[prev in list] [next in list] [prev in thread] [next in thread]
List: openvas-plugins
Subject: Re: [Openvas-plugins] Add own *_detect.nasl script detection
From: Christian Fischer <christian.fischer () greenbone ! net>
Date: 2016-11-14 14:21:08
Message-ID: f48fe17d-0525-b86c-e600-81b1df973af8 () greenbone ! net
[Download RAW message or body]
Hi,
On 03.11.2016 08:39, Tomasz Jadowski wrote:
> On Wed, Nov 02, 2016 at 03:52:44PM +0100, Christian Fischer wrote:
>> 2. Network Vulnerability Tests (NVT)
>>
>> These are manually created tests which are e.g. checking actively and/or
>> version/CPE based (e.g. cpe:/a:php:php:5.6.26) for a vulnerability. For
>> these it doesn't matter if you have a custom build PHP or not, as long
>> as PHP is correctly detected.
>
> For example scripts/2016/gb_php_mult_vuln03_sep16_lin.nasl, right?
>
> But I see, this test has:
> (...)
> script_dependencies("gb_php_detect.nasl", "os_fingerprint.nasl");
> script_mandatory_keys("php/installed","Host/runs_unixoide");
> script_require_ports("Services/www", 80);
> (...)
>
> And gb_php_detect.nasl also has this "script_require_ports("Services/www",
> 80);" dependency.
>
> As I mentioned I don't have a running port 80 and I don't have a PHP
> banner on it. Should there tests to be more generic? Based on
> gb_php_detect_lin.nasl also?
just want to let you know that i have committed a few updates to the
feed today which should be included in the next feed update.
After the update we're now also reporting vulnerabilities if PHP was
only detected by the following NVTs (new names after the feed update):
- PHP Version Detection (Linux, local)
- PHP Version Detection (Windows, local)
but not by the "PHP Version Detection (Remote)".
I'm still undecided if the script_require_ports("Services/www", 80);
should be also removed but i'm open for discussions here. :-)
Be aware that the PHP vulnerabilities are not showing up for linux hosts
by default as they have a low Quality of Detection (QoD) value of 30%.
You need to update your filters to show them.
Feedback is welcome. Regards,
--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-plugins mailing list
Openvas-plugins@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic