), as published by the Free Software Foundation.
@@ -31,97 +34,111 @@
 ###############################################################################
 
 include("revisions-lib.inc");
-tag_summary = "This script is detects the installed version of Tor and
-  sets the result in KB.";
 
 if(description)
 {
-  script_id(800351);
+  script_oid("1.3.6.1.4.1.25623.1.0.800351");
+  script_version("$Revision$");
+  script_tag(name:"cvss_base", value:"0.0");
   script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
- script_version("$Revision$");
+  script_tag(name:"risk_factor", value:"None");
   script_tag(name:"last_modification", value:"$Date$");
   script_tag(name:"creation_date", value:"2009-02-06 13:48:17 +0100 (Fri, 06 Feb 2009)");
-  script_tag(name:"cvss_base", value:"0.0");
-  script_tag(name:"risk_factor", value:"None");
+  script_tag(name:"detection", value:"registry version check");
   script_name("Tor Version Detection (Win)");
+
+  tag_summary =
+"Detection of installed version of Tor on Windows.
+
+The script logs in via smb, searches for Tor in the registry
+and gets the version from registry or file.";
+
   desc = "
-
   Summary:
   " + tag_summary;
+
+  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
+    script_tag(name : "summary" , value : tag_summary);
+  }
+
   script_description(desc);
   script_summary("Set KB for the version of Tor");
   script_category(ACT_GATHER_INFO);
   script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
-  script_family("Service detection");
-  script_dependencies("secpod_reg_enum.nasl");
-  script_require_keys("SMB/WindowsVersion");
+  script_family("Product detection");
+  script_dependencies("secpod_reg_enum.nasl", "smb_reg_service_pack.nasl");
+  script_mandatory_keys("SMB/WindowsVersion", "SMB/Windows/Arch");
   script_require_ports(139, 445);
-  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
-    script_tag(name : "summary" , value : tag_summary);
-  }
   exit(0);
 }
 
+
 include("cpe.inc");
 include("host_details.inc");
 include("smb_nt.inc");
 include("secpod_smb_func.inc");
+include("version_func.inc");
 
-## Constant values
-SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.800351";
-SCRIPT_DESC = "Tor Version Detection (Win)";
+## Variable initialization
+torVer = "";
+torPath = "";
+torName = "";
 
-## functions for script
-function register_cpe(tmpVers, tmpExpr, tmpBase){
+## Get OS Architecture
+os_arch = get_kb_item("SMB/Windows/Arch");
+if(!os_arch){
+  error_message(data:"Failed to get the OS architecture");
+  exit(-1);
+}
 
-   local_var cpe;
-   ## build cpe and store it as host_detail
-   cpe = build_cpe(value:tmpVers, exp:tmpExpr, base:tmpBase);
-   if(!isnull(cpe))
-      register_host_detail(name:"App", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);
+## Check for 32 bit platform
+if("x86" >< os_arch){
+  key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tor";
 }
 
-## start script
-if(!get_kb_item("SMB/WindowsVersion")){
+## Presently 64bit application is not available
+## Check for 32 bit App on 64 bit platform
+else if("x64" >< os_arch){
+  key =  "SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Tor";
+}
+
+if(!registry_key_exists(key:key)){
   exit(0);
 }
 
-torName = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
-                              "\Uninstall\Tor", item:"DisplayName");
+torName = registry_get_sz(key:key, item:"DisplayName");
 if("Tor" >< torName)
 {
   torVer = eregmatch(pattern:"Tor ([0-9.]+-?([a-z0-9]+)?)", string:torName);
-  if(torVer[1] != NULL)
-  {
-    set_kb_item(name:"Tor/Win/Ver", value:torVer[1]);
-    security_note(data:"Tor version " + torVer[1] +
-                         " was detected on the host");
+  torVer = torVer[1];
 
-    ## build cpe and store it as host_detail
-    register_cpe(tmpVers:torVer[1], tmpExpr:"^([0-9.]+)-?([a-z0-9]+)?", tmpBase:"cpe:/a:tor:tor:");
+  torPath = registry_get_sz(key:key, item:"UninstallString");
+  torPath = str_replace(string:torPath, find:'"', replace:"");
+  torPath = torPath - "Uninstall.exe";
 
+  if(!torVer)
+  {
+    torVer = fetch_file_version(sysPath:torPath, file_name:"Uninstall.exe");
+    if(!torVer){
+      exit(0);
+    }
   }
-  else
+
+  if(torVer)
   {
-    torName = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
-                                  "\Uninstall\Tor", item:"UninstallString");
-    if("Tor" >< torName)
-    {
-      torName = ereg_replace(pattern:'\"(.*)\"', replace:"\1", string:torName);
-      share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:torName);
-      file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:torName);
+    set_kb_item(name:"Tor/Win/Ver", value:torVer[1]);
 
-      torVer = GetVer(file:file, share:share);
-      if(torVer)
-      {
-        set_kb_item(name:"Tor/Win/Ver", value:torVer);
-        security_note(data:"Tor version " + torVer +
-                         " was detected on the host");
+    ## build cpe
+    cpe = build_cpe(value: torVer, exp:"^([0-9.]+-?([a-z0-9]+)?)", base:"cpe:/a:tor:tor:");
+    if(isnull(cpe))
+      cpe = 'cpe:/a:tor:tor';
 
-        ## build cpe and store it as host_detail
-        register_cpe(tmpVers: torVer, tmpExpr:"^([0-9.]+)-?([a-z0-9]+)?", tmpBase:"cpe:/a:tor:tor:");
+    register_product(cpe:cpe, location:torPath);
 
-      }
-    }
+    log_message(data: build_detection_report(app: torName,
+                                             version: torVer,
+                                             install: torPath,
+                                             cpe: cpe,
+                                             concluded: torVer));
   }
 }


Property changes on: scripts/gb_tor_detect_win.nasl
___________________________________________________________________
Modified: svn:keywords
   - Id Revision Date
   + Author Revision Date Id

Modified: scripts/gb_trillian_detect.nasl
===================================================================
--- scripts/gb_trillian_detect.nasl	2014-07-04 05:10:23 UTC (rev 544)
+++ scripts/gb_trillian_detect.nasl	2014-07-04 09:32:25 UTC (rev 545)
@@ -7,6 +7,9 @@
 # Authors:
 # Sujit Ghosal <sghosal at secpod.com>
 #
+# Updated By: Thanga Prakash S <tprakash at secpod.com> on 2014-07-02
+# Updated to support 32 and 64 bit
+#
 # Copyright:
 # Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
 #
@@ -25,33 +28,41 @@
 ###############################################################################
 
 include("revisions-lib.inc");
-tag_summary = "This script finds the installed Trillian and saves the
-  result in KB item.";
 
 if(description)
 {
-  script_id(800264);
+  script_oid("1.3.6.1.4.1.25623.1.0.800264");
+  script_version("$Revision$");
+  script_tag(name:"cvss_base", value:"0.0");
   script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
- script_version("$Revision$");
+  script_tag(name:"risk_factor", value:"None");
   script_tag(name:"last_modification", value:"$Date$");
   script_tag(name:"creation_date", value:"2009-04-07 07:29:53 +0200 (Tue, 07 Apr 2009)");
-  script_tag(name:"cvss_base", value:"0.0");
-  script_tag(name:"risk_factor", value:"None");
+  script_tag(name:"detection", value:"registry version check");
   script_name("Trillian Version Detection");
+
+  tag_summary =
+"Detection of installed version of Trillian on Windows.
+
+The script logs in via smb, searches for Trillian in the registry
+and gets the version from the file.";
+
   desc = "
   Summary:
   " + tag_summary;
+
+  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
+    script_tag(name : "summary" , value : tag_summary);
+  }
+
   script_description(desc);
   script_summary("Set Version of Trillian in KB");
   script_category(ACT_GATHER_INFO);
   script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
-  script_family("Service detection");
-  script_dependencies("secpod_reg_enum.nasl");
-  script_require_keys("SMB/WindowsVersion");
+  script_family("Product detection");
+  script_dependencies("secpod_reg_enum.nasl", "smb_reg_service_pack.nasl");
+  script_mandatory_keys("SMB/WindowsVersion", "SMB/Windows/Arch");
   script_require_ports(139, 445);
-  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
-    script_tag(name : "summary" , value : tag_summary);
-  }
   exit(0);
 }
 
@@ -60,37 +71,65 @@
 include("secpod_smb_func.inc");
 include("cpe.inc");
 include("host_details.inc");
+include("version_func.inc");
 
-## Constant values
-SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.800264";
-SCRIPT_DESC = "Trillian Version Detection";
+## Variable initialization
+exePath = "";
+dllFile = "";
+triVer = "";
 
-if(!get_kb_item("SMB/WindowsVersion")){
-  exit(0);
+## Confirm app is installed
+if(!registry_key_exists(key:"SOFTWARE\Clients\IM\Trillian"))
+{
+  if(!registry_key_exists(key:"SOFTWARE\Wow6432Node\Clients\IM\Trillian")){
+    exit(0);
+  }
 }
 
-key = "SOFTWARE\Clients\IM\Trillian";
-regKey = registry_key_exists(key:key);
-if(!regKey){
+## Get OS Architecture
+os_arch = get_kb_item("SMB/Windows/Arch");
+if(!os_arch){
+  error_message(data:"Failed to get the OS architecture");
+  exit(-1);
+}
+
+## Check for 32 bit platform
+if("x86" >< os_arch){
+  key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian";
+}
+
+## Presently 64bit application is not available
+## Check for 32 bit App on 64 bit platform
+else if("x64" >< os_arch){
+  key =  "SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Trillian";
+}
+
+if(!registry_key_exists(key:key)){
   exit(0);
 }
 
-key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian";
 exePath = registry_get_sz(key:key, item:"DisplayIcon");
-dllFile = exePath - "trillian.exe" + "toolkit.dll";
+dllFile = ereg_replace(pattern:"(t|T)rillian.exe", string:exePath, replace:"");
+
 if(dllFile != NULL)
 {
-  share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllFile);
-  file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllFile);
-  triVer = GetVer(file:file, share:share);
-  set_kb_item(name:"Trillian/Ver", value:triVer);
-  security_note(data:"Trillian version " + triVer +
-                     " running at location " + exePath +
-                     " was detected on the host");
-   
-  ## build cpe and store it as host_detail
-  cpe = build_cpe(value:triVer, exp:"^([0-9.]+)", base:"cpe:/a:ceruleanstudios:trillian:");
-  if(!isnull(cpe))
-     register_host_detail(name:"App", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);
+  triVer = fetch_file_version(sysPath:dllFile, file_name:"toolkit.dll");
 
+  if(triVer)
+  {
+    set_kb_item(name:"Trillian/Ver", value:triVer);
+
+    ## build cpe
+    cpe = build_cpe(value:triVer, exp:"^([0-9.]+)", base:"cpe:/a:ceruleanstudios:trillian:");
+    if(isnull(cpe))
+      cpe = 'cpe:/a:ceruleanstudios:trillian';
+
+    register_product(cpe:cpe, location:dllFile);
+
+    log_message(data: build_detection_report(app: "Trillian",
+                                             version: triVer,
+                                             install: dllFile,
+                                             cpe: cpe,
+                                             concluded: triVer));
+  }
 }


Property changes on: scripts/gb_trillian_detect.nasl
___________________________________________________________________
Modified: svn:keywords
   - Id Revision Date
   + Author Revision Date Id

Modified: scripts/gb_yahoo_msg_detect.nasl
===================================================================
--- scripts/gb_yahoo_msg_detect.nasl	2014-07-04 05:10:23 UTC (rev 544)
+++ scripts/gb_yahoo_msg_detect.nasl	2014-07-04 09:32:25 UTC (rev 545)
@@ -7,8 +7,11 @@
 # Authors:
 # Sharath S <sharaths at secpod.com>
 #
+# Updated By: Shakeel <bshakeel at secpod.com> on 2014-07-02
+# According to CR57 and to support 32 and 64 bit.
+#
 # Copyright:
-# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+# Copyright (C) 2009 Greenbone Networks GmbH, http://www.greenbone.net
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2
@@ -25,33 +28,42 @@
 ###############################################################################
 
 include("revisions-lib.inc");
-tag_summary = "This script detects the installed version of Yahoo! Messenger
-  and sets the result in KB.";
 
 if(description)
 {
-  script_id(801149);
+  script_oid("1.3.6.1.4.1.25623.1.0.801149");
+  script_version("$Revision$");
+  script_tag(name:"cvss_base", value:"0.0");
   script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
- script_version("$Revision$");
+  script_tag(name:"risk_factor", value:"None");
   script_tag(name:"last_modification", value:"$Date$");
   script_tag(name:"creation_date", value:"2009-12-08 05:49:24 +0100 (Tue, 08 Dec 2009)");
-  script_tag(name:"cvss_base", value:"0.0");
-  script_tag(name:"risk_factor", value:"None");
+  script_tag(name:"detection", value:"registry version check");
   script_name("Yahoo! Messenger Version Detection");
+
+  tag_summary =
+"This script detects the installed version of Yahoo! Messenger and sets the
+result in KB.
+
+The script logs in via smb, search for the product name in the registry, gets
+application Path from the registry and fetches the version from exe file.";
+
   desc = "
   Summary:
   " + tag_summary;
+
+  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
+    script_tag(name : "summary" , value : tag_summary);
+  }
+
   script_description(desc);
   script_summary("Set KB for the version of Yahoo! Messenger");
   script_category(ACT_GATHER_INFO);
   script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
-  script_family("Service detection");
-  script_dependencies("secpod_reg_enum.nasl");
-  script_require_keys("SMB/WindowsVersion");
+  script_family("Product detection");
+  script_dependencies("secpod_reg_enum.nasl", "smb_reg_service_pack.nasl");
+  script_mandatory_keys("SMB/WindowsVersion", "SMB/Windows/Arch");
   script_require_ports(139, 445);
-  if (revcomp(a: OPENVAS_VERSION, b: "6.0+beta5") >= 0) {
-    script_tag(name : "summary" , value : tag_summary);
-  }
   exit(0);
 }
 
@@ -60,40 +72,82 @@
 include("secpod_smb_func.inc");
 include("cpe.inc");
 include("host_details.inc");
+include("version_func.inc");
 
-## Constant values
-SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.801149";
-SCRIPT_DESC = "Yahoo! Messenger Version Detection";
 
-if(!get_kb_item("SMB/WindowsVersion")){
+## Function to Register Product and Build report
+function build_report(app, ver, cpe, insloc)
+{
+  register_product(cpe:cpe, location:insloc);
+
+  log_message(data: build_detection_report(app: app,
+                                           version: ver,
+                                           install: insloc,
+                                           cpe: cpe,
+                                           concluded: ver));
+}
+
+## variable initialization
+os_arch = "";
+key_list = "";
+key= "";
+ymsgName = "";
+ymsgPath = "";
+ymsgVer = "";
+
+
+## Get OS Architecture
+os_arch = get_kb_item("SMB/Windows/Arch");
+if(!os_arch){
+  error_message(data:"Failed to get the OS architecture");
+  exit(-1);
+}
+
+## Check for 32 bit platform, Only 32-bit application is available
+if("x86" >< os_arch){
+  key_list = make_list("SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger");
+  key_list2 = make_list("SOFTWARE\Yahoo\pager");
+}
+
+## Check for 64 bit platform
+else if("x64" >< os_arch){
+  key_list =  make_list("SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger");
+  key_list2 = make_list("SOFTWARE\Wow6432Node\Yahoo\pager");
+}
+
+if(isnull(key_list)){
   exit(0);
 }
 
-path = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger";
-ymsgName = registry_get_sz(key:path, item:"DisplayName");
+foreach key (key_list)
+{
+  ymsgName = registry_get_sz(key:key, item:"DisplayName");
 
-if("Yahoo! Messenger" >< ymsgName)
-{
-  ymsgVer = registry_get_sz(key:"SOFTWARE\yahoo\pager", item:"ProductVersion");
-  if(isnull(ymsgVer))
+  if("Yahoo! Messenger" >< ymsgName)
   {
-    ymsgPath = registry_get_sz(key:path, item:"DisplayIcon");
-    ymsgPath = ymsgPath - ",-0";
+    ymsgPath = registry_get_sz(key:key, item:"DisplayIcon");
+    ymsgPath = ymsgPath - "\YahooMessenger.exe,-0";
 
-    share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ymsgPath);
-    file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ymsgPath);
-    ymsgVer = GetVer(share:share, file:file);
-  }
+    foreach key1 (key_list2)
+    {
+      ymsgVer = registry_get_sz(key:key1, item:"ProductVersion");
+      if(!ymsgVer)
+      {
+        ymsgVer = fetch_file_version(sysPath:ymsgPath, file_name:"YahooMessenger.exe");
+      }
+    }
 
-  if(ymsgVer){
-    set_kb_item(name:"YahooMessenger/Ver", value:ymsgVer);
-    security_note(data:"Yahoo! Messenger Version " + ymsgVer +
-             " running at location " + ymsgPath + " was detected on the host");
-  
-    ## build cpe and store it as host_detail
-    cpe = build_cpe(value:ymsgVer, exp:"^([0-9.]+)", base:"cpe:/a:yahoo:messenger:");
-    if(!isnull(cpe))
-       register_host_detail(name:"App", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);
+    if(ymsgVer)
+    {
+      set_kb_item(name:"YahooMessenger/Ver", value:ymsgVer);
 
+      ## build cpe and store it as host_detail
+      cpe = build_cpe(value:ymsgVer, exp:"^([0-9.]+)", base:"cpe:/a:yahoo:messenger:");
+      if(isnull(cpe))
+        cpe = "cpe:/a:yahoo:messenger";
+
+      ## Register Product and Build Report
+      build_report(app: "Yahoo Messenger", ver:ymsgVer, cpe:cpe, insloc:ymsgPath);
+    }
   }
 }


Property changes on: scripts/gb_yahoo_msg_detect.nasl
___________________________________________________________________
Modified: svn:keywords
   - Id Revision Date
   + Author Revision Date Id



More information about the Openvas-nvts-commits mailing list