Mailing List Archive: Nessus: plugins

Error adding custom scripts

Index | Next | Previous | View Threaded

frolic at debian-ce

Dec 26, 2007, 5:33 AM

Post #1 of 6 (1879 views)
Permalink

Error adding custom scripts

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all,

I read the FAQ and I searched on the internet about this topic, but I
didn't find any solution.

I'm trying to add a custom script to my nessus server. The machine is a
Pentium D 3 GHz. The nessus version is 3.0.6

When I copy the nasl script to /opt/nessus/lib/nessus/plugins/, and try
to start the server, I get this error:

/etc/init.d/nessusd start

Starting Nessus :

SIGSEGV dump (Process 4952)

si_code = 1 (SEGV_MAPERR)
si_addr = 0x0

Registers :
EIP = b7c5af33
ESP = bfb3a00c
EDI = 80f3600
ESI = 0
EBP = bfb3b128
EAX = 0
EBX = b7f1b148
ECX = 0
EDX = 81c7ea0

Stack :

Backtrace:

8052542
ffffe440
805aa6a
805a460
8059d25
805cf01
805bc48
b7bff450
804e4b1
0xb7f06c5d
0xffffffff
0x8089444
0xbfb3a0a0
0xbfb3a0a4
0xbfb3a0a8
0xbfb3a090
0x12
0x1b2
0x1ae
0x820a600
0x80ddee8
.

The script:

#
# This script was written by Eder "Frolic" Marques
# <frolic [at] debian-ce>
#
# This script is distributed under GPL License
#

if(description)
{
script_id(99991);
script_version("$Revision: 0.1 $");
name["english"] = "Apache2 banner disclosure";
desc["english"] = "
This script checks if the Apache2 is giving more
information that it would give.

Solution: Add these lines to apache2 configuration file:
ServerSignature Off
ServerTokens Prod

Risk factor : Low";

script_description(english:desc["english"]);
summary["english"] = "Checks apache2 banners";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007
Eder L. Marques");
family["english"] = "Footprinting";
script_family(english:family["english"]);
script_require_ports("Services/www", 80);
exit(0);
}

#
# Script code
#

include("http_func.inc");
include("backport.inc");

#verifica se está rodando o servico www
port = get_http_port(default:80);
if(!port) port = 80;
display("esta rodando o apache!\n");
if(!get_port_state(port)) exit(0);

# busca as informacoes do servidor
banner = get_backport_banner(banner:get_http_banner(port: port));
if(!banner)exit(0);

server = strstr(banner, "Server");
#display(server);
if(ereg(pattern:"^Server:.*Apache/[0-9]\.[0-9]\.[0-9].*PHP.*",
string:server))
{
display("brecha!\n");
security_hole(port);
}
else
display("sem brecha!\n");

##

Without my custom script, the server starts successfully.

Also, under the nasl interpreter, the script runs perfectly.

What's wrong? How can I add a custom script to my server?

Kind regards,

- --
Eder L. Marques
Just another weekend hacker
http://blog.edermarques.net/ | http://www.debian.org/
http://administrando.net/ | http://www.debianbrasil.org/
http://www.fsfla.org/ | http://www.debian-ce.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQIVAwUBR3JYKj9tnxvLkedtAQJJ9g/9FuSiiom3UYcJL73xfqoC5kbiHw5PltY6
0Ccv9HnKM2Ff8oPrFYeMmq1fmXY0gfsFC237lgOpVgNNxP6MN4YFMTFaneaYKdbg
D9drnrr4/dlKSDf25pmMnw9hyJ7moiG8u1qjfwfzOOhPvpqFZb78CeU0lVKglEYS
Qh/z2IJXV1Cm7gW7ZvFHFM6qyduyc2J679599nyVZTubh2y4Rsi/0/I52T2iCnxG
XJrTSzIN59gI6JT+XTIA6YvfpDsAT7f5kMc81AjOwriaXukMzHBBZQgPrkzO8QKo
4sGmix7RDiDegJHlbRr4Q4woE11VKAa5e9KyobzqO8/QkFqb2/rV7GFU7ZbGG2B+
8PAAMzPtpaMgHfAwrpF8JXLDi6QvJe0fKZWvPfyPzpm0sTC4Z93oiEGIzvfwWDNo
Vj/hKPR2YlOrzCIVXBc+cyaQdJmuAYbZxpQJ6jnK8AwDKA3NnjtWOgcOpJJjQSNe
WEqmKJIxGyx7Dfha6G7I2f5w5BCdVq+kFL5fOckhsVVVGvfSYn9ubeUyfBuMm1t1
CAOdRdLP2WdEZfYX50ga6Zz/bkAktnI7CP7Z4Ac7ai2LiS8U+5XexmrU9iD0V2Ky
muhQxy5a0NnhnHl12I2LihrwC0a2kyhrv+Q72+wYJEZRN6eXTgAkSYnesP6amCdo
xXNc5G0L15U=
=hBI/
-----END PGP SIGNATURE-----
_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers

deraison at nessus

Dec 26, 2007, 6:45 AM

Post #2 of 6 (1776 views)
Permalink

Re: Error adding custom scripts [In reply to]

Hi Eder,

Your script is missing a call to script_name() in the description
section, thus causing a known bug which will be fixed in a further
release of nessusd.

Simply add :

script_name(name["english"]);

in the description, and your script will load properly.

Also you can check the description part of the script in command-line
by doing :

nasl -VV yourscript.nasl

and by making sure that every mandatory field is not null.

-- Renaud

On Dec 26, 2007, at 2:33 PM, Eder L. Marques wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hello all,
>
> I read the FAQ and I searched on the internet about this topic, but I
> didn't find any solution.
>
> I'm trying to add a custom script to my nessus server. The machine
> is a
> Pentium D 3 GHz. The nessus version is 3.0.6
>
> When I copy the nasl script to /opt/nessus/lib/nessus/plugins/, and
> try
> to start the server, I get this error:
>
> /etc/init.d/nessusd start
>
> Starting Nessus :
>
> SIGSEGV dump (Process 4952)
>
> si_code = 1 (SEGV_MAPERR)
> si_addr = 0x0
>
> Registers :
> EIP = b7c5af33
> ESP = bfb3a00c
> EDI = 80f3600
> ESI = 0
> EBP = bfb3b128
> EAX = 0
> EBX = b7f1b148
> ECX = 0
> EDX = 81c7ea0
>
> Stack :
>
>
> Backtrace:
>
> 8052542
> ffffe440
> 805aa6a
> 805a460
> 8059d25
> 805cf01
> 805bc48
> b7bff450
> 804e4b1
> 0xb7f06c5d
> 0xffffffff
> 0x8089444
> 0xbfb3a0a0
> 0xbfb3a0a4
> 0xbfb3a0a8
> 0xbfb3a090
> 0x12
> 0x1b2
> 0x1ae
> 0x820a600
> 0x80ddee8
> .
>
>
> The script:
>
> #
> # This script was written by Eder "Frolic" Marques
> # <frolic [at] debian-ce>
> #
> # This script is distributed under GPL License
> #
>
> if(description)
> {
> script_id(99991);
> script_version("$Revision: 0.1 $");
> name["english"] = "Apache2 banner disclosure";
> desc["english"] = "
> This script checks if the Apache2 is giving more
> information that it would give.
>
> Solution: Add these lines to apache2 configuration file:
> ServerSignature Off
> ServerTokens Prod
>
> Risk factor : Low";
>
> script_description(english:desc["english"]);
> summary["english"] = "Checks apache2 banners";
> script_summary(english:summary["english"]);
> script_category(ACT_GATHER_INFO);
> script_copyright(english:"This script is Copyright (C) 2007
> Eder L. Marques");
> family["english"] = "Footprinting";
> script_family(english:family["english"]);
> script_require_ports("Services/www", 80);
> exit(0);
> }
>
> #
> # Script code
> #
>
> include("http_func.inc");
> include("backport.inc");
>
> #verifica se est� rodando o servico www
> port = get_http_port(default:80);
> if(!port) port = 80;
> display("esta rodando o apache!\n");
> if(!get_port_state(port)) exit(0);
>
> # busca as informacoes do servidor
> banner = get_backport_banner(banner:get_http_banner(port: port));
> if(!banner)exit(0);
>
> server = strstr(banner, "Server");
> #display(server);
> if(ereg(pattern:"^Server:.*Apache/[0-9]\.[0-9]\.[0-9].*PHP.*",
> string:server))
> {
> display("brecha!\n");
> security_hole(port);
> }
> else
> display("sem brecha!\n");
>
>
> ##
>
> Without my custom script, the server starts successfully.
>
> Also, under the nasl interpreter, the script runs perfectly.
>
> What's wrong? How can I add a custom script to my server?
>
> Kind regards,
>
> - --
> Eder L. Marques
> Just another weekend hacker
> http://blog.edermarques.net/ | http://www.debian.org/
> http://administrando.net/ | http://www.debianbrasil.org/
> http://www.fsfla.org/ | http://www.debian-ce.org/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iQIVAwUBR3JYKj9tnxvLkedtAQJJ9g/9FuSiiom3UYcJL73xfqoC5kbiHw5PltY6
> 0Ccv9HnKM2Ff8oPrFYeMmq1fmXY0gfsFC237lgOpVgNNxP6MN4YFMTFaneaYKdbg
> D9drnrr4/dlKSDf25pmMnw9hyJ7moiG8u1qjfwfzOOhPvpqFZb78CeU0lVKglEYS
> Qh/z2IJXV1Cm7gW7ZvFHFM6qyduyc2J679599nyVZTubh2y4Rsi/0/I52T2iCnxG
> XJrTSzIN59gI6JT+XTIA6YvfpDsAT7f5kMc81AjOwriaXukMzHBBZQgPrkzO8QKo
> 4sGmix7RDiDegJHlbRr4Q4woE11VKAa5e9KyobzqO8/QkFqb2/rV7GFU7ZbGG2B+
> 8PAAMzPtpaMgHfAwrpF8JXLDi6QvJe0fKZWvPfyPzpm0sTC4Z93oiEGIzvfwWDNo
> Vj/hKPR2YlOrzCIVXBc+cyaQdJmuAYbZxpQJ6jnK8AwDKA3NnjtWOgcOpJJjQSNe
> WEqmKJIxGyx7Dfha6G7I2f5w5BCdVq+kFL5fOckhsVVVGvfSYn9ubeUyfBuMm1t1
> CAOdRdLP2WdEZfYX50ga6Zz/bkAktnI7CP7Z4Ac7ai2LiS8U+5XexmrU9iD0V2Ky
> muhQxy5a0NnhnHl12I2LihrwC0a2kyhrv+Q72+wYJEZRN6eXTgAkSYnesP6amCdo
> xXNc5G0L15U=
> =hBI/
> -----END PGP SIGNATURE-----
> _______________________________________________
> Plugins-writers mailing list
> Plugins-writers [at] list
> http://mail.nessus.org/mailman/listinfo/plugins-writers

_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers

frolic at debian-ce

Dec 26, 2007, 10:57 AM

Post #3 of 6 (1782 views)
Permalink

Re: Error adding custom scripts [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Renaud Deraison escreveu:
> Simply add :
>
> script_name(name["english"]);
>
> in the description, and your script will load properly.
>

Tanks for your help Renaud!

Now I can add the script to the nessus script directory and start the
server without errors.

But after log in with nessus-client (v3.0.0) into the server, and go to
edit "Default scan policy"/ "Plugin Selection" window, I can't see this
script listed.

Also, I had searched by id and family, but without results.

Need I to do anything else after copy the script to nessusd plugin
directory?

The server and the client was installed via .deb packages available
under nessus.org main site.

Kind regards,

- --
Eder L. Marques
Just another weekend hacker
http://blog.edermarques.net/ | http://www.debian.org/
http://administrando.net/ | http://www.debianbrasil.org/
http://www.fsfla.org/ | http://www.debian-ce.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQIVAwUBR3KkID9tnxvLkedtAQIdpw//QFXU9aE+WWD4qTRMDAKRUw/DgAZBwWJo
fubySyXwuyfL2dsXUEHLasHIwPUUR8GpBq6LNHDLJEd1daIM2tuN3S5FWymuw+2B
bO+OA6oBobofvjllBGBtYbkhHjz/6cm41dfnQK495Cjo7hvEbg+8sK4FlGWS94AA
S7IKFQbJQNHGZxV3r5Joz9mevljjtOXkba7HMjKdBrxnd1505S0TdugETjSpXYBh
sFwpZfYu1N8FzHoMPRtrdIeVDnvFqO79T2Z/u9C5oS5qmpMStOaMaDNmquiqeCUw
kSNPwqNo51x7rGZohasCTlJhJTSM9XzSqrWyAe2q0bpnHrEbYsDbkxSK+sTdDhw6
jfumWIQGv+aMYm+nFe8G6V3/hU6D9jjod0KgccAX2FZkeVCBFNubZGLLLxIFkDjg
pncQWsGJbVWzh9eC2BeGiH9dalzS4VsUzRgbzjK00W0v7oSIW9UBIr3DWBQ/n29D
xk+7V7jp+vDiFrc+vX+eLcmaM/fbhB/XkIqVLXLJjePTvAeb9G2hQKBpUwDwe9Jt
xvyIdi3gvFlPISZIU8VrBEkVrbGz2m6RgE+PpEmSyaWBKJjlMFxDbVYuUirb3933
THOEqgVZNYWB0+sIWcUqN1JFOMMS4fqDjRo4Qa4IGImUKHkMFWMT20DcIDEgqVii
WG6Q9Ts2LNk=
=sDTO
-----END PGP SIGNATURE-----
_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers

deraison at nessus

Dec 26, 2007, 11:22 AM

Post #4 of 6 (1769 views)
Permalink

Re: Error adding custom scripts [In reply to]

On Dec 26, 2007, at 7:57 PM, Eder L. Marques wrote:
>
>
> Now I can add the script to the nessus script directory and start the
> server without errors.
>
> But after log in with nessus-client (v3.0.0) into the server, and go
> to
> edit "Default scan policy"/ "Plugin Selection" window, I can't see
> this
> script listed.
>
> Also, I had searched by id and family, but without results.

By any chance, is there any carriage return in script_copyright() ? If
there is, then nessusd will consider the output malformed and silently
ignore the plugin.

-- Renaud
_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers

frolic at debian-ce

Dec 26, 2007, 12:01 PM

Post #5 of 6 (1774 views)
Permalink

Re: Error adding custom scripts [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Renaud Deraison escreveu:
> By any chance, is there any carriage return in script_copyright() ? If
> there is, then nessusd will consider the output malformed and silently
> ignore the plugin.
>

There was. I fixed it, but still not working... :(

nasl apache2.nasl -VV
Script ID : 99991
Script Name : Apache2 banner disclosure
Script Version : $Revision: 0.3 $
Copyright : This script is Copyright (C) 2007 Eder L. Marques
Family : Web Servers

CVE : (null)
BID : (null)
XRefs : (null)
Description :
This script checks if the Apache2 is giving more
information that it would give.
Solution: Add these lines to apache2 configuration file:
ServerSignature Off
ServerTokens Prod
Risk factor : Low

P.S - My scanner isn't registered yet.

Kind regards,

- --
Eder L. Marques
Just another weekend hacker
http://blog.edermarques.net/ | http://www.debian.org/
http://administrando.net/ | http://www.debianbrasil.org/
http://www.fsfla.org/ | http://www.debian-ce.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQIVAwUBR3KzBj9tnxvLkedtAQIcgw/7BD6p4WSxhxgRksTEKBjziHW/XaXJRKeG
lgOfmaTF52+BUldhNSuc/Ori/LpD2tEyZlRxW6kV4AY9i9YlCXP8ywV/TIeF9Fa4
JJhKx2eDGn0PZy24Gha6YYRAtc9+Xu4so2Nm8Ud1xrOUKuSMUX0XGzkXEsqT1eDa
y7+YRLXTlZZOo0TMx0w8zIfbaLrv4WDVbSeD2AhrU2CQYME2N22++PGGgSpNLkTf
a7muqI0boFMWipo31pvC4PPgAnVajN+KIN1ug2Z+obTfNFfpclXfq9VYSqTgytyU
2yWLMhPtH1nqSVh3b91cx7I7WuOo9rvWBlm/REZu6GHfbcSg5CxFpKoTHoKxnuLm
rmjp4Zq0EjkOrbyeVoZ4Bakjoiz3ziLnp8F5kRzCCDmBDTXFenJP/XeEtdKjUDkN
2jDAf/skwfuBVJTAuuTK122cb2tIq9LaAN9vp8XOB2bdJeFCo44ycJZiNgZosoHN
HFm7G/uldEhKJnSGJ3aeQrH5kWTZo4lTLURr9kiYybx2hTmN1M3P61dnPXCcbQ8X
VK4jAxnDi9JDvTw7cSGTQ41Xn2MDYTOxg6GIRiP0HdbYbNULFq21bQeJeK56ViZs
D7mNwg+iv295KM9ZiArsbxvezueTPreMgBN8/auJimHHmLhzEup0FhDNdYx/LXZO
PeSOaTTwafU=
=NZIa
-----END PGP SIGNATURE-----
_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers

deraison at nessus

Dec 26, 2007, 12:15 PM

Post #6 of 6 (1776 views)
Permalink

Re: Error adding custom scripts [In reply to]

On Dec 26, 2007, at 9:01 PM, Eder L. Marques wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Renaud Deraison escreveu:
>> By any chance, is there any carriage return in script_copyright() ?
>> If
>> there is, then nessusd will consider the output malformed and
>> silently
>> ignore the plugin.
>>
>
> There was. I fixed it, but still not working... :(

Did you restart nessusd by doing 'nessusd -t -D' to force it to check
the timestamp of your plugin ?
_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads