Nmap Development mailing list archives
[RFC] smb-check-vulns port to nse vulns lib
From: Andrew Jason Farabee <afarabee () uci edu>
Date: Thu, 25 Jun 2015 05:19:40 -0700
I'm currently trying to finish up porting old vulnerability scripts to the vulns library for issue 147 (https://github.com/nmap/nmap/issues/147), but I've run into some issues porting smb-check-vulns.nse: * The script has 8 different states (which can also be "likely [STATE]" or "not [STATE]") that aren't exactly represented by vulns.STATE. For this I am thinking of treating (VULNERABLE, INFECTED, INFECTED2) as VULN and (CLEAN, PATCHED, UNKNOWN, NOTRUN, NOTUP) as NOT_VULN. * The vulns table can only handle one vulns.STATE for the entire script (or some combination of the possible options VULN, NOT_VULN, LIKELY_VULN, EXPLOIT, DoS). My idea is to have vuln.state = VULN if any check results in a state similar to VULN, vuln.state = LIKELY_VULN if no check is equivalent to VULN with at least one check containing "likely", and NOT_VULN if all checks are equivalent to NOT_VULN. * Since the multiple checks produce multiple results, this information would have to be stored somewhere. For each of these checks I was planning on using extra_info in the vuln table to store what is currently being inserted into response (ex ""NO SERVICE", "the Ras RPC service is inactive"). One issue with this is that the output of skipped checks or NOT_VULN checks will be displayed when they otherwise shouldn't be. It is possible to overcome this by checking that nmap.debugging() > 1 before inserting check results into the vuln.extra_info table. If all this sounds right I'm going to finish up using the methods described above, but please stop me if I'm handling this wrong. Thanks a lot! Andrew _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC] smb-check-vulns port to nse vulns lib Andrew Jason Farabee (Jun 25)
- Re: [RFC] smb-check-vulns port to nse vulns lib Daniel Miller (Jun 25)
- Re: [RFC] smb-check-vulns port to nse vulns lib Jacek Wielemborek (Jun 25)
- Re: [RFC] smb-check-vulns port to nse vulns lib Daniel Miller (Jun 25)
- Re: [RFC] smb-check-vulns port to nse vulns lib Jacek Wielemborek (Jun 25)
- Re: [RFC] smb-check-vulns port to nse vulns lib Daniel Miller (Jun 25)