gather-package-list.nasl

漏洞扫描源码,可以扫描linux,windows,交换机路由器

# OpenVAS Vulnerability Test
# $Id$
# Description: Gather installed packages/rpms/etc for local security checks
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
# Tim Brown <timb@nth-dimension.org.uk>
#
# Copyright:
# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
# Copyright (c) 2008 Tim Brown
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License Version 2
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
#

if(description)
{
 script_id(50282);
 script_version("1.1");

 name["english"] = "Determine OS and list of installed packages via SSH login";
 script_name(english:name["english"]);

 desc["english"] = "
This script will, if given a userid/password or
key to the remote system, login to that system,
determine the OS it is running, and for supported
systems, extract the list of installed packages/rpms.

Risk factor : None";

 script_description(english:desc["english"]);

 summary["english"] = "Determine OS and list of installed packages via SSH login";
 script_summary(english:summary["english"]);

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com & Tim Brown");
 family["english"] = "Misc.";
 script_family(english:family["english"]);
 script_dependencies("find_service.nes", "ssh_authorization.nasl");
 exit(0);
}

#
# The script code starts here
#
cmdline = 0;
include("ssh_func.inc");

port = get_kb_item("Services/ssh");
if(!port) {
    port = 22;
}
sock = ssh_login_or_reuse_connection();
if(!sock) {
    exit(0);
}

# First command: Grab uname -a of the remote system
uname = ssh_cmd(socket:sock, cmd:"uname -a");
set_kb_item(name: "ssh/login/uname", value:uname);

# GNU/Linux platforms:

# Ok...let's first check if this is a RedHat/Fedora Core/Mandrake release
rls = ssh_cmd(socket:sock, cmd:"cat /etc/redhat-release");
if("Red Hat Linux release 7.3" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "RH7.3");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if("Red Hat Linux release 8.0 (Psyche)" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "RH8.0");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if("Red Hat Linux release 9 (Shrike)" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "RH9");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if("Fedora Core release 1 (Yarrow)" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "FC1");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if("Fedora Core release 2 (Tettnang)" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "FC2");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if("Fedora Core release 3 (Heidelberg)" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "FC3");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if("Fedora Core release 4 (Stentz)" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "FC4");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if("Fedora Core release 5 (Bordeaux)" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "FC5");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if("Fedora Core release 6 (Zod)" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "FC6");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if("Fedora release 7 (Moonshine)" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "FC7");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if("Fedora release 8 (Werewolf)" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "FC8");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if("Fedora release 9 (Sulphur)" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "FC9");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}

# Red Hat Enterprise Linux ES release 2.1 (Panama)
# Red Hat Enterprise Linux AS release 3 (Taroon Update 1)
# Red Hat Enterprise Linux AS release 3 (Taroon Update 2)
# Red Hat Enterprise Linux AS release 3 (Taroon Update 3)
# Red Hat Enterprise Linux Desktop release 3.90

if(egrep(pattern:"Red Hat Enterprise.*release 2\.1", string:rls)) {
    set_kb_item(name: "ssh/login/release", value: "RHENT_2.1");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if(egrep(pattern:"Red Hat Enterprise.*release 3 ", string:rls)) {
    set_kb_item(name: "ssh/login/release", value: "RHENT_3");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if(egrep(pattern:"Red Hat Enterprise.*release 4 ", string:rls)) {
    set_kb_item(name: "ssh/login/release", value: "RHENT_4");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if(egrep(pattern:"Red Hat Enterprise.*release 5 ", string:rls)) {
    set_kb_item(name: "ssh/login/release", value: "RHENT_5");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}

if("Mandriva Linux release 2008.1" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "MNDK_2008.1");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if("Mandriva Linux release 2008.0" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "MNDK_2008.0");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if("Mandriva Linux release 2007.1" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "MNDK_2007.1");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if("Mandriva Linux release 2007.0" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "MNDK_2007.0");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if("Mandriva Linux release 2006.0" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "MNDK_2006.0");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}
if("Mandrakelinux release 10.2" >< rls) {
    set_kb_item(name: "ssh/login/release", value: "MNDK_10.2");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
    exit(0);
}