English | Deutsch
Home »

OpenVAS Change Request #44: Integrating NMAP NSE's into OpenVAS

Status: Voted +3. Done. First NSE wrappers appeared in OpenVAS NVT Feed since 2010-08-10.

Purpose

To have OpenVAS Server manage NSE scripts from NMAP analogous to NASL tests and possibly distribute NSE scripts as additional NVT's in with the OpenVAS NVT Feed.

References

General information about NMAP NSE (http://nmap.org/book/nse.html)

OpenVAS Change Request #13: Integrating the OVAL interpreter ovaldi into OpenVAS Server

Rationale

The Nmap Scripting Engine (NSE) allows users to write simple scripts to automate networking tasks. NSE scripts are generally used for network discovery, vulnerability detection and exploitation.

It is advantageous for OpenVAS to have the facility to launch NSE scripts (through NMAP) directly as they are because these tests cover aspects the NASL script don't (or even can't). This will be a value-addition for the NVT feed.

Furthermore, this aligns with the goal of having tighter integration of NMAP and OpenVAS, with the already existing port scanning, service detection from NMAP.

Effects

Design

OpenVAS will allow each NSE script to be loaded and launched like the way it handles NVT's.

The practical implementation will not be analog to the ovaldi-integration for OVAL scripts, because the NSE scripts do not offer a consistent scheme to inform their capabilities and needs, for example preferences.

NASL Wrapper for NSE scripts

The meta data for NSE scripts will be collected in a NASL wrapper for each NSE script. These wrapper scripts will take care of launching nmap with the respective preferences, issue messages according to the results and handle errors.

ID's for NSE scripts

NVTs are identified by OIDs within OpenVAS. NSE's are not associated with any identifiers. Since for each NSE a individual wrapper needs to be developed, the ID scheme should follow the current practice of ranges assigned for developers/developer teams.

Integration of NSE scripts into the feed

A new subdirectory "Nmap" in the feed would carry the .nasl-wrapper for the .nse-files. The actual NSE scripts are the ones from the system wide installation. The Wrapper will take care to check for the applicable nmap version.

Implementation

No modifications of the scanner are required. It is a pure NASL-based solution: For each NSE script a NASL wrapper is to be implemented.

History