OpenVAS Change Request #26: OpenVAS-server: Introduction of more phases in NASL
Status: In discusssion.
Purpose
To achieve better flexibility in NASL and better integration with external tools.
Rationale
Currently, OpenVAS is host-oriented vulnerability scanner. That means that it forks for each IP tested. There is some cases when it is memory-effective and speed-effective to launch the scan against the hostgroup or whole targets. Launching nmap is one of the examples.
NASL have following categories/phases: { "ACT_INIT", ACT_INIT }, - phase to set KB items { "ACT_GATHER_INFO", ACT_GATHER_INFO }, { "ACT_ATTACK", ACT_ATTACK }, { "ACT_MIXED_ATTACK", ACT_MIXED_ATTACK }, { "ACT_DESTRUCTIVE_ATTACK", ACT_DESTRUCTIVE_ATTACK }, { "ACT_DENIAL", ACT_DENIAL }, { "ACT_SCANNER", ACT_SCANNER }, - single host port scanner { "ACT_SETTINGS", ACT_SETTINGS }, { "ACT_KILL_HOST", ACT_KILL_HOST }, { "ACT_FLOOD", ACT_FLOOD }, { "ACT_END", ACT_END },
Proposal would add following categories/phases: { "ACT_TARGETS", ACT_TARGETS }, - launched before ACT_SCANNER - executes NASLs on whole target specified { "ACT_HOSTGROUPS", ACT_HOSTGROUPS }, - launched after ACT_TARGETS - executes NASLs on whole hostgroup
Effects
Advantages
This would,
- help us in removing C plugins - provide better nmap(and similar tools) integration - more flexible NASLs
Disadvantages
additional work
Design and Implementation
This CR needs changing of openvas-libnasl and openvas-server in order to introduce two new phases. As most of the NASLs are single host oriented, it might not be trivial task.
History
- 2008-12-30 Vlatko Kosturjak <kost at linux dot hrgt;:
Initial text.