I was wondering why is there no OS information in the knowledge base (at
least it's not described in doc/kb_entries.txt), and parsing the plugins:
$ grep get_kb_item * | sed -e 's/.*get_kb_item("\(.*\)").*/\1/' |sort -u
(well, it's not perfect, just a hack)
I found out that there was, but it's in fact not documented. Below
there's a list of undocumented kb items. I was wondering... Host/OS it's
not much used (but CISCO/model is). There doesn't seem to be a proper
organization of devices and OS identification. Shouldn't it be better? I
suggest the following: (devices/vendor/information, with a possible
generic tag for Host/Switch/Router/...)
devices
|
|--- CISCO
| |
| |- type (router/switch/PIX/VPN concentrator/IDS)
| |- model
| |- IOSversion
| .
|
|--- Host
| |- OS
|
|---- HP
| |- type (not printer)
|
|---- 3Com
| |- type (switch, hub, router?)
| |- model
| .
.
.
There should probably be a proper layout for devices information (I
suggest the above).
I imagine that it would be possible to use the information from the
knowledge base to populate the information in the tree (use the SNMP
sysDescription, Nmap's/Queso's OS fingerprinting, the banner's
information). This would help Nessus more accurately determine the
target's OS (and wether it's protected by a firewall, by an inverse
proxy, etc..)
Regards
Javi
...................... undocument kd items ............................
CISCO/model
devices/hp_printer
Host/OS
Proxy/usage
ssh/banner
www/banner
www/banner/<port>
www/too_long_url_crash
ftp/banner
SMB/LocalUsers/<num>
SMB/NativeLanManager
SMB/XP/ServicePack
SMB/domain_filled
SMB/host_sid
SMB/login_filled
SMB/password
SMB/password_filled
SMB/test_domain
SMTP/headers/From
SMTP/headers/To
SNMP/sysDesc
Services/ICEcap
Services/amandaidx
Services/deltaups
Services/echo
Services/finger
Services/healthd
Services/http-rpc-epmap
Services/imonitor
Services/lcdproc
Services/linuxconf
Services/mycio
Services/mysql
Services/ncacn_http
Services/netbus
Services/netstat
Services/nntp
Services/pcanywheredata
Services/realserver
Services/rexecd
Services/rlogin
Services/rsh
Services/rtsp
Services/systat
Services/vnc
Services/vqServer-admin
Transport/SSL
ftp/JetDirect
ftp/false_ftp
ftp/writeable_root
imap/false_imap
imap/overflow
nntp/login
nntp/password
pop2/login
pop2/password
pop3/false_pop3
pop3/login
pop3/password
rpc/yppasswd/sun_overflow
least it's not described in doc/kb_entries.txt), and parsing the plugins:
$ grep get_kb_item * | sed -e 's/.*get_kb_item("\(.*\)").*/\1/' |sort -u
(well, it's not perfect, just a hack)
I found out that there was, but it's in fact not documented. Below
there's a list of undocumented kb items. I was wondering... Host/OS it's
not much used (but CISCO/model is). There doesn't seem to be a proper
organization of devices and OS identification. Shouldn't it be better? I
suggest the following: (devices/vendor/information, with a possible
generic tag for Host/Switch/Router/...)
devices
|
|--- CISCO
| |
| |- type (router/switch/PIX/VPN concentrator/IDS)
| |- model
| |- IOSversion
| .
|
|--- Host
| |- OS
|
|---- HP
| |- type (not printer)
|
|---- 3Com
| |- type (switch, hub, router?)
| |- model
| .
.
.
There should probably be a proper layout for devices information (I
suggest the above).
I imagine that it would be possible to use the information from the
knowledge base to populate the information in the tree (use the SNMP
sysDescription, Nmap's/Queso's OS fingerprinting, the banner's
information). This would help Nessus more accurately determine the
target's OS (and wether it's protected by a firewall, by an inverse
proxy, etc..)
Regards
Javi
...................... undocument kd items ............................
CISCO/model
devices/hp_printer
Host/OS
Proxy/usage
ssh/banner
www/banner
www/banner/<port>
www/too_long_url_crash
ftp/banner
SMB/LocalUsers/<num>
SMB/NativeLanManager
SMB/XP/ServicePack
SMB/domain_filled
SMB/host_sid
SMB/login_filled
SMB/password
SMB/password_filled
SMB/test_domain
SMTP/headers/From
SMTP/headers/To
SNMP/sysDesc
Services/ICEcap
Services/amandaidx
Services/deltaups
Services/echo
Services/finger
Services/healthd
Services/http-rpc-epmap
Services/imonitor
Services/lcdproc
Services/linuxconf
Services/mycio
Services/mysql
Services/ncacn_http
Services/netbus
Services/netstat
Services/nntp
Services/pcanywheredata
Services/realserver
Services/rexecd
Services/rlogin
Services/rsh
Services/rtsp
Services/systat
Services/vnc
Services/vqServer-admin
Transport/SSL
ftp/JetDirect
ftp/false_ftp
ftp/writeable_root
imap/false_imap
imap/overflow
nntp/login
nntp/password
pop2/login
pop2/password
pop3/false_pop3
pop3/login
pop3/password
rpc/yppasswd/sun_overflow