Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. devel
Script dependencies
arboi at noos
May 23, 2002, 2:58 AM
Post #1 of 6 (831 views)
Permalink
I think that some "script dependencies" should be checked.
Although I am not sure there is a real problem, this might be really
important when you run Nessus with "optimize" on.

IIRC, the script_dependencie function performs a logical OR: as soon as
one of the plugin has been run, it is OK.

So scripts that depend on port scanners should declare:
script_dependencie( "nmap_wrapper.nes",
"nmap_tcp_connect.nes",
"snmp_portscan.nes" );
(See port_shell_execution.nasl, netbus2.nasl, lion.nasl,
subseven.nasl, backorifice1.nasl. Oddly, no other scripts declares
dependencies on port scanners)

But:
- "snmp_portscan" will fail most of the time.
- nmap... or TCP... might scan different port range (this is a lesser
problem, as port scanners are launched before other plugins)
Re: Script dependencies [ In reply to ]
deraison at nessus
May 23, 2002, 3:13 AM
Post #2 of 6 (821 views)
Permalink
On Thu, May 23, 2002 at 11:58:13AM +0200, Michel Arboi wrote:
> IIRC, the script_dependencie function performs a logical OR: as soon as
> one of the plugin has been run, it is OK.

No, it's a "AND".

[...]
> (See port_shell_execution.nasl, netbus2.nasl, lion.nasl,
> subseven.nasl, backorifice1.nasl. Oddly, no other scripts declares
> dependencies on port scanners)

That's because most of them rely on find_services.nes which depends on
scanners (and anyway, that's redundant as scanners are launched _before_
plugins).

> But:
> - "snmp_portscan" will fail most of the time.
> - nmap... or TCP... might scan different port range (this is a lesser
> problem, as port scanners are launched before other plugins)

Which is why it's an "AND". I recognize it's ugly, but it's better than
nothing.


-- Renaud
Re: Script dependencies [ In reply to ]
listS+nessus-devel at niss
May 23, 2002, 4:23 AM
Post #3 of 6 (824 views)
Permalink
On Thu, 23 May 2002 12:13:18 +0200, Renaud Deraison wrote:
> On Thu, May 23, 2002 at 11:58:13AM +0200, Michel Arboi wrote:
> > IIRC, the script_dependencie function performs a logical OR: as soon as
> > one of the plugin has been run, it is OK.
>
> No, it's a "AND".

It appears that the dependency logic does not confirm that
the scanner/plugin completed correctly. I saw a hundred
false positives when find_service was killed by the server
after taking too long. Is that something that can easily
be fixed?

Scott
Re: Script dependencies [ In reply to ]
deraison at nessus
May 23, 2002, 4:27 AM
Post #4 of 6 (823 views)
Permalink
On Thu, May 23, 2002 at 06:23:22AM -0500, Scott Bolte wrote:
> On Thu, 23 May 2002 12:13:18 +0200, Renaud Deraison wrote:
> > On Thu, May 23, 2002 at 11:58:13AM +0200, Michel Arboi wrote:
> > > IIRC, the script_dependencie function performs a logical OR: as soon as
> > > one of the plugin has been run, it is OK.
> >
> > No, it's a "AND".
>
> It appears that the dependency logic does not confirm that
> the scanner/plugin completed correctly.

That's correct.

> I saw a hundred
> false positives when find_service was killed by the server
> after taking too long. Is that something that can easily
> be fixed?

It could be fixed by requesting the key "Success/<id>" instead of a
given plugin, but that would be quite a hack. Which plugin(s) produced
false positives because of the death of find_service ?


-- Renaud
Re: Script dependencies [ In reply to ]
listS+nessus-devel at niss
May 23, 2002, 7:13 AM
Post #5 of 6 (819 views)
Permalink
> Renaud wrote:
> ... Which plugin(s) produced
> false positives because of the death of find_service ?

When find_service timed out, a non-optimized scan w/ all
plugins reported 73 vulnerabilities, 36 warnings, and 31
infos. When I increased the timeout for find_server and a
few others (see below) the report included 0 vulnerabilities,
12 warnings, and 25 infos.

timeout.10330 = 300
timeout.10927 = 300
timeout.10631 = 300
timeout.10119 = 300
timeout.10879 = 300
timeout.10892 = 300


Do you still want the complete list of plugins?

Scott
Re: Script dependencies [ In reply to ]
arboi at noos
Aug 14, 2002, 12:01 AM
Post #6 of 6 (819 views)
Permalink
Renaud Deraison <deraison@nessus.org> writes:

> > - "snmp_portscan" will fail most of the time.
> > - nmap... or TCP... might scan different port range (this is a lesser
> > problem, as port scanners are launched before other plugins)

> Which is why it's an "AND". I recognize it's ugly, but it's better than
> nothing.

Should we have some kind of "generic" dependencies so that we can
depend upon a port scanner, whichever it is?
I suspect that the code for "eanble dependencies at run time" will be
more complicated...

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal