OpenVAS Change Request #26: OpenVAS-server: Introduction of more phases in NASL

Status: In discusssion.

Purpose

To achieve better flexibility in NASL and better integration with external tools.

Rationale

Currently, OpenVAS is host-oriented vulnerability scanner. That means that it forks for each IP tested. There is some cases when it is memory-effective and speed-effective to launch the scan against the hostgroup or whole targets. Launching nmap is one of the examples.

NASL have following categories/phases: { "ACT_INIT", ACT_INIT }, - phase to set KB items { "ACT_GATHER_INFO", ACT_GATHER_INFO }, { "ACT_ATTACK", ACT_ATTACK }, { "ACT_MIXED_ATTACK", ACT_MIXED_ATTACK }, { "ACT_DESTRUCTIVE_ATTACK", ACT_DESTRUCTIVE_ATTACK }, { "ACT_DENIAL", ACT_DENIAL }, { "ACT_SCANNER", ACT_SCANNER }, - single host port scanner { "ACT_SETTINGS", ACT_SETTINGS }, { "ACT_KILL_HOST", ACT_KILL_HOST }, { "ACT_FLOOD", ACT_FLOOD }, { "ACT_END", ACT_END },

Proposal would add following categories/phases: { "ACT_TARGETS", ACT_TARGETS }, - launched before ACT_SCANNER - executes NASLs on whole target specified { "ACT_HOSTGROUPS", ACT_HOSTGROUPS }, - launched after ACT_TARGETS - executes NASLs on whole hostgroup

Effects

Advantages

This would,

- help us in removing C plugins 
- provide better nmap(and similar tools) integration
- more flexible NASLs

Disadvantages

additional work

Design and Implementation

This CR needs changing of openvas-libnasl and openvas-server in order to introduce two new phases. As most of the NASLs are single host oriented, it might not be trivial task.

History

• 2008-12-30 Vlatko Kosturjak <kost at linux dot hrgt;:
  Initial text.