Test and debugging proceduresNASL API DocumentationFunctions from the NASL LibraryKnowledge Base

Knowledge Base

In order to facilitate the exchange of information between different NVTs and to speed up the scanning process, information collected by plugins can be stored in a Knowledge Base (KB). This enables plugins to build upon the results of other plugins and can help to avoid duplicate scans.

Below is a list of known KB entries and the NASL/NES scripts that are known to set these entries. Keep in mind that this list is likely to be incomplete and subject to change.

Amanda/running
(amanda_detect.nasl): 1 = Amanda is running on the remote host
Amanda/version
(amanda_version.nasl):
Amap/*/FullBanner
(amap.nasl):
Amap/*/PrintableBanner
(amap.nasl):
Amap/*/Svc
(amap.nasl):
bind/version
(bind_version.nasl): Version of the remote BIND server
cfengine/running
(cfengine_detect.nasl):
cheopsNG/password
(cheopsNG_detect.nasl):
cheopsNG/unprotected
(cheopsNG_detect.nasl):
CVE-2003-1011
(apple-sa-2004-08-09.nasl):
ebola/banner/*
(find_service2.nasl):
fake_identd/113
(w32_spybot_worm_variant.nasl):
fake_identd/*
(slident.nasl, find_service1.nasl, ident_backdoor.nasl):
FindService/tcp/*/get_http
(doublecheck_std_services.nasl, apache_SSL_complain.nasl):
FindService/tcp/*/help
(doublecheck_std_services.nasl, find_service2.nasl, find_service_3digits.nasl):
FindService/tcp/*/spontaneous
(find_service_3digits.nasl, doublecheck_std_services.nasl):
fsp/banner/*
(fsp_detection.nasl):
ftp/backdoor
(ftp_kibuv_worm.nasl):
ftp/fw1ftpd
(ftpserver_detect_type_nd_version.nasl): 1 = The remote server is FW/1 FTPd
ftp/login
(logins.nasl): Login to use when connecting to ftp
ftp/msftpd
(ftpserver_detect_type_nd_version.nasl): 1 = The remote server is IIS FTPd
ftp/ncftpd
(ftpserver_detect_type_nd_version.nasl): 1 = The remote server is NcFTPd
ftp/password
(logins.nasl): Password to use when connecting to ftp
ftp/*/AnyUser
(DDI_FTP_Any_User_Login.nasl):
ftp/*/backdoor
(ftp_kibuv_worm.nasl):
ftp/*/syst
(find_service_3digits.nasl):
ftp/vxftpd
(ftpserver_detect_type_nd_version.nasl):
ftp/writeable_dir
(ftp_writeable_directories.nasl, logins.nasl, ftp_write_dirs.nes):
ftp/wuftpd
(ftpserver_detect_type_nd_version.nasl):
global_settings/debug_level
(global_settings.nasl):
global_settings/experimental_scripts
(global_settings.nasl):
global_settings/http_user_agent
(global_settings.nasl):
global_settings/log_verbosity
(global_settings.nasl):
global_settings/network_type
(global_settings.nasl):
global_settings/report_paranoia
(global_settings.nasl):
global_settings/report_verbosity
(global_settings.nasl):
global_settings/thorough_tests
(global_settings.nasl):
Host/accept_lsrr
(source_routed.nasl):
Host/dead
(3com_nbx_voip_netset_detection.nasl, blackice_dos.nasl, dont_scan_printers.nasl, ftp_w98_devname_dos.nasl, fw1_udp_DoS.nasl, http_w98_devname_dos.nasl, jolt2.nasl, jolt.nasl, labrea.nasl, linux_icmp_sctp_DoS.nasl, open_all_ports_DoS.nasl, p-smash.nasl, spank.nasl, TLD_wildcard.nasl, vxworks_ftpdDOS.nasl): 1 = The remote host is dead
Host/Debian/dpkg-l
(ssh_get_info.nasl):
Host/firewall
(securemote_info_leak.nasl, securemote.nasl): (firewall name) The remote host is a firewall
Host/full_scan
(amap.nasl, netstat_portscan.nasl, nmap.nasl, snmpwalk_portscan.nasl, openvas_tcp_scanner.nes, synscan.nes):
Host/ident_scanned
(ident_process_owner.nasl, netstat_portscan.nasl, nmap.nasl):
Host/num_ports_scanned
(openvas_tcp_scanner.nes, synscan.nes):
Host/OS
(nmap.nasl, nmap_wrapper.nes):
Host/OS/ntp
(ntp_open.nasl):
Host/ping_failed
(nmap.nasl, nmap_wrapper.nes):
Host/processor/ntp
(ntp_open.nasl):
Host/protocol_scanned
(ip_protocol_scan.nasl):
Host/scanned
(amap.nasl, netstat_portscan.nasl, nmap.nasl, snmpwalk_portscan.nasl, nmap_tcp_connect.nes, nmap_wrapper.nes, synscan.nes, openvas_tcp_scanner.nes, ike-scan.nasl): 1 = The remote host has been portscanned
Host/scanners/amap
(amap.nasl):
Host/scanners/netstat
(netstat_portscan.nasl):
Host/scanners/nmap
(nmap.nasl):
Host/scanners/openvas_tcp_scanner
(openvas_tcp_scanner.nes):
Host/scanners/snmpwalk
(snmpwalk_portscan.nasl):
Host/scanners/synscan
(synscan.nes):
Host/scanners/ike-scan
(ike-scan.nasl):
Host/tcp_reverse_lsrr
(source_routed.nasl):
Host/tcp_seq_idx
(nmap.nasl):
Host/tcp_seq
(nmap.nasl, nmap_wrapper.nes):
Host/udp_scanned
(amap.nasl, netstat_portscan.nasl, nmap.nasl, snmpwalk_portscan.nasl, nmap_wrapper.nes):
http/auth
(logins.nasl): login to use when doing HTTP requests
http/login
(logins.nasl):
http/password
(logins.nasl): password to use when doing HTTP requests
Hydra/cisco-enable/*
(hydra_cisco_enable.nasl):
Hydra/cisco/*
(hydra_cisco.nasl):
Hydra/cvs/*
(hydra_cvs.nasl):
Hydra/ftp/*
(hydra_ftp.nasl):
Hydra/http/*
(hydra_http.nasl):
Hydra/http-proxy/*
(hydra_http_proxy.nasl):
Hydra/icq/*
(hydra_icq.nasl):
Hydra/imap/*
(hydra_imap.nasl):
Hydra/ldap/*
(hydra_ldap.nasl):
Hydra/mssql/*
(hydra_mssql.nasl):
Hydra/nntp/*
(hydra_nntp.nasl):
Hydra/pcnfs/*
(hydra_pcnfs.nasl):
Hydra/rexec/*
(hydra_rexec.nasl):
Hydra/sapr3/*
(hydra_sapr3.nasl):
Hydra/smtp-auth/*
(hydra_smtp_auth.nasl):
Hydra/snmp/*
(hydra_snmp.nasl):
Hydra/socks5/*
(hydra_socks5.nasl):
Hydra/ssh2/*
(hydra_ssh2.nasl):
Hydra/telnet/*
(hydra_telnet.nasl):
Hydra/vnc/*
(hydra_vnc.nasl):
Ident/*/*
(nmap.nasl):
Ident/tcp/*
(ident_process_owner.nasl, netstat_portscan.nasl):
iis/global.asa.download
(DDI_GlobalASA_Retrieval.nasl):
imap/banner/*
(find_service2.nasl):
imap/login
(logins.nasl): Imap login to use
imap/password
(logins.nasl): Imap password to use
imap/*/Cyrus
(cyrus_imap_prelogin_overflow.nasl):
IPProtocol/*
(ip_protocol_scan.nasl):
kazaa/username
(kazaa_morpheus_detect.nasl):
mssql/SQLVersion
(mssql_version.nasl):
mssql/udp/1434
(mssql_ping.nasl):
MSSQL/UDP/Ping
(mssql_ping.nasl):
Nmap/*/svc
(nmap.nasl):
Nmap/*/version
(nmap.nasl):
nntp/local_distrib
(nntp_info.nasl):
nntp/login
(logins.nasl):
nntp/password
(logins.nasl):
nntp/*/cancel
(nntp_info.nasl):
nntp/*/noauth
(nntp_info.nasl):
nntp/*/posted
(nntp_info.nasl):
nntp/*/posting
(nntp_info.nasl):
nntp/*/ready
(nntp_info.nasl):
nntp/*/supersed
(nntp_info.nasl):
nntp/x_no_archive
(nntp_info.nasl):
NTP/Running
(ntp_open.nasl):
oracle_tnslsnr/*/version
(oracle_tnslsnr_version.nasl):
pop2/login
(logins.nasl):
pop2/password
(logins.nasl):
pop3/login
(logins.nasl):
pop3/password
(logins.nasl):
/rip/*/broken_source_port
(rip_detect.nasl):
/rip/*/version
(rip_detect.nasl):
Secret/hydra/logins_file
(hydra_options.nasl):
Secret/hydra/passwords_file
(hydra_options.nasl):
Secret/SSH/login
(ssh_authorization.nasl):
Secret/SSH/passphrase
(ssh_authorization.nasl):
Secret/SSH/password
(ssh_authorization.nasl):
Secret/SSH/privatekey
(ssh_authorization.nasl):
Secret/SSH/publickey
(ssh_authorization.nasl):
Services/data_protector/build
(hp_data_protector_installed.nasl):
Services/data_protector/version
(hp_data_protector_installed.nasl):
Services/three_digits
(find_service.nes):
Services/unknown
(find_service.nes): Port of unknown service(s)
Services/wrapped
(find_service.nes):
Services/www/*/broken
(http_func.inc, no404.nasl):
Services/www/*/embedded
(3com_nbx_voip_netset_detection.nasl, ciscoworks_detect.nasl, clearswift_mimesweeper_smtp_detect.nasl, cobalt_web_admin_server.nasl, DDI_Cabletron_Web_View.nasl, DDI_F5_Default_Support.nasl, embedded_web_server_detect.nasl, imss_detect.nasl, interspect_detect.nasl, intrushield_console_detect.nasl, iwss_detect.nasl, linksys_multiple_vulns.nasl, raptor_detect.nasl, securenet_provider_detect.nasl, sitescope_management_server.nasl, sun_cobalt_adaptive_firewall_detect.nasl, tmcm_detect.nasl, websense_detect.nasl, xedus_detect.nasl):
Services/www/*/kerio_wrf
(kerio_wrf_management_detection.nasl):
Services/www/*/working
(http_func.inc):
Settings/disable_cgi_scanning
(global_settings.nasl):
Settings/ExperimentalScripts
(global_settings.nasl):
Settings/ThoroughTests
(global_settings.nasl):
sip/banner/5060
(sip_detection.nasl):
SMB/domain_filled/0
(smb_authorization.nasl):
SMB/DOMAIN
(smbcl_func.inc):
SMB/dont_send_in_cleartext
(logins.nasl):
SMB/dont_send_ntlmv1
(logins.nasl):
SMB/ERROR
(smbcl_func.inc):
SMB/FILEVERSION/*
(smbcl_func.inc):
SMB/login_filled/0
(smb_authorization.nasl):
SMB/name
(netbios_name_get.nasl): NetBIOS name of the remote host
SMB/OS
(smbcl_func.inc):
SMB/password_filled/0
(smb_authorization.nasl):
SMB/PRODUCTVERSION/*
(smbcl_func.inc):
SMB/samba
(netbios_name_get.nasl): 1 = The remote SMB server is running Samba
SMB/SERVER
(smbcl_func.inc):
SMB/smbclient
(smbcl_func.inc):
SMB/transport
(cifs445.nasl):
SMB/username
(netbios_name_get.nasl):
SMB/WinXP/ServicePack
(smb_reg_service_pack_XP.nasl):
SMB/workgroup
(netbios_name_get.nasl): Name of the remote host workgroup/domain
SMTP/3comnbx
(smtpserver_detect.nasl):
SMTP/domino
(smtpscan.nasl, smtpserver_detect.nasl):
SMTP/exim
(smtpscan.nasl, smtpserver_detect.nasl):
SMTP/firewall-1
(smtpscan.nasl, smtpserver_detect.nasl):
SMTP/intermail
(smtpscan.nasl, smtpserver_detect.nasl):
SMTP/interscan
(smtpscan.nasl):
SMTP/microsoft_esmtp_5
(smtpscan.nasl, smtpserver_detect.nasl): 1 = The remote SMTP server is MS SMTP 5
smtp/*/broken
(check_smtp_helo.nasl):
smtp/*/denied
(check_smtp_helo.nasl):
smtp/*/helo
(check_smtp_helo.nasl):
smtp/*/real_banner
(smtpscan.nasl):
smtp/*/temp_denied
(check_smtp_helo.nasl):
SMTP/postfix
(smtpscan.nasl, smtpserver_detect.nasl): 1 = The remote SMTP server is Postfix
SMTP/postoffice
(smtpscan.nasl):
SMTP/qmail
(smtpscan.nasl, smtpserver_detect.nasl): 1 = The remote SMTP server is qmail
SMTP/sendmail
(smtpscan.nasl): 1 = The remote SMTP server is Sendmail
SMTP/sendmail
(smtpserver_detect.nasl): 1 = The remote SMTP server is Sendmail
SMTP/snubby
(smtpserver_detect.nasl):
SMTP/wrapped
(check_smtp_helo.nasl): 1 = The remote sendmail is wrapped
SMTP/wrapped
(smtpserver_detect.nasl): 1 = The remote sendmail is wrapped
SMTP/xmail
(smtpscan.nasl, smtpserver_detect.nasl):
SMTP/zmailer
(smtpserver_detect.nasl):
SNMP/community
(snmp_default_communities.nasl): Name of a valid SNMP community
SNMP/port
(snmp_default_communities.nasl):
SNMP/running
(snmp_detect.nasl):
socks/*/auth/*
(socks.nasl):
SSH/banner/*
(ssh_detect.nasl):
ssh/login/freebsdpatchlevel
(gather-package-list.nasl):
ssh/login/freebsdpkg
(gather-package-list.nasl):
ssh/login/freebsdrel
(gather-package-list.nasl):
ssh/login/gentoo
(gather-package-list.nasl):
ssh/login/packages
(gather-package-list.nasl):
ssh/login/pkg
(gather-package-list.nasl):
ssh/login/release
(gather-package-list.nasl):
ssh/login/rpms
(gather-package-list.nasl):
ssh/login/slackpack
(gather-package-list.nasl):
ssh/login/solosversion
(gather-package-list.nasl): Solaris OS version as reported by uname -r
ssh/login/solhardwaretype
(gather-package-list.nasl): Solaris hardware type as reported by uname -p
ssh/login/solpackages
(gather-package-list.nasl): Solaris packages as repored by pkginfo
ssh/login/solpatches
(gather-package-list.nasl): Solaris patches as reported by showrev -p
ssh/login/uname
(gather-package-list.nasl, ssh_get_info.nasl):
SSH/supportedauth/*
(ssh_detect.nasl):
SSH/textbanner/*
(ssh_detect.nasl):
TCPScanner/NbPasses
(openvas_tcp_scanner.nes):
TCPScanner/OpenPortsNb
(openvas_tcp_scanner.nes):
TCPScanner/ClosedPortsNb
(openvas_tcp_scanner.nes):
TCPScanner/FilteredPortsNb
(openvas_tcp_scanner.nes):
TCPScanner/RSTRateLimit
(openvas_tcp_scanner.nes):
tftp/get_file
(tftp_grab_file.nes):
tftp/backdoor
(tftpd_backdoor.nasl):
tftp/*/backdoor
(tftpd_backdoor.nasl):
tftp/*/filecontent/*
(tftpd_dir_trav.nasl):
tftp/*/filename/*
(tftpd_dir_trav.nasl):
tftp/*/get_file
(tftpd_dir_trav.nasl):
tftp/*/overflow
(tftpd_overflow.nasl):
tftp/*/smalloverflow
(tftpd_small_overflow.nasl):
/tmp/cgibin
(DDI_Directory_Scanner.nasl):
/tmp/http/auth/*
(http_login.nasl):
/tmp/hydra/empty_password
(hydra_options.nasl):
/tmp/hydra/exit_ASAP
(hydra_options.nasl):
/tmp/hydra/login_password
(hydra_options.nasl):
/tmp/hydra/tasks
(hydra_options.nasl):
/tmp/hydra/timeout
(hydra_options.nasl):
/tmp/rpc/noportmap/*
(misc_func.inc):
/tmp/UnableToRun/14254
(nikto.nasl):
/tmp/UnableToRun/14255
(nmap.nasl):
/tmp/UnableToRun/14663
(amap.nasl):
/tmp/UnableToRun/91984
(ldapsearch.nasl):
/tmp/UnableToRun/80000
(ike-scan.nasl):
Transport/SSL
(find_service.nes):
webmin/*/version
(webmin.nasl):
www/abyss
(http_version.nasl):
www/akamaighost
(http_version.nasl):
www/alchemy
(http_version.nasl):
www/alibaba
(http_version.nasl):
www/allegro
(http_version.nasl):
www/anti-OpenVAS/*/rand-url
(anti_nessus.nasl):
www/anti-OpenVAS/*/user-agent
(anti_nessus.nasl):
www/anweb
(http_version.nasl):
www/aolserver
(http_version.nasl):
www/apache
(http_version.nasl): 1 = The remote server is running Apache
www/appleshareip
(http_version.nasl):
www/badblue
(http_version.nasl):
www/banner/*
(apache_SSL_complain.nasl, http_version.nasl):
www/BitKeeper
(http_version.nasl):
www/buggy_post_crash
(monkeyweb_post_DoS.nasl):
www/caudium
(http_version.nasl):
www/cern
(http_version.nasl): 1 = The remote server is running CERN httpd
www/communigatepro
(http_version.nasl):
www/communique
(http_version.nasl):
www/compaq
(http_version.nasl):
www/cougar
(http_version.nasl):
www/cups
(http_version.nasl):
www/doc_browseable
(doc_browsable.nasl):
www/domino
(http_version.nasl): 1 = The remote server is running domino
www/domino/*/db
(domino_default_db.nasl):
www/emweb
(http_version.nasl):
www/filemakerpro
(http_version.nasl):
www/firstclass
(http_version.nasl):
www/goahead
(http_version.nasl):
www/hmap/*/banner_ok
(www_fingerprinting_hmap.nasl):
www/hmap/*/banner_regex
(www_fingerprinting_hmap.nasl):
www/hmap/*/description
(www_fingerprinting_hmap.nasl):
www/hmap/*/raw_signature
(www_fingerprinting_hmap.nasl):
www/hmap/*/signature
(www_fingerprinting_hmap.nasl):
www/ibm-http
(http_version.nasl):
www/ideawebserver
(http_version.nasl):
www/iis
(http_version.nasl):
www/iplanet
(http_version.nasl):
www/ipswitch-imail
(http_version.nasl):
www/jetty
(http_version.nasl):
www/jigsaw
(http_version.nasl):
www/KFWebServer
(http_version.nasl):
www/linuxconf
(http_version.nasl):
www/miniserv
(http_version.nasl):
www/multiple_get/*
(www_multiple_get.nasl):
www/ncsa
(http_version.nasl):
www/netcache
(http_version.nasl):
www/netscape-commerce
(http_version.nasl):
www/netscape-fasttrack
(http_version.nasl):
www/netware
(http_version.nasl):
www/novell
(http_version.nasl):
www/omnihttpd
(http_version.nasl):
www/OracleApache
(http_version.nasl):
www/oracle-web-listener
(http_version.nasl):
www/pi3web
(http_version.nasl):
www/*/generic_xss
(cross_site_scripting.nasl):
www/*/punBB
(punBB_detect.nasl):
www/*/vBulletin
(vbulletin_detect.nasl):
www/*/webmin
(webmin.nasl):
www/real_banner/*
(http_version.nasl):
www/resin
(http_version.nasl):
www/roxen
(http_version.nasl):
www/sambar
(http_version.nasl):
www/savant
(http_version.nasl):
www/simpleserver
(http_version.nasl):
www/squid
(http_version.nasl):
www/statistics-server
(http_version.nasl):
www/stronghold
(http_version.nasl):
www/stweb
(http_version.nasl):
www/theserver
(http_version.nasl):
www/thttpd
(http_version.nasl):
www/tigershark
(http_version.nasl):
www/tomcat
(http_version.nasl):
www/too_big_post_crash
(monkeyweb_too_big_post.nasl):
www/too_long_url_crash
(oracle9iAS_too_long_url.nasl, ws4e_too_long_url.nasl):
www/tux
(http_version.nasl):
www/visualroute
(http_version.nasl):
www/vnc
(vnc_http.nasl):
www/vqserver
(http_version.nasl):
www/wdaemon
(http_version.nasl):
www/weblogic
(http_version.nasl):
www/webserver4everyone
(http_version.nasl):
www/websitepro
(http_version.nasl):
www/webstar
(http_version.nasl):
www/wwwfileshare
(http_version.nasl):
www/xitami
(http_version.nasl):
www/zeus
(http_version.nasl):
www/zope
(http_version.nasl):
X11/*/answer
(X.nasl):
X11/*/open
(X.nasl):
X11/*/version
(X.nasl):
xedus/*/running
(xedus_detect.nasl):
zebra/banner/*
(find_service2.nasl):
zebra/banner/*
(zebra_dos.nasl):
zonealarm/version
(zone_alarm_local_dos.nasl):

Test and debugging proceduresNASL API DocumentationFunctions from the NASL LibraryKnowledge Base