English |
OpenVAS Change Request #44: Integrating NMAP NSE's into OpenVAS
Status: Voted +3. Done. First NSE wrappers appeared in OpenVAS NVT Feed since 2010-08-10.Purpose
To have OpenVAS Server manage NSE scripts from NMAP analogous to NASL tests and possibly distribute NSE scripts as additional NVT's in with the OpenVAS NVT Feed.
References
General information about NMAP NSE
(http://nmap.org/book/nse.html)
OpenVAS Change Request #13: Integrating the OVAL interpreter ovaldi into OpenVAS Server
Rationale
The Nmap Scripting Engine (NSE) allows users to write simple scripts to automate networking tasks. NSE scripts are generally used for network discovery, vulnerability detection and exploitation.
It is advantageous for OpenVAS to have the facility to launch NSE scripts (through NMAP) directly as they are because these tests cover aspects the NASL script don't (or even can't). This will be a value-addition for the NVT feed.
Furthermore, this aligns with the goal of having tighter integration of NMAP and OpenVAS, with the already existing port scanning, service detection from NMAP.
Effects
- Wrappers for NMAP's NSE scripts will be distributed along with NVT feed. Users will be able to seamlessly configure and run NSE scripts through OpenVAS.
Design
OpenVAS will allow each NSE script to be loaded and launched like the way it handles NVT's.
The practical implementation will not be analog to the ovaldi-integration for OVAL scripts, because the NSE scripts do not offer a consistent scheme to inform their capabilities and needs, for example preferences.
NASL Wrapper for NSE scripts
The meta data for NSE scripts will be collected in a NASL wrapper for each NSE script. These wrapper scripts will take care of launching nmap with the respective preferences, issue messages according to the results and handle errors.
ID's for NSE scripts
NVTs are identified by OIDs within OpenVAS. NSE's are not associated with any identifiers. Since for each NSE a individual wrapper needs to be developed, the ID scheme should follow the current practice of ranges assigned for developers/developer teams.
Integration of NSE scripts into the feed
A new subdirectory "Nmap" in the feed would carry the .nasl-wrapper for the .nse-files. The actual NSE scripts are the ones from the system wide installation. The Wrapper will take care to check for the applicable nmap version.
Implementation
No modifications of the scanner are required. It is a pure NASL-based solution: For each NSE script a NASL wrapper is to be implemented.
History
- 2010-07-15 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>:
Reworked again. NSE's of system is used. Only wrapper is distributed via Feed. - 2010-06-29 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>:
Reworked and simplified concept to be a pure NASL approach. - 2010-02-26 Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>:
Fixed some typos. Updated Rationale: 0-day should not be promised by OpenVAS as it would surely need more than 1 day to add new NSEs into the Feed. Clearified Purpose. - 2010-02-25 Chandrashekhar B <bchandra@secpod.com>:
Initial text.
