Agreed; this is not unlike the Win32 eventlog mechanism, which in practise works ok. Martin... -----Original Message----- From: plugins-writers-bounces@private [mailto:plugins-writers-bounces@private] On Behalf Of Paul Johnston Sent: 20 December 2004 09:44 To: Renaud Deraison Cc: plugins-writers@private Subject: Re: [Plugins-writers] Dynamic Descriptions in Plugins Hi, My preferred way to do this would be something like this: description = "This is a vulnerability. We detected you are running version: $1" You then pass security_note a list as the extra parameter, and it fills in $1, $2, etc. This way of doing it keeps the dynamic data separate from text explanations around it. The raw list could perhaps be made available in the XML output format. This would make parsing of output files much easier. Currently I have regular expressions to pull the dynamic text out of various plugins. Regards, Paul Renaud Deraison wrote: >On Sat, Dec 18, 2004 at 05:02:59PM -0700, Erik Stephens wrote: > > >>Ideally, it would have both the general commentary plus the dynamic >>version piece in the note's description. What's the best way to do >>that? I'd like to do something like: >> >> security_note(port:port, data:string(get_desc(), '\n\n', ver)) >> >> > > >Ideally, I'd rather have an 'extra' field to security_XXX(). > >ie: > security_note(port:port, extra:"The remote host is running " + ver); > > >which would produce the following report (in the example above) : > > >--- > >"The Patch level (Service Pack) of the remote IIS server appears to be >lower than the current IIS service pack level. As each service pack typically >contains many security patches, the server may be at risk. > >Caveat: This test makes assumptions of the remote patch level based on static >return values (Content-Length) within the IIS Servers 404 error message. >As such, the test can not be totally reliable and should be manually >confirmed. > >Solution: Ensure that the server is running the latest stable Service Pack >Risk factor : High > >In addition, the scanner reported the following information : > > The remote host is running Microsoft IIS 5 - SP0 or SP1" > > > _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Mon Dec 20 2004 - 02:01:19 PST