RE: [Plugins-writers] Trying to upload a custom plugin

From: Ryan Petti (rpetti@integration-partners.com)
Date: Mon Jun 12 2006 - 11:37:44 PDT


Yes, all of the necessary fields are there.

Starting nessus with -D shows nothing out of the ordinary.

Nessusd.messages displays "saving in /dev/null" once when I try to load
the plugin with the "Upload plugin option"

I also tried copying my plugin into an existing plugin file with the
same name and copied that new file (with the old plugin name) into the
plugin directory.  Now I'm getting "Inconsistant data: Check for host
firewall [which is the name of the plugin I wrote] - not applying this
plugin.

Before I hijacked the existing plugin and uploaded my file separately,
it would display no messages and just not load the plugin.

The text for my plugin is below:

## Begin plugin

if (description)
{
  script_id(99980);
  script_version ("1.0");
  name["english"] =  "Check for host firewall"; 

  script_name(english:name["english"]);

  desc["english"]="
Your host does not comply with ABCompany's published
security policy and will not be admitted to the
network.
 
To resolve this issue, either enable a personal
firewall on your host or contact the Helpdesk at
555-1212.

Risk factor: High";

  script_description(english:desc["english"]);

  summary["english"] = "Determine if a host firewall is running";
  script_summary(summary["english"]);

  script_category(ACT_GATHER_INFO);
  family["english"] = "Firewalls";
  script_family(family["english"]);

  exit(0);
}

if (islocalhost())
  exit(0);

saddr = this_host();
daddr = get_host_ip();
sport = 1234;
dport = 55999;

pcap_filter = strcat('src port ', dport, ' and src host ', daddr,
		     ' and dst port ', sport, ' and dst host ',
		     saddr);

ip = forge_ip_packet(ip_p:IPPROTO_TCP,
		     ip_src:saddr);

tcp = forge_tcp_packet(ip:ip,
		       th_sport:sport,
		       th_dport:dport,
		       th_flags:TH_SYN,
		       th_seq:rand(),
		       th_ack:0,
		       th_win:512);

# XXX maybe use tcp_ping()?

for (i = 0;i < 3;i++)
{
  reply = send_packet(pcap_active:TRUE, pcap_filter:filter,
		      pcap_timeout:2, tcp);
  if (reply)
  {
    flags = get_tcp_element(tcp:reply, element:"th_flags");
    if (((flags & TH_SYN) && (flags & TH_ACK)) ||
      flags & TH_RST)
    {
      security_hole(port:dport);
      exit(0);
    } # XXX else?
  }
}

## end plugin

-----Original Message-----
From: plugins-writers-bounces@private
[mailto:plugins-writers-bounces@private] On Behalf Of Ferdy
Riphagen
Sent: Monday, June 12, 2006 12:48 PM
To: plugins-writers@private
Subject: Re: [Plugins-writers] Trying to upload a custom plugin

Did you use all options like script_id, description etc.
Nessus need those.

The script_id have to bee unique.
When does nessusd.messages look like, any errors reported there,

if you start nessus like this (> 3.x) /opt/nessus/sbin/nessusd -D
does it shows some errors

-- Ferdy

Ryan Petti wrote:
> I'm trying to upload a plugin into Nessus but can't seem to get it to
> show up in the available plugins list.  I've tried through the Nessus
> Console interface using the "Upload Plugin" option and tried manually
> copying the it into the plugins directory and restarted the service to
> no avail.  I've also double checked that the server is set to accept
> uploaded plugins.  Am I missing something? 
> 
>  
> 
> Thanks
> 
> Ryan
> 
> 
>
------------------------------------------------------------------------
> 
> _______________________________________________
> Plugins-writers mailing list
> Plugins-writers@private
> http://mail.nessus.org/mailman/listinfo/plugins-writers
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers




_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Mon Jun 12 2006 - 11:40:31 PDT