Hi all,
#1
I don't know how to use Nessus with multihomed host.
I think there is no way to send the address and the hostname.
If I give the hostname, I don't know the host scanned.
If I give the address, I can't use virtualhost for the HTTP server
Is it possible to send both (like 'www.sample.com@14.66.44.33')?
At least I can modify the /etc/host any other ideas
#2
I suggest a new function recv_http_header(socket:soc, length:4096)
Many http plugins just need to parse the http header
to diagnostic the flaw.
I saw in the RFC 2616 that the header stop with CRLFCRLF.
With this new function,to get the body, the plugin will just have to make
recv_http_header(socket:soc, length:4096);
recv(socket:soc, length:4096);
This evolution will preserve the bandwidth. No need to read to much.
#3
almost all the time a server has a specific function:
SMTP server
Web server
...
It will be nice to configure this main port.
So we can use it in some case:
-in the denial detection (in the start_denial)
-in the tcp_ping function
-in nmap_wrapper.nes (parameter -PTport)
-in ping_host.nasl
-At the end of the process we can verify that the server is OK
...
#4
actualy the function get_port_state return TRUE/FALSE
I think this function could be more precise
not open value 0
open value 1
don't know value 2
In some plugin (checkpoint.nasl for example), you just need
to know that a port is realy open. so if you have already
scanned this port, there is no need to open a socket.
#5
I think that the function is_cgi_installed should be
very complicated when the server doesn't reply with 404.
So not to have all the alerts for this server, I suggest
to maintain a counter (in a key like www/cgicnt/port) increased
at each cgi discovered.
After 5 cgi detected (certainly false alerts) the function
is_cgi_installed will ever return 0 and send to the client
a message like for the timeout of the plugin.
What are you thinking of tose suggestions?
I think that #2 and #4 are very simple, I can do it.
Regards,
Georges
#1
I don't know how to use Nessus with multihomed host.
I think there is no way to send the address and the hostname.
If I give the hostname, I don't know the host scanned.
If I give the address, I can't use virtualhost for the HTTP server
Is it possible to send both (like 'www.sample.com@14.66.44.33')?
At least I can modify the /etc/host any other ideas
#2
I suggest a new function recv_http_header(socket:soc, length:4096)
Many http plugins just need to parse the http header
to diagnostic the flaw.
I saw in the RFC 2616 that the header stop with CRLFCRLF.
With this new function,to get the body, the plugin will just have to make
recv_http_header(socket:soc, length:4096);
recv(socket:soc, length:4096);
This evolution will preserve the bandwidth. No need to read to much.
#3
almost all the time a server has a specific function:
SMTP server
Web server
...
It will be nice to configure this main port.
So we can use it in some case:
-in the denial detection (in the start_denial)
-in the tcp_ping function
-in nmap_wrapper.nes (parameter -PTport)
-in ping_host.nasl
-At the end of the process we can verify that the server is OK
...
#4
actualy the function get_port_state return TRUE/FALSE
I think this function could be more precise
not open value 0
open value 1
don't know value 2
In some plugin (checkpoint.nasl for example), you just need
to know that a port is realy open. so if you have already
scanned this port, there is no need to open a socket.
#5
I think that the function is_cgi_installed should be
very complicated when the server doesn't reply with 404.
So not to have all the alerts for this server, I suggest
to maintain a counter (in a key like www/cgicnt/port) increased
at each cgi discovered.
After 5 cgi detected (certainly false alerts) the function
is_cgi_installed will ever return 0 and send to the client
a message like for the timeout of the plugin.
What are you thinking of tose suggestions?
I think that #2 and #4 are very simple, I can do it.
Regards,
Georges