Re: OpenVAS plans to integrate NSE support

[David Fifield <david () bamsoftware com>]

On Fri, Feb 26, 2010 at 07:16:03AM -0600, Ron wrote:
> Hello,
>
> I love OpenVAS, and I think integrating NSE into it would be really cool! 
>
> Input parameters are described in the documentation, but the
> difficulty is that libraries can also include input parameters and you
> therefore have to find them recursively (by looking at what includes
> what). 

We do something like this for NSEDoc. For example, at

http://nmap.org/nsedoc/scripts/smb-check-vulns.html

there are paragraphs for "safe" and "unsafe", and then it has

randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.

smbdomain, smbhash, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.

> At this point, I think what you're saying is a major weakness of
> Zenmap -- it has no way to prompt the user for the proper parameters
> for scripts, it expects users to just know. Maybe it's something we
> can explore in Zenmap as well?

This is a TODO item already. You're right, it would be great if the
profile editor could show the documentation for each script, and
automatically parse out the possible script arguments and make text
boxes to fill in.

I think this could be done tolerably well through scraping of the script
source code. Zenmap and OpenVAS wouldn't have to have a Lua interpreter.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/