From angelo.compagnucci at gmail.com Sun Nov 1 23:06:58 2009 From: angelo.compagnucci at gmail.com (Angelo Compagnucci) Date: Sun, 1 Nov 2009 23:06:58 +0100 Subject: [Openvas-plugins] Joomla! detection plugin In-Reply-To: <777f2ade0910300722n254495f0ka2c5df881bba8ff8@mail.gmail.com> References: <777f2ade0910290946p49a088cep15e727486f0a35f3@mail.gmail.com> <20091029173951.GA11902@komma-nix.de> <777f2ade0910300350o55114c6l4cd7b8348ed68a11@mail.gmail.com> <777f2ade0910300722n254495f0ka2c5df881bba8ff8@mail.gmail.com> Message-ID: <777f2ade0911011406j6672c596jc34721484bfc9260@mail.gmail.com> Less false positives! (the last one!) Angelo 2009/10/30 Angelo Compagnucci : > Latest version, better than the previous one! > > Angelo > -------------- next part -------------- A non-text attachment was scrubbed... Name: joomla_detect.nasl Type: application/octet-stream Size: 7557 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20091101/c5633107/joomla_detect.obj From angelo.compagnucci at gmail.com Tue Nov 3 09:52:38 2009 From: angelo.compagnucci at gmail.com (Angelo Compagnucci) Date: Tue, 3 Nov 2009 09:52:38 +0100 Subject: [Openvas-plugins] THANKS: Joomla! detection plugin Message-ID: <777f2ade0911030052s2f49bac2n548c2dae4b65d572@mail.gmail.com> Hello Michael, Thank you! I updated rsync feed and I saw joomla plugin added!! Really gratefull! Angelo 2009/11/1 Angelo Compagnucci : > Less false positives! > > (the last one!) > > Angelo > > 2009/10/30 Angelo Compagnucci : >> Latest version, better than the previous one! >> >> Angelo >> > From angelo.compagnucci at gmail.com Tue Nov 3 10:27:55 2009 From: angelo.compagnucci at gmail.com (Angelo Compagnucci) Date: Tue, 3 Nov 2009 10:27:55 +0100 Subject: [Openvas-plugins] OWASP Joomla! Vulnerability Scanner Plugin Message-ID: <777f2ade0911030127q30815c03maa9c7b224e95499d@mail.gmail.com> Hello list, I'm intrested in Joomla you know! I'm planning a plugin for joomscan.pl, the joomla scanner by OWASP. The scanner prints on the standard output scanning results. What could be the best way to inspect scanning results? Do you have a standard? A file in /tmp? Thanks for your suggestions! Angelo From michael.meyer at intevation.de Tue Nov 3 11:06:38 2009 From: michael.meyer at intevation.de (Michael Meyer) Date: Tue, 3 Nov 2009 11:06:38 +0100 Subject: [Openvas-plugins] OWASP Joomla! Vulnerability Scanner Plugin In-Reply-To: <777f2ade0911030127q30815c03maa9c7b224e95499d@mail.gmail.com> References: <777f2ade0911030127q30815c03maa9c7b224e95499d@mail.gmail.com> Message-ID: <20091103100638.GA23927@komma-nix.de> Hello, *** Angelo Compagnucci wrote: > I'm intrested in Joomla you know! Yes, we know. ;) > I'm planning a plugin for joomscan.pl, the joomla scanner by OWASP. > > The scanner prints on the standard output scanning results. What could > be the best way to inspect scanning results? > Do you have a standard? A file in /tmp? Have a look at the nikto.nasl or the remote-web-w3af.nasl. Micha -- Michael Meyer OpenPGP Key: 76E050B9 http://www.intevation.de Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck; AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Thu Nov 5 09:23:29 2009 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Thu, 5 Nov 2009 09:23:29 +0100 Subject: [Openvas-plugins] Encoding of NVTs Message-ID: <20091105082329.GB10207@intevation.de> Dear NVT authors, While working on the upcoming OpenVAS 3.0 release, I noticed that there is no standard encoding for NVTs. The vast majority seems to be ASCII or ISO-8859, there is a small percentage (<1%) which are UTF-8 encoded. This is not a big issue for openvas-scanner since it mostly just passes along the string, but can create trouble in modules processing the output of openvas-scanner, like openvas-manager or openvas-client. Since OTP does not specify an encoding, they generally assume that everything they get from openvas-scanner is ISO-8859 encoded and will try to convert it. This means that the encoding will be messed up if the NVT was already UTF-8 encoded which can result in anything from funny looking characters to incomplete reports. I'd like to propose ASCII and ISO-8859 as the default encoding for NVTs and would like to ask the authors of the UTF-8 encoded NVTs to convert their NVTs to ISO-8859. I have attached a list of NVTs I found with file; I did not check the individually, so there might be some false positives/negatives in there. Thank you very much for your cooperation; if you have any questions or suggestions, feel free to let me know. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabr?ck, Germany | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- deb_1475_1.nasl deb_1512_1.nasl deb_1528_1.nasl deb_1538_1.nasl deb_1543_1.nasl deb_1819_1.nasl deb_1913_1.nasl fcore_2008_11736.nasl fcore_2009_0943.nasl fcore_2009_1057.nasl fcore_2009_4064.nasl fcore_2009_5517.nasl fcore_2009_5518.nasl fcore_2009_6033.nasl fcore_2009_6837.nasl fcore_2009_6899.nasl fcore_2009_7680.nasl fcore_2009_7780.nasl fcore_2009_8136.nasl fcore_2009_8649.nasl fcore_2009_8684.nasl fcore_2009_8868.nasl fcore_2009_8888.nasl fcore_2009_9256.nasl fcore_2009_9427.nasl gb_aceftp_remote_dir_traversal_vuln.nasl gb_CESA-2008_0177_evolution_centos4_i386.nasl gb_CESA-2008_0177_evolution_centos4_x86_64.nasl gb_CESA-2008_0617_vim-common_centos3_i386.nasl gb_CESA-2008_0617_vim-common_centos3_x86_64.nasl gb_CESA-2008_0617_vim-common_centos4_i386.nasl gb_CESA-2008_0617_vim-common_centos4_x86_64.nasl gb_CESA-2008_1028_cups_centos3_i386.nasl gb_CESA-2008_1028_cups_centos3_x86_64.nasl gb_fedora_2007_1219_cups_fc5.nasl gb_fedora_2007_1541_cups_fc7.nasl gb_fedora_2007_2295_ntfs-3g_fc7.nasl gb_fedora_2007_2715_cups_fc7.nasl gb_fedora_2007_2982_cups_fc8.nasl gb_fedora_2007_2985_kdepim_fc7.nasl gb_fedora_2007_3100_cups_fc7.nasl gb_fedora_2007_4368_xfce4-places-plugin_fc8.nasl gb_fedora_2007_4385_xfce4-places-plugin_fc7.nasl gb_fedora_2007_644_cups_fc6.nasl gb_fedora_2007_740_cups_fc6.nasl gb_fedora_2007_746_cups_fc6.nasl gb_fedora_2008_10895_cups_fc10.nasl gb_fedora_2008_10911_cups_fc8.nasl gb_fedora_2008_10917_cups_fc9.nasl gb_fedora_2008_1287_deluge_fc8.nasl gb_fedora_2008_1288_deluge_fc7.nasl gb_fedora_2008_1901_cups_fc8.nasl gb_fedora_2008_1976_cups_fc7.nasl gb_fedora_2008_2131_cups_fc8.nasl gb_fedora_2008_2897_cups_fc7.nasl gb_fedora_2008_3449_cups_fc7.nasl gb_fedora_2008_3586_cups_fc8.nasl gb_fedora_2008_3756_cups_fc9.nasl gb_fedora_2008_8801_cups_fc8.nasl gb_fedora_2008_8844_cups_fc9.nasl gb_RHSA-2008_0177-01_evolution.nasl gb_RHSA-2008_0290-01_samba.nasl gb_RHSA-2008_0580-01_vim.nasl gb_RHSA-2008_0581-01_bluez-libs_bluez-utils.nasl gb_RHSA-2008_0617-01_vim.nasl gb_RHSA-2008_0907-01_pam_krb5.nasl gb_RHSA-2008_1017-01_kernel.nasl gb_RHSA-2008_1028-01_cups.nasl gb_RHSA-2008_1029-01_cups.nasl gb_suse_2007_036.nasl mdksa_2009_026_1.nasl mdksa_2009_026.nasl RHSA_2009_0297.nasl RHSA_2009_0308.nasl RHSA_2009_0336.nasl RHSA_2009_0369.nasl RHSA_2009_0373.nasl RHSA_2009_0428.nasl RHSA_2009_0429.nasl ubuntu_702_1.nasl ubuntu_839_1.nasl -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20091105/cbfc4ef8/attachment.pgp From goran.licina at lss.hr Thu Nov 5 14:46:31 2009 From: goran.licina at lss.hr (=?ISO-8859-2?Q?Goran_Li=E8ina?=) Date: Thu, 5 Nov 2009 14:46:31 +0100 Subject: [Openvas-plugins] SANS Top 20 coverage Message-ID: <8A02A3DF683DEE42BE73187F4CA4444C1638B4@vlasta.lss-net.lss.hr> Hi all! We've looked into SANS Top 20 2007 (http://www.sans.org/top20/) coverage of OpenVAS plugins and found that a lot of vulnerabilities don't have NVTs that test them. Most of these vulnerabilities require local checks for detection, but there are lots of them that are remotely exploitable. I'm not sure whether it makes sense to write local checks for these vulnerabilities, but it would be good to have those that are remotely exploitable covered, so we decided to work on them. If anyone wants to join please notify us to avoid double work. Any advices/comments/opinions are welcome! :) Best regards, Goran Licina -- Laboratory for Systems and Signals Department of Electronic Systems and Information Processing Faculty of Electrical Engineering and Computing University of Zagreb From Jan-Oliver.Wagner at greenbone.net Mon Nov 9 08:09:15 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Mon, 9 Nov 2009 08:09:15 +0100 Subject: [Openvas-plugins] SANS Top 20 coverage In-Reply-To: <8A02A3DF683DEE42BE73187F4CA4444C1638B4@vlasta.lss-net.lss.hr> References: <8A02A3DF683DEE42BE73187F4CA4444C1638B4@vlasta.lss-net.lss.hr> Message-ID: <200911090809.15710.Jan-Oliver.Wagner@greenbone.net> Hi Goran, On Thursday 05 November 2009 14:46:31 Goran Li?ina wrote: > We've looked into SANS Top 20 2007 (http://www.sans.org/top20/) coverage > of OpenVAS plugins and found that a lot of vulnerabilities don't > have NVTs that test them. > > Most of these vulnerabilities require local checks for detection, but there > are lots of them that are remotely exploitable. I'm not sure whether it > makes sense to write local checks for these vulnerabilities, but it would > be good to have those that are remotely exploitable covered, so we decided > to work on them. > > If anyone wants to join please notify us to avoid double work. > > Any advices/comments/opinions are welcome! :) thanks for taking this task! It would be good if you would check in a list of missing NVTs into openvas-plugins and alwys indiciate on which one you are currently working on. Also, a "sans20-2007.nasl" with just the single NVTs as dependencies might be helpful. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck AG Osnabr?ck, HR B 202460 | Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From goran.licina at lss.hr Sat Nov 14 16:34:20 2009 From: goran.licina at lss.hr (=?ISO-8859-2?Q?Goran_Li=E8ina?=) Date: Sat, 14 Nov 2009 16:34:20 +0100 Subject: [Openvas-plugins] Work on missing deps References: <8A02A3DF683DEE42BE73187F4CA4444C0EE345@vlasta.lss-net.lss.hr><8A02A3DF683DEE42BE73187F4CA4444C0EE764@vlasta.lss-net.lss.hr><78CDD4EAB5134BFAB0E706C14BCC4AA1@bchandra><8A02A3DF683DEE42BE73187F4CA4444C0EECF2@vlasta.lss-net.lss.hr><8A02A3DF683DEE42BE73187F4CA4444C0EECF4@vlasta.lss-net.lss.hr><20091005175249.GA26915@komma-nix.de><8A02A3DF683DEE42BE73187F4CA4444C0EED4E@vlasta.lss-net.lss.hr> <20091006073054.GA2437@komma-nix.de> Message-ID: <8A02A3DF683DEE42BE73187F4CA4444C163AE1@vlasta.lss-net.lss.hr> -----Original Message----- > From: openvas-plugins-bounces at wald.intevation.org [mailto:openvas- > plugins-bounces at wald.intevation.org] On Behalf Of Michael Meyer > Sent: Tuesday, October 06, 2009 9:31 AM > To: openvas-plugins at wald.intevation.org > Subject: Re: [Openvas-plugins] Work on missing deps > > [...] > > > > > msrpc_dcom2.nasl > > > > > > There is no (more) script which have 'msrpc_dcom2.nasl' as a > > > dependency. Maybe it's wasted time to develop it... > > > > Yeah, I noticed that, but one of our students is already working on > it and no > > other plugin is reporting same vulnerability so it's not redundant, I > guess :) > > Ok. ;) > Hi, msrpc_dcom2.nasl is finished. Please review it and commit if it's ok. Thanks! Goran -------------- next part -------------- A non-text attachment was scrubbed... Name: msrpc_dcom2.nasl Type: application/octet-stream Size: 2705 bytes Desc: msrpc_dcom2.nasl Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20091114/d705c0a0/msrpc_dcom2.obj From alec.dezegher at esat.kuleuven.be Wed Nov 18 14:08:39 2009 From: alec.dezegher at esat.kuleuven.be (Alec de Zegher) Date: Wed, 18 Nov 2009 14:08:39 +0100 Subject: [Openvas-plugins] Documentation on how to write plugins? Message-ID: <42FE713E-8C20-4651-9EDE-6E3D2527528B@esat.kuleuven.be> Hi, I am a final year engineering student doing research on cyber security of SCADA systems. On of the aims of my final year project is to test vulnerability of SCADA systems against attacks. I have an ABB SCADA system at my disposal to test (and maybe more in the future). As I didn't find a lot of tools, to scan SCADA systems (Except Nessus 4 ProfessionalFeed), I might want to write my own attack scripts. I would like to implement my attack scripts in a framework like OpenVPS, so people after me can benefit from my work. However after reading for about an hour on the OpenVPS website I didn't find clear information about where to start to write a plugin, and were I could find an existing plugin (as a point of start). Could somebody point me out on how would be the best way to get familiar with writing scripts? Thank you very much, Best Regards, Alec de Zegher -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20091118/f9f44c01/attachment.html From michael.meyer at intevation.de Wed Nov 18 15:54:32 2009 From: michael.meyer at intevation.de (Michael Meyer) Date: Wed, 18 Nov 2009 15:54:32 +0100 Subject: [Openvas-plugins] Documentation on how to write plugins? In-Reply-To: <42FE713E-8C20-4651-9EDE-6E3D2527528B@esat.kuleuven.be> References: <42FE713E-8C20-4651-9EDE-6E3D2527528B@esat.kuleuven.be> Message-ID: <20091118145432.GA8889@komma-nix.de> Hello, *** Alec de Zegher wrote: > However after reading for about an hour on the OpenVPS website I > didn't find clear information about where to start to write a > plugin, Have a look at the NASL-Referenz at http://www.virtualblueness.net/nasl.html http://www.nessus.org/doc/nasl2_reference.pdf > and were I could find an existing plugin (as a point of > start). Could somebody point me out on how would be the best way > to get familiar with writing scripts? Do you have OpenVAS installed? Then, after executing "openvas-nvt-sync", you should find all plugins in "lib/openvas/plugins/". Full path depends on your installation. You can also get the latest plugins from: http://www.openvas.org/openvas-nvt-feed-current.tar.bz2 Try to start with that informations. If you have any question feel free to ask here at the list or send me a mail. Micha -- Michael Meyer OpenPGP Key: 76E050B9 http://www.intevation.de Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck; AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From labeneator at gmail.com Wed Nov 18 16:09:12 2009 From: labeneator at gmail.com (Laban Mwangi) Date: Wed, 18 Nov 2009 15:09:12 +0000 Subject: [Openvas-plugins] Documentation on how to write plugins? In-Reply-To: <42FE713E-8C20-4651-9EDE-6E3D2527528B@esat.kuleuven.be> References: <42FE713E-8C20-4651-9EDE-6E3D2527528B@esat.kuleuven.be> Message-ID: <1258556952.19102.43.camel@hyperion.penguinlabs.co.ke> Hi, On Wed, 2009-11-18 at 14:08 +0100, Alec de Zegher wrote: > information about where to start to write a plugin, and were I could > find an existing plugin (as a point of start). Could somebody point me > out on how would be the best way to get familiar with writing scripts? Try this simple overview. It's still incomplete so patches/edits are welcome :) http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/doc/overview.txt?rev=2587&root=openvas&view=markup regards -- Laban Mwangi -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20091118/60d7c7ef/attachment.pgp From felix.wolfsteller at intevation.de Thu Nov 19 08:23:38 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Thu, 19 Nov 2009 08:23:38 +0100 Subject: [Openvas-plugins] Documentation on how to write plugins? In-Reply-To: <42FE713E-8C20-4651-9EDE-6E3D2527528B@esat.kuleuven.be> References: <42FE713E-8C20-4651-9EDE-6E3D2527528B@esat.kuleuven.be> Message-ID: <200911190823.38615.felix.wolfsteller@intevation.de> Also, feel free to join the IRC channel. http://www.openvas.org/online-chat.html enjoy -- felix On Wednesday 18 November 2009 14:08:39 Alec de Zegher wrote: > Hi, > > I am a final year engineering student doing research on cyber security of > SCADA systems. On of the aims of my final year project is to test > vulnerability of SCADA systems against attacks. I have an ABB SCADA system > at my disposal to test (and maybe more in the future). As I didn't find a > lot of tools, to scan SCADA systems (Except Nessus 4 ProfessionalFeed), I > might want to write my own attack scripts. > > I would like to implement my attack scripts in a framework like OpenVPS, so > people after me can benefit from my work. However after reading for about > an hour on the OpenVPS website I didn't find clear information about where > to start to write a plugin, and were I could find an existing plugin (as a > point of start). Could somebody point me out on how would be the best way > to get familiar with writing scripts? > > Thank you very much, > Best Regards, > > Alec de Zegher -- Felix Wolfsteller | ++49 541 335083-783 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From goran.licina at lss.hr Thu Nov 26 13:15:47 2009 From: goran.licina at lss.hr (=?iso-8859-2?Q?Goran_Li=E8ina?=) Date: Thu, 26 Nov 2009 13:15:47 +0100 Subject: [Openvas-plugins] smb_enum_services.nasl Message-ID: <8A02A3DF683DEE42BE73187F4CA4444C163DD4@vlasta.lss-net.lss.hr> Hi all, as you know we are working on last missing dep - smb_enum_sevices.nasl. However we can't find appropriate literature and protocol definitions for DCE/RPC over SMB and are a bit stuck on that. Can anybody point us to some materials that could help us? Thanks! Regards, Goran Licina -- Laboratory for Systems and Signals Department of Electronic Systems and Information Processing Faculty of Electrical Engineering and Computing University of Zagreb From michael.meyer at intevation.de Fri Nov 27 12:30:16 2009 From: michael.meyer at intevation.de (Michael Meyer) Date: Fri, 27 Nov 2009 12:30:16 +0100 Subject: [Openvas-plugins] smb_enum_services.nasl In-Reply-To: <8A02A3DF683DEE42BE73187F4CA4444C163DD4@vlasta.lss-net.lss.hr> References: <8A02A3DF683DEE42BE73187F4CA4444C163DD4@vlasta.lss-net.lss.hr> Message-ID: <20091127113016.GA7109@komma-nix.de> Hello Goran, *** Goran Li?ina wrote: > as you know we are working on last missing dep - smb_enum_sevices.nasl. > However we can't find appropriate literature and protocol definitions for > DCE/RPC over SMB and are a bit stuck on that. > > Can anybody point us to some materials that could help us? http://www.amazon.com/DCE-RPC-over-SMB-Internals/dp/1578701503 seems to be the only useful source. http://ftp.us.debian.org/debian/pool/main/n/nessus-plugins/nessus-plugins_2.2.10-6_i386.deb contains an old version of smb_enum_services.nasl which seems to be released under the GPL. AFAICS this will not work with OpenVAS but it could be inspiring for you. Maybe take a look on it... HTH Micha -- Michael Meyer OpenPGP Key: 76E050B9 http://www.intevation.de Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck; AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From goran.licina at lss.hr Mon Nov 30 15:52:24 2009 From: goran.licina at lss.hr (=?iso-8859-2?Q?Goran_Li=E8ina?=) Date: Mon, 30 Nov 2009 15:52:24 +0100 Subject: [Openvas-plugins] smb_enum_services.nasl References: <8A02A3DF683DEE42BE73187F4CA4444C163DD4@vlasta.lss-net.lss.hr> <20091127113016.GA7109@komma-nix.de> Message-ID: <8A02A3DF683DEE42BE73187F4CA4444C163E7A@vlasta.lss-net.lss.hr> > -----Original Message----- > From: openvas-plugins-bounces at wald.intevation.org [mailto:openvas- > plugins-bounces at wald.intevation.org] On Behalf Of Michael Meyer > Sent: Friday, November 27, 2009 12:30 PM > To: openvas-plugins at wald.intevation.org > Subject: Re: [Openvas-plugins] smb_enum_services.nasl > > Hello Goran, > > *** Goran Li?ina wrote: > > as you know we are working on last missing dep - > smb_enum_sevices.nasl. > > However we can't find appropriate literature and protocol definitions > for > > DCE/RPC over SMB and are a bit stuck on that. > > > > Can anybody point us to some materials that could help us? > > http://www.amazon.com/DCE-RPC-over-SMB-Internals/dp/1578701503 seems > to be the only useful source. We also discovered this book, but it seems hard to find (except on Amazon ;). > > http://ftp.us.debian.org/debian/pool/main/n/nessus-plugins/nessus- > plugins_2.2.10-6_i386.deb > contains an old version of smb_enum_services.nasl which seems to be > released under the GPL. AFAICS this will not work with OpenVAS but it > could be inspiring for you. Maybe take a look on it... Thanks, we'll take a look and see if it's useful. > > HTH You were helpful as always :) Thanks! Goran From timb at openvas.org Mon Nov 30 21:02:49 2009 From: timb at openvas.org (Tim Brown) Date: Mon, 30 Nov 2009 20:02:49 +0000 Subject: [Openvas-plugins] smb_enum_services.nasl In-Reply-To: <8A02A3DF683DEE42BE73187F4CA4444C163E7A@vlasta.lss-net.lss.hr> References: <8A02A3DF683DEE42BE73187F4CA4444C163DD4@vlasta.lss-net.lss.hr> <20091127113016.GA7109@komma-nix.de> <8A02A3DF683DEE42BE73187F4CA4444C163E7A@vlasta.lss-net.lss.hr> Message-ID: <200911302002.50119.timb@openvas.org> On Monday 30 November 2009 14:52:24 Goran Li?ina wrote: > > -----Original Message----- > > From: openvas-plugins-bounces at wald.intevation.org [mailto:openvas- > > plugins-bounces at wald.intevation.org] On Behalf Of Michael Meyer > > Sent: Friday, November 27, 2009 12:30 PM > > To: openvas-plugins at wald.intevation.org > > Subject: Re: [Openvas-plugins] smb_enum_services.nasl > > > > Hello Goran, > > > > *** Goran Li?ina wrote: > > > as you know we are working on last missing dep - > > > > smb_enum_sevices.nasl. > > > > > However we can't find appropriate literature and protocol definitions > > > > for > > > > > DCE/RPC over SMB and are a bit stuck on that. > > > > > > Can anybody point us to some materials that could help us? > > > > http://www.amazon.com/DCE-RPC-over-SMB- Internals/dp/1578701503 seems > > to be the only useful source. > > We also discovered this book, but it seems hard to find (except on Amazon > ;). > > > http://ftp.us.debian.org/debian/pool/main/n/nessus- plugins/nessus- > > plugins_2.2.10-6_i386.deb > > contains an old version of smb_enum_services.nasl which seems to be > > released under the GPL. AFAICS this will not work with OpenVAS but it > > could be inspiring for you. Maybe take a look on it... > > Thanks, we'll take a look and see if it's useful. > > > HTH > > You were helpful as always :) > > Thanks! > > Goran > > _______________________________________________ > Openvas-plugins mailing list > Openvas-plugins at wald.intevation.org > http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins > Another option would be to extend out the use of libsmbclient. This would actually be my preferred option for SMB operations that don't need support for malformed packets. It's probably worth considering where the operations are used for long term information gathering (as opposed to short term vulnerability enumeration). Tim -- Tim Brown