[Openvas-plugins] Plugins structure

Christian Fischer

2017-06-03 17:29:45 UTC

Hi,

Post by margaus M.
Hello
I want your opinion on how to structure plugins properly. What I am
-product detection NVT, where I detect the model of the product and the
firmware version, via http or snmp.
-second NVT which is focused on a known vulnerability, this means
searching in the kb if there is a vulnerable model (previously known
thanks to the first NVT), and checking if the firmware version is less
or equal to anotherone in order to be able to say that this product is
vulnerable.
What do you think about this squeme?
Could it be better if I divide the
first NVT into various NVTs? One to detect the information via http,
anotherone to detect it via snmp, and os on?

from my experience this is the better approach for the simple reason
that you can choose different script_require_key/script_mandatory_keys,
script_require_ports/script_require_udp_ports and script_exclude_keys
for each protocol.

Have a look at e.g. the following commit how distribute such Detections
in various NVTs and collect them at one place again:

https://lists.wald.intevation.org/pipermail/openvas-nvts-commits/2017-May/006177.html

This e.g. also helps to not report multiple vulnerabilities against a
product if you just have detected it at via two or more protocols.

Post by margaus M.
Thanks!

Regards,

--

Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner