RE: [Plugins-writers] Dynamic Descriptions in Plugins

From: Martin O'Neal (martin.oneal@private)
Date: Mon Dec 20 2004 - 02:00:40 PST


Agreed; this is not unlike the Win32 eventlog mechanism, which in
practise works ok.

Martin...  

-----Original Message-----
From: plugins-writers-bounces@private
[mailto:plugins-writers-bounces@private] On Behalf Of Paul
Johnston
Sent: 20 December 2004 09:44
To: Renaud Deraison
Cc: plugins-writers@private
Subject: Re: [Plugins-writers] Dynamic Descriptions in Plugins

Hi,

My preferred way to do this would be something like this:

description = "This is a vulnerability.
We detected you are running version: $1"

You then pass security_note a list as the extra parameter, and it fills 
in $1, $2, etc.

This way of doing it keeps the dynamic data separate from text 
explanations around it. The raw list could perhaps be made available in 
the XML output format. This would make parsing of output files much 
easier. Currently I have regular expressions to pull the dynamic text 
out of various plugins.

Regards,

Paul



Renaud Deraison wrote:

>On Sat, Dec 18, 2004 at 05:02:59PM -0700, Erik Stephens wrote:
>  
>
>>Ideally, it would have both the general commentary plus the dynamic 
>>version piece in the note's description.  What's the best way to do 
>>that?  I'd like to do something like:
>>
>>    security_note(port:port, data:string(get_desc(), '\n\n', ver))
>>    
>>
>
>
>Ideally, I'd rather have an 'extra' field to security_XXX(). 
>
>ie:
>	security_note(port:port, extra:"The remote host is running " +
ver);
>
>
>which would produce the following report (in the example above) :
>
>
>---
>
>"The Patch level (Service Pack) of the remote IIS server appears to be
>lower than the current IIS service pack level. As each service pack
typically
>contains many security patches, the server may be at risk.
>
>Caveat: This test makes assumptions of the remote patch level based on
static 
>return values (Content-Length) within the IIS Servers 404 error
message.
>As such, the test can not be totally reliable and should be manually
>confirmed.
>
>Solution: Ensure that the server is running the latest stable Service
Pack 
>Risk factor : High
>
>In addition, the scanner reported the following information :
>
>	The remote host is running Microsoft IIS 5 - SP0 or SP1"
>
>  
>

_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Mon Dec 20 2004 - 02:01:19 PST