gather-package-list.nasl

漏洞扫描源码,可以扫描linux,windows,交换机路由器

    security_note(port:port, data:string("We are able to login and detect that you are running Debian 4.0 (Etch)"));
    exit(0);
}

# How about Slackware?
rls = ssh_cmd(socket:sock, cmd:"cat /etc/slackware-version");
if("Slackware 12.0"><rls) {
    set_kb_item(name: "ssh/login/release", value: "SLK12.0");
    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
    set_kb_item(name: "ssh/login/slackpack", value:buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 12.0"));
    exit(0);
}
if("Slackware 11.0"><rls) {
    set_kb_item(name: "ssh/login/release", value: "SLK11.0");
    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
    set_kb_item(name: "ssh/login/slackpack", value:buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 11.0"));
    exit(0);
}
if("Slackware 10.2"><rls) {
    set_kb_item(name: "ssh/login/release", value: "SLK10.2");
    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
    set_kb_item(name: "ssh/login/slackpack", value:buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 10.2"));
    exit(0);
}
if("Slackware 10.1"><rls) {
    set_kb_item(name: "ssh/login/release", value: "SLK10.1");
    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
    set_kb_item(name: "ssh/login/slackpack", value:buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 10.1"));
    exit(0);
}
if("Slackware 10.0"><rls) {
    set_kb_item(name: "ssh/login/release", value: "SLK10.0");
    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
    set_kb_item(name: "ssh/login/slackpack", value:buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 10.0"));
    exit(0);
}
if("Slackware 9.1"><rls) {
    set_kb_item(name: "ssh/login/release", value: "SLK9.1");
    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
    set_kb_item(name: "ssh/login/slackpack", value:buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 9.1"));
    exit(0);
}
if("Slackware 9.0"><rls) {
    set_kb_item(name: "ssh/login/release", value: "SLK9.0");
    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
    set_kb_item(name: "ssh/login/slackpack", value:buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 9.0"));
    exit(0);
}
if("Slackware 8.1"><rls) {
    set_kb_item(name: "ssh/login/release", value: "SLK8.1");
    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
    set_kb_item(name: "ssh/login/slackpack", value:buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 8.1"));
    exit(0);
}
# How about SuSe?
# SuSE Linux 9.x (i586)
# SUSE LINUX 11.0

rls = toupper(ssh_cmd(socket:sock, cmd:"cat /etc/SuSE-release"));
if("SUSE"><rls) {
    ver = eregmatch(pattern:"VERSION = ([0-9\.]+)", string:rls);
    if( isnull(ver) ) ver[1] = " ";
    set_kb_item(name: "ssh/login/release", value: "SUSE"+ver[1]);
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux "+ver[1]));
    exit(0);
}

# How about Trustix?
rls = ssh_cmd(socket:sock, cmd:"cat /etc/release");
rls2 = ssh_cmd(socket:sock, cmd:"cat /etc/trustix-release");
if("Trustix Secure Linux release 3.0.5"><rls ||
       "Trustix Secure Linux release 3.0.5"><rls2) {
    set_kb_item(name: "ssh/login/release", value: "TSL3.0.5");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 3.0.5"));
    exit(0);
}
if("Trustix Secure Linux release 3.0"><rls ||
       "Trustix Secure Linux release 3.0"><rls2) {
    set_kb_item(name: "ssh/login/release", value: "TSL3.0");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 3.0"));
    exit(0);
}
if("Trustix Secure Linux release 2.2"><rls ||
       "Trustix Secure Linux release 2.2"><rls2) {
    set_kb_item(name: "ssh/login/release", value: "TSL2.2");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.2"));
    exit(0);
}
if("Trustix Secure Linux release 2.1"><rls ||
       "Trustix Secure Linux release 2.1"><rls2) {
    set_kb_item(name: "ssh/login/release", value: "TSL2.1");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.1"));
    exit(0);
}
if("Trustix Secure Linux release 2.0"><rls ||
       "Trustix Secure Linux release 2.0"><rls2) {
    set_kb_item(name: "ssh/login/release", value: "TSL2.0");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.0"));
    exit(0);
}
if("Trustix Secure Linux release 1.5"><rls ||
       "Trustix Secure Linux release 1.5"><rls2) {
    set_kb_item(name: "ssh/login/release", value: "TSL1.5");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.5"));
    exit(0);
}
if("Trustix Secure Linux release 1.2"><rls ||
       "Trustix Secure Linux release 1.2"><rls2) {
    set_kb_item(name: "ssh/login/release", value: "TSL1.2");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.2"));
    exit(0);
}
if("Trustix Secure Linux release 1.1"><rls ||
       "Trustix Secure Linux release 1.1"><rls2) {
    set_kb_item(name: "ssh/login/release", value: "TSL1.1");
    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.1"));
    exit(0);
}
# Missing Trustix e-2

# How about Gentoo? Note, just check that its ANY gentoo release, since the
# build # doesn't matter for purposes of checking package version numbers.
rls = ssh_cmd(socket:sock, cmd:"cat /etc/gentoo-release");
if("Gentoo"><rls) {
    set_kb_item(name: "ssh/login/release", value: "GENTOO");
    set_kb_item(name: "ssh/login/gentoo", value: "GENTOO");
    buf = ssh_cmd(socket:sock, cmd:'find /var/db/pkg -mindepth 2 -maxdepth 2 -printf "%P\\n"');
    set_kb_item(name: "ssh/login/pkg", value: buf);
    # Determine the list of maintained packages
    buf = ssh_cmd(socket:sock, cmd: "find /usr/portage/ -wholename '/usr/portage/*-*/*.ebuild' | sed 's,/usr/portage/\([^/]*\)/.*/\([^/]*\)\.ebuild$,\1/\2,'");
    if(strlen(buf)==0) { # Earlier find used 'path' in place of 'wholename'
	buf = ssh_cmd(socket:sock, cmd: "find /usr/portage/ -path '/usr/portage/*-*/*.ebuild' | sed 's,/usr/portage/\([^/]*\)/.*/\([^/]*\)\.ebuild$,\1/\2,'");
    }
    set_kb_item(name: "ssh/login/gentoo_maintained", value: buf);
    security_note(port:port, data:string("We are able to login and detect that you are running Gentoo"));
    exit(0);
}

# Non GNU/Linux platforms:

#How about FreeBSD?  If the uname line begins with "FreeBSD ", we have a match
if(substr(uname, 0, 7)=="FreeBSD ") {
    version=eregmatch(pattern:"^[^ ]+ [^ ]+ ([^ ]+)+",string:uname);
    splitup = eregmatch(pattern:"([^-]+)-([^-]+)-p([0-9]+)", string:version[1]);
    found = 0;
    if(!isnull(splitup)) {
	release = splitup[1];
	patchlevel = splitup[3];
	found = 1;
    } else {
	splitup = eregmatch(pattern:"([^-]+)-RELEASE", string:version[1]);
	if(!isnull(splitup)) {
	    release = splitup[1];
	    patchlevel = "0";
	    found = 1;
	} else {
	    splitup=eregmatch(pattern:"([^-]+)-SECURITY",string:version[1]);
	    if(!isnull(splitup)) {
		release = splitup[1];
		security_note(port:port, data:string("We have detected you are running FreeBSD ", splitup[0], ". It also appears that you are using freebsd-update, a binary update tool for keeping your distribution up to date.  We will not be able to check your core distribution for vulnerabilities, but we will check your installed ports packages."));
		found = 2;
	    } else {
		security_note(port:port, data:string("You appear to be running FreeBSD, but we do not recognize the output format of uname: ", uname, ". Local security checks will NOT be run."));
	    }
	}
    }
    if(found==1) {
	set_kb_item(name: "ssh/login/freebsdrel", value: release);
	set_kb_item(name: "ssh/login/freebsdpatchlevel", value: patchlevel);
	security_note(port:port, data:string("We are able to login and detect that you are running FreeBSD ", release, " Patch level: ", patchlevel));
    }
    if(found==2) {
	set_kb_item(name: "ssh/login/freebsdrel", value: release);
	security_note(port:port, data:string("We are able to login and detect that you are running FreeBSD ", release, " Patch level: Unknown"));
    }
    if(found!=0) {
	buf = ssh_cmd(socket:sock, cmd:"pkg_info");
	set_kb_item(name: "ssh/login/freebsdpkg", value:buf);
    }
    exit(0);
}

# Whilst we're at it, lets check if it's Solaris
if (substr(uname, 0, 5) == "SunOS ") {
    osversion = ssh_cmd(socket:sock, cmd:"uname -r");
    set_kb_item(name: "ssh/login/solosversion", value:osversion);
    hardwaretype = ssh_cmd(socket:sock, cmd:"uname -p");
    set_kb_item(name: "ssh/login/solhardwaretype", value:hardwaretype);
    buf = ssh_cmd(socket:sock, cmd:"pkginfo");
    set_kb_item(name: "ssh/login/solpackages", value:buf);
    buf = ssh_cmd(socket:sock, cmd:"showrev -p");
    set_kb_item(name: "ssh/login/solpatches", value:buf);
    if (hardwaretype >< "sparc") {
        security_note(port:port, data:string("We are able to login and detect that you are running Solaris ", osversion, " Arch: SPARC"));
    } else {
        security_note(port:port, data:string("We are able to login and detect that you are running Solaris ", osversion, " Arch: x86"));
    }
    exit(0);
}

#{ "NetBSD",     "????????????????",         },
#{ "OpenBSD",    "????????????????",         },
#{ "WhiteBox",   "????????????????",         },
#{ "Linspire",   "????????????????",         },
#{ "Desktop BSD","????????????????",         },
#{ "PC-BSD",     "????????????????",         },
#{ "FreeSBIE",   "????????????????",         },
#{ "JDS",        "/etc/sun-release",         },
#{ "Yellow Dog", "/etc/yellowdog-release",   },

security_note(port: 0, data: strcat('System identifier unknown: "', uname, '"\nTherefore no local security checks applied (missing list of installed packages) though ssh login provided and works'));

exit(0);