[RFC] smb-check-vulns port to nse vulns lib

[Andrew Jason Farabee <afarabee () uci edu>]

I'm currently trying to finish up porting old vulnerability scripts to
the vulns library for issue 147
(https://github.com/nmap/nmap/issues/147), but I've run into some
issues porting smb-check-vulns.nse:

 * The script has 8 different states (which can also be "likely
[STATE]" or "not [STATE]") that aren't exactly represented by
vulns.STATE. For this I am thinking of treating (VULNERABLE, INFECTED,
INFECTED2) as VULN and (CLEAN, PATCHED, UNKNOWN, NOTRUN, NOTUP) as
NOT_VULN.

 * The vulns table can only handle one vulns.STATE for the entire
script (or some combination of the possible options VULN, NOT_VULN,
LIKELY_VULN, EXPLOIT, DoS).  My idea is to have vuln.state = VULN if
any check results in a state similar to VULN, vuln.state = LIKELY_VULN
if no check is equivalent to VULN with at least one check containing
"likely", and NOT_VULN if all checks are equivalent to NOT_VULN.

 * Since the multiple checks produce multiple results, this
information would have to be stored somewhere. For each of these
checks I was planning on using extra_info in the vuln table to store
what is currently being inserted into response (ex ""NO SERVICE", "the
Ras RPC service is inactive").  One issue with this is that the output
of skipped checks or NOT_VULN checks will be displayed when they
otherwise shouldn't be.  It is possible to overcome this by checking
that nmap.debugging() > 1 before inserting check results into the
vuln.extra_info table.

If all this sounds right I'm going to finish up using the methods
described above, but please stop me if I'm handling this wrong.

Thanks a lot!
Andrew
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/