Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. devel
Sending plugin messages to the client...
wjh3710 at osfmail
Feb 5, 2003, 12:57 PM
Post #1 of 3 (651 views)
Permalink
Since the initial proposal to create a server-side database backend,
made a couple of weeks ago has seemed to have died, I've decided
to integrate it into the nessusd code myself.

The problem is that I can't seem to find where the vulnerability
messages generated by the plugins and scanners are sent to the
client...

As far as I can tell, they may be spawned from the check_threads_input
method in nessusd/utils.c. Can anyone confirm this?
Does this input come from the knowledge base?

What I am looking for is a place in the code where I can find the
plugins that found a security note/hole/warning.

Also, I need to do a similar thing with the open ports.
If anyone knows where I can get the open ports and their
associated vulnerabilites on the server-side, your assistance
is appreciated.

Thanks.

----------------------
William Heinbockel
Information Security Incident Response Assistant
Co-op Risk & Safety Management
Rochester Institute of Technology
E-mail: wjh3710@rit.edu
Re: Sending plugin messages to the client... [ In reply to ]
alex at inprotect
Feb 5, 2003, 1:42 PM
Post #2 of 3 (643 views)
Permalink
I think it's too yearly to call it dead. I think it's just taking some
time to do the development.

It was a good discussion about db backend few weeks ago, and db schema
proposal, presented by Javier was looking good.
Having a status web page for the db development would be great, but I
think we should have a little more patience and maybe have better
cooperation in the db development, rather then create our own workarounds.

Alex.

> Since the initial proposal to create a server-side database backend,
> made a couple of weeks ago has seemed to have died, I've decided
> to integrate it into the nessusd code myself.
>
> The problem is that I can't seem to find where the vulnerability
> messages generated by the plugins and scanners are sent to the
> client...
>
> As far as I can tell, they may be spawned from the check_threads_input
> method in nessusd/utils.c. Can anyone confirm this?
> Does this input come from the knowledge base?
>
> What I am looking for is a place in the code where I can find the
> plugins that found a security note/hole/warning.
>
> Also, I need to do a similar thing with the open ports.
> If anyone knows where I can get the open ports and their
> associated vulnerabilites on the server-side, your assistance
> is appreciated.
>
> Thanks.
>
> ----------------------
> William Heinbockel
> Information Security Incident Response Assistant
> Co-op Risk & Safety Management
> Rochester Institute of Technology
> E-mail: wjh3710@rit.edu
Re: Sending plugin messages to the client... [ In reply to ]
jfernandez at germinus
Feb 5, 2003, 1:58 PM
Post #3 of 3 (646 views)
Permalink
William Heinbockel wrote:
> Since the initial proposal to create a server-side database backend,
> made a couple of weeks ago has seemed to have died, I've decided
> to integrate it into the nessusd code myself.
>
It's not dead. It's simply stalled due to me being overloaded with
work. Once I finish what I'm doing ATM (a commercial proposal) I will
retake the issue since I need it myself too.
If anyone wants to step in before I "come back", feel free to do so
(taking into account the proposals made in the list back then, of
course). I will help in whatever gets done.

Regards

Javi

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal