From boris.levit at yahoo.com Tue Jun 17 17:54:29 2008 From: boris.levit at yahoo.com (Boris Levit) Date: Tue, 17 Jun 2008 08:54:29 -0700 (PDT) Subject: [Openvas-plugins] missed plugins Message-ID: <487352.77516.qm@web46204.mail.sp1.yahoo.com> I have installed openvas-client-1.0.3 openvas-libnasl-1.0.0 openvas-libraries-1.0.1 openvas-manual-0.9.0 openvas-plugins-1.0.1 openvas-server-1.0.0 and then have to move from nessus distribution to openvas plugins location (cp /opt/nessus/lib/nessus/plugins/$a /usr/local/lib/openvas/plugins/) 136 files to satisfy openvasd and its plugins set requirements. When we could expect whole set of plugins ready? Here is list of moved files: apcnisd_detect.nasl auth_enabled.nasl bugzilla_detect.nasl byte_func.inc cisco_ids_manager_detect.nasl crypto_func.inc cubecart_detect.nasl cutenews_detect.nasl cvs_pserver_heap_overflow.nasl cvs_public_pserver.nasl cvstrac_detect.nasl distro_guess.nasl dns_func.inc dns_server.nasl e107_detect.nasl echo.nasl ftp_anonymous.nasl httpver.nasl invision_power_board_detect.nasl kerberos.nasl ldap_detect.nasl macosx_SecUpd20040126.nasl macosx_SecUpd20040503.nasl macosx_SecUpd20041202.nasl macosx_version.nasl mambo_detect.nasl mandrake_MDKSA-2004-065.nasl mandrake_MDKSA-2004-075.nasl mantis_detect.nasl mdns.nasl moodle_detect.nasl mozilla_firefox_code_exec.nasl mozilla_org_installed.nasl msrpc_dcom2.nasl ms_telnet_overflow.nasl openca_html_injection.nasl opera_installed.nasl opera_multiple_flaws.nasl os_fingerprint_http.nasl os_fingerprint_linux_distro.nasl os_fingerprint_mdns.nasl os_fingerprint_msrprc.nasl os_fingerprint.nasl os_fingerprint_ntp.nasl os_fingerprint_sinfp.nasl os_fingerprint_smb.nasl os_fingerprint_snmp.nasl os_fingerprint_ssh.nasl os_fingerprint_telnet.nasl os_fingerprint_uname.nasl os_fingerprint_xprobe.nasl phorum_detect.nasl photopost_detect.nasl phpbb_detect.nasl php_fusion_detect.nasl phpgroupware_detect.nasl phpMyAdmin_detect.nasl phpmyfaq_detect.nasl php_nuke_installed.nasl ping_host.nasl postnuke_detect.nasl proxy_use.nasl putty_version_check.nasl raw.inc redhat_fixes.nasl redhat-RHSA-2002-131.nasl redhat-RHSA-2002-214.nasl redhat-RHSA-2003-244.nasl redhat-RHSA-2004-244.nasl redhat-RHSA-2004-392.nasl redhat-RHSA-2004-395.nasl redhat-RHSA-2004-408.nasl redhat-RHSA-2004-591.nasl rpc_portmap.nasl rsh.nasl rsync_modules.nasl samba_detect.nasl sendmail_expn.nasl serendipity_detect.nasl sinfp.inc smb_enum_services.nasl smb_func.inc smb_hotfixes.nasl smb_login.nasl smb_nativelanman.nasl smb_nt.inc smb_registry_access.nasl smb_registry_full_access.nasl smb_reg_service_pack.nasl smb_reg_service_pack_W2K.nasl smtp_relay.nasl smtp_settings.nasl snmp_func.inc snmp_settings.nasl snmp_sysDesc.nasl solaris251_103603.nasl solaris251_103879.nasl solaris251_x86_103604.nasl solaris251_x86_103881.nasl solaris26_105395.nasl solaris26_106301.nasl solaris26_107336.nasl solaris26_x86_105396.nasl solaris26_x86_106302.nasl solaris26_x86_107338.nasl solaris7_107337.nasl solaris7_107684.nasl solaris7_110646.nasl solaris7_x86_107339.nasl solaris7_x86_107685.nasl solaris7_x86_110647.nasl solaris8_110615.nasl solaris8_111400.nasl solaris8_111606.nasl solaris8_x86_110616.nasl solaris8_x86_111401.nasl solaris8_x86_111607.nasl solaris9_113575.nasl solaris9_114636.nasl solaris9_x86_114137.nasl solaris9_x86_114637.nasl ssh_settings.nasl subversion_detection.nasl sybase_detect.nasl telnet.nasl tftpd_detect.nasl ventrilo_detect.nasl webapp_detect.nasl webcalendar_detect.nasl webmirror.nasl ws_ftp_client_overflows.nasl www_too_long_url.nasl xerox_document_centre_detect.nasl xerox_workcentre_detect.nasl xoops_detect.nasl yahoo_msg_running.nasl -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20080617/88f32012/attachment.html From jan-oliver.wagner at intevation.de Tue Jun 17 21:35:21 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Tue, 17 Jun 2008 21:35:21 +0200 Subject: [Openvas-plugins] missed plugins In-Reply-To: <487352.77516.qm@web46204.mail.sp1.yahoo.com> References: <487352.77516.qm@web46204.mail.sp1.yahoo.com> Message-ID: <200806172135.25903.jan-oliver.wagner@intevation.de> On Tuesday 17 June 2008 17:54, Boris Levit wrote: > I have installed > openvas-client-1.0.3 > openvas-libnasl-1.0.0 > openvas-libraries-1.0.1 > openvas-manual-0.9.0 > openvas-plugins-1.0.1 > openvas-server-1.0.0 > and then have to move from nessus distribution to openvas plugins location > (cp /opt/nessus/lib/nessus/plugins/$a /usr/local/lib/openvas/plugins/) note that Tenable does not allow you to use the proprietary nessus plugins with any other tool the Nessus as downloaded from nessus.org or Tenable (at least I remember conditions like this in the feed license last time I read it). > 136 files to satisfy openvasd and its plugins set requirements. When we could > expect whole set of plugins ready? this depends very much on contributions the OpenVAS project receives from third parties like we get the Debian Local Security Checks from Security Space. At the moment, it is being worked on Windows Local Security Checks via smbclient to cover some current problems on Windows. Further NASL developers are welcome. Best Jan -- Dr. Jan-Oliver Wagner Intevation GmbH Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Wed Jun 18 09:59:39 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Wed, 18 Jun 2008 09:59:39 +0200 Subject: [Openvas-plugins] Updated nikto.nasl Message-ID: <200806180959.39758.michael.wiegand@intevation.de> Hello, I've just committed an updated version of plugin for Nikto (http://cirt.net/nikto2) integration. It now works (even better) with the new Nikto 2.0. Please take a look at the new plugin and let me know what you think. I've changed the plugin to be more verbose in case it was unable to start Nikto; the previous version would just silently fail if nikto.pl wasn't in the path or the target did not return 404 on non-existent pages. Older Nikto versions tended to report quite an amount of false positives if the target did not return 404s; the 2.0 version seems to report far less false positives in this case. I think it should be up to the user to perform a scan in this case and have added an option to force the scan under theses circumstances. Forcing this scan will now generate a warning in the report. The new plugin is geared towards Nikto 2.0 (although it will work with older versions), so I've removed the configuration options no longer supported in Nikto 2.0 from nikto.nasl. Since I haven't used Nikto in great detail, I'm not sure which options should be controllable from within OpenVAS. You can find a list of all available options at http://cirt.net/nikto2-docs/ch04.html ; any suggestions are appreciated. Regards, Michael -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabr?ck http://www.intevation.de/ Amtsgericht Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From jan-oliver.wagner at intevation.de Tue Jun 24 09:46:28 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Tue, 24 Jun 2008 09:46:28 +0200 Subject: [Openvas-plugins] Getting http_keepalive and http_func to work correctly Message-ID: <200806240946.31878.jan-oliver.wagner@intevation.de> Hello, in April Tim comitted a free version of the so-far missing http_func.inc. However, it seems the different version we have to not match well for each other. I observed these line ins openvas.dump: ...Undefined function 'http_recv_headers' This is called from http_keepalive.inc. In http_func.inc there is a method 'http_recv_headers2'. It looks like it is OK to simply change any call of 'http_recv_headers' by 'http_recv_headers2'. But in fact this will lead to many error lines in openvas.dump that now complain like this: [3708](/usr/local/openvas-production/lib/openvas/plugins/mysql_eventum_flaws.nasl) recv_line: missing or undefined parameter length or soc I found out that it is the socket which is the problem. And I found out that it is difficult to find out anything. I.e. debugging is really not so well supported. Any hint or help to get this all back to work correctly is highly appreciated. Best Jan -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From jan-oliver.wagner at intevation.de Thu Jun 26 14:11:50 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Thu, 26 Jun 2008 14:11:50 +0200 Subject: [Openvas-plugins] Getting http_keepalive and http_func to work correctly In-Reply-To: <200806240946.31878.jan-oliver.wagner@intevation.de> References: <200806240946.31878.jan-oliver.wagner@intevation.de> Message-ID: <200806261411.53357.jan-oliver.wagner@intevation.de> On Dienstag, 24. Juni 2008, Jan-Oliver Wagner wrote: > in April Tim comitted a free version of the so-far missing http_func.inc. > > However, it seems the different version we have to not match well for each other. > I observed these line ins openvas.dump: > > ...Undefined function 'http_recv_headers' > > This is called from http_keepalive.inc. > In http_func.inc there is a method 'http_recv_headers2'. > > It looks like it is OK to simply change any call of 'http_recv_headers' > by 'http_recv_headers2'. > > But in fact this will lead to many error lines in openvas.dump > that now complain like this: > > [3708](/usr/local/openvas-production/lib/openvas/plugins/mysql_eventum_flaws.nasl) recv_line: missing or undefined parameter length or soc > > I found out that it is the socket which is the problem. > And I found out that it is difficult to find out anything. I.e. debugging > is really not so well supported. I now committed the patch to http_keepalive.inc as this seems necessary anyway. Next step is to find out about the recv_line problem. Any ideas how to track this down? Best Jan -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner