OpenVAS Scanner
7.0.1~git
|
Go to the documentation of this file.
22 #include "../misc/network.h"
23 #include "../misc/plugutils.h"
29 #include <gvm/util/nvticache.h>
36 #include <sys/types.h>
40 #define CERT_FILE "SSL certificate : "
41 #define KEY_FILE "SSL private key : "
42 #define PEM_PASS "PEM password : "
43 #define CA_FILE "CA file : "
44 #define CNX_TIMEOUT_PREF "Network connection timeout : "
45 #define RW_TIMEOUT_PREF "Network read/write timeout : "
46 #define WRAP_TIMEOUT_PREF "Wrapped service read timeout : "
47 #define TEST_SSL_PREF "Test SSL based services"
49 #define NUM_CHILDREN "Number of connections done in parallel : "
55 #define G_LOG_DOMAIN "lib nasl"
65 snprintf (k,
sizeof (k),
"Services/%s", proto);
81 snprintf (k,
sizeof (k),
"Known/tcp/%d", port);
99 if (regcomp (&re, pattern, REG_EXTENDED | REG_NOSUB | REG_ICASE))
101 if (regexec (&re,
string, 0, NULL, 0))
112 post_log (
oid, desc, port,
"Chargen is running on this port");
119 post_log (
oid, desc, port,
"An echo server is running on this port");
129 snprintf (ban,
sizeof (ban),
"http-rpc-epmap/banner/%d", port);
135 snprintf (ban,
sizeof (ban),
"ncacn_http/banner/%d", port);
145 snprintf (ban,
sizeof (ban),
"vnc/banner/%d", port);
154 snprintf (ban,
sizeof (ban),
"nntp/banner/%d", port);
156 snprintf (ban,
sizeof (ban),
"An NNTP server is running on this port%s",
178 snprintf (ban,
sizeof (ban),
"A mldonkey server is running on this port");
188 snprintf (ban,
sizeof (ban),
"www/banner/%d", port);
190 snprintf (ban,
sizeof (ban),
"A web server is running on this port%s",
197 unsigned char *buffer,
int trp)
201 snprintf (ban,
sizeof (ban),
"AdSubtract/banner/%d", port);
203 snprintf (ban,
sizeof (ban),
204 "A (locked) AdSubtract server is running on this port%s",
213 post_log (
oid, desc, port,
"A gopher server is running on this port");
221 snprintf (ban,
sizeof (ban),
"realserver/banner/%d", port);
224 snprintf (ban,
sizeof (ban),
"A RealMedia server is running on this port%s",
234 snprintf (ban,
sizeof (ban),
"smtp/banner/%d", port);
237 if (strstr (buffer,
" postfix"))
241 char *report = g_malloc0 (255 + strlen (buffer));
242 char *t = strchr (buffer,
'\n');
245 snprintf (report, 255 + strlen (buffer),
246 "An SMTP server is running on this port%s\n\
247 Here is its banner : \n%s",
257 char ban[512], *report, *t;
259 snprintf (ban,
sizeof (ban),
"snpp/banner/%d", port);
262 report = g_malloc0 (255 + strlen (buffer));
263 t = strchr (buffer,
'\n');
266 snprintf (report, 255 + strlen (buffer),
267 "An SNPP server is running on this port%s\n\
268 Here is its banner : \n%s",
283 snprintf (ban,
sizeof (ban),
"ftp/banner/%d", port);
288 char *report = g_malloc0 (255 + strlen (buffer));
289 char *t = strchr (buffer,
'\n');
292 snprintf (report, 255 + strlen (buffer),
293 "An FTP server is running on this port%s.\n\
294 Here is its banner : \n%s",
302 snprintf (report,
sizeof (report),
303 "An FTP server is running on this port%s.",
313 while ((buffer[strlen (buffer) - 1] ==
'\n')
314 || (buffer[strlen (buffer) - 1] ==
'\r'))
315 buffer[strlen (buffer) - 1] =
'\0';
316 post_log (
oid, desc, port,
"An ssh server is running on this port");
325 snprintf (ban,
sizeof (ban),
"An HTTP proxy is running on this port%s",
333 char *c = strchr (buffer,
'\n');
340 buffer2 = g_strdup (buffer);
341 for (i = 0; i < strlen (buffer2); i++)
342 buffer2[i] = tolower (buffer2[i]);
343 if (!strcmp (buffer2,
"+ok"))
346 snprintf (ban,
sizeof (ban),
"pop1/banner/%d", port);
349 else if (strstr (buffer2,
"pop2"))
352 snprintf (ban,
sizeof (ban),
"pop2/banner/%d", port);
354 post_log (
oid, desc, port,
"a pop2 server is running on this port");
359 snprintf (ban,
sizeof (ban),
"pop3/banner/%d", port);
361 post_log (
oid, desc, port,
"A pop3 server is running on this port");
371 snprintf (ban,
sizeof (ban),
"imap/banner/%d", port);
374 snprintf (ban,
sizeof (ban),
"An IMAP server is running on this port%s",
384 post_log (
oid, desc, port,
"An identd server is running on this port");
396 post_log (
oid, desc, port,
"A PostgreSQL server is running on this port");
404 "A Sphinx search server (MySQL listener)"
405 "seems to be running on this port");
413 post_log (
oid, desc, port,
"A MySQL server is running on this port");
421 post_log (
oid, desc, port,
"A CVS pserver server is running on this port");
428 post_log (
oid, desc, port,
"A CVSup server is running on this port");
436 post_log (
oid, desc, port,
"A CVSLock server server is running on this port");
443 post_log (
oid, desc, port,
"A rsync server is running on this port");
453 "A shell seems to be running on this port ! (this is a possible backdoor)");
462 snprintf (ban,
sizeof (ban),
463 "A telnet server seems to be running on this port%s",
475 snprintf (ban,
sizeof (ban),
476 "A Gnome 1.4 server seems to be running on this port%s",
490 "An eggdrop IRC bot seems to be running a control server on this port%s",
500 post_alarm (
oid, desc, port,
"NetBus is running on this port");
508 snprintf (ban,
sizeof (ban),
"linuxconf/banner/%d", port);
510 post_log (
oid, desc, port,
"Linuxconf is running on this port");
520 snprintf (tmp,
sizeof (tmp),
521 "A finger server seems to be running on this port%s",
532 snprintf (tmp,
sizeof (tmp),
"vtun/banner/%d", port);
539 snprintf (tmp,
sizeof (tmp),
540 "A VTUN server seems to be running on this port%s",
544 snprintf (tmp,
sizeof (tmp),
545 "A VTUN server seems to be running on this port%s\n"
546 "Here is its banner:\n%s\n",
558 snprintf (tmp,
sizeof (tmp),
"uucp/banner/%d", port);
563 snprintf (tmp,
sizeof (tmp),
564 "An UUCP server seems to be running on this port%s",
575 snprintf (tmp,
sizeof (tmp),
576 "A LPD server seems to be running on this port%s",
588 snprintf (tmp,
sizeof (tmp),
589 "A LysKOM server seems to be running on this port%s",
601 snprintf (tmp,
sizeof (tmp),
"A PH server seems to be running on this port%s",
612 snprintf (tmp,
sizeof (tmp),
613 "A time server seems to be running on this port%s",
624 snprintf (tmp,
sizeof (tmp),
625 "An iPlanet ENS (Event Notification Server) seems to be running on "
637 snprintf (tmp,
sizeof (tmp),
638 "a Citrix server seems to be running on this port%s",
649 snprintf (tmp,
sizeof (tmp),
650 "A GIOP-enabled service is running on this port%s",
663 snprintf (ban,
sizeof (ban),
"exchg-routing/banner/%d", port);
666 snprintf (ban,
sizeof (ban),
667 "A Microsoft Exchange routing server is running on this port%s",
679 snprintf (msg,
sizeof (msg),
680 "A tcpmux server seems to be running on this port%s",
691 snprintf (msg,
sizeof (msg),
692 "A BitTorrent server seems to be running on this port%s",
703 snprintf (msg,
sizeof (msg),
704 "A SNMP Multiplexer (smux) seems to be running on this port%s",
720 snprintf (tmp,
sizeof (tmp),
"A LISa daemon is running on this port%s",
736 post_log (
oid, desc, port,
"A MSDTC server is running on this port");
744 snprintf (ban,
sizeof (ban),
"pop3pw/banner/%d", port);
746 snprintf (ban,
sizeof (ban),
"A pop3pw server is running on this port%s",
771 snprintf (ban,
sizeof (ban),
"whois++/banner/%d", port);
773 snprintf (ban,
sizeof (ban),
"A whois++ server is running on this port%s",
792 snprintf (ban,
sizeof (ban),
"mon/banner/%d", port);
794 snprintf (ban,
sizeof (ban),
"A mon server is running on this port%s",
805 snprintf (ban,
sizeof (ban),
806 "A CheckPoint FW1 SecureRemote or FW1 FWModule server is running "
828 snprintf (ban,
sizeof (ban),
"A PsyBNC IRC proxy is running on this port%s",
847 snprintf (ban,
sizeof (ban),
"A shoutcast server is running on this port%s",
866 "An AdsGone (a popup banner blocking server) is running on this port%s",
894 snprintf (ban,
sizeof (ban),
"acap/banner/%d", port);
897 snprintf (ban,
sizeof (ban),
"An ACAP server is running on this port%s",
922 snprintf (ban,
sizeof (ban),
"A nagiosd server is running on this port%s",
939 snprintf (ban,
sizeof (ban),
"A teamspeak2 server is running on this port%s",
963 snprintf (ban,
sizeof (ban),
"A WEBSM server is running on this port%s",
977 snprintf (ban,
sizeof (ban),
978 "An OFA/Express server is running on this port%s",
994 snprintf (ban,
sizeof (ban),
995 "A SuSE Meta pppd server is running on this port%s",
1012 snprintf (ban,
sizeof (ban),
1013 "An upsd/upsmon server is running on this port%s",
1031 snprintf (ban,
sizeof (ban),
"The Sub7 trojan is running on this port%s",
1048 snprintf (ban,
sizeof (ban),
1049 "a spamd server (part of spamassassin) is running on this port%s",
1060 snprintf (ban,
sizeof (ban),
1061 "a quicktime streaming server is running on this port%s",
1072 snprintf (ban,
sizeof (ban),
"a dameware server is running on this port%s",
1082 snprintf (ban,
sizeof (ban),
1083 "a StoneGate authentication server is running on this port%s",
1094 snprintf (ban,
sizeof (ban),
1095 "A LISTSERV daemon seems to be running on this port%s",
1107 snprintf (ban,
sizeof (ban),
1108 "A FsSniffer backdoor seems to be running on this port%s",
1120 snprintf (ban,
sizeof (ban),
1121 "A RemoteNC backdoor seems to be running on this port%s",
1134 snprintf (msg,
sizeof (msg),
1135 "The service closed the connection after %d seconds "
1136 "without sending any data\n"
1137 "It might be protected by some TCP wrapper\n",
1191 return "Http-Rpc-Epmap";
1203 return "Compaq Management Server";
1205 return "CVSpserver";
1222 const unsigned char *banner,
int trp)
1224 char tmp[1600], *norm = NULL;
1228 snprintf (tmp,
sizeof (tmp),
"unknown/banner/%d", port);
1235 snprintf (tmp,
sizeof (tmp),
1236 "An unknown service is running on this port%s.\n"
1237 "It is usually reserved for %s",
1248 post_log (
oid, desc, port,
"gnuserv is running on this port");
1255 post_log (
oid, desc, port,
"ISS RealSecure is running on this port");
1265 snprintf (ban,
sizeof (ban),
1266 "A VMWare authentication daemon is running on this port%s:\n%s",
1279 snprintf (ban,
sizeof (ban),
1280 "An interscan viruswall is running on this port%s:\n%s",
1292 snprintf (ban,
sizeof (ban),
"A PPP daemon is running on this port%s",
1303 snprintf (ban,
sizeof (ban),
"zebra/banner/%d", port);
1305 snprintf (ban,
sizeof (ban),
1306 "A zebra daemon (bgpd or zebrad) is running on this port%s",
1318 snprintf (ban,
sizeof (ban),
1319 "An IRCXPro administrative server is running on this port%s",
1331 snprintf (ban,
sizeof (ban),
1332 "A gnocatan game server is running on this port%s",
1346 snprintf (ban,
sizeof (ban),
1347 "A PowerBroker master server is running on this port%s:\n%s",
1360 snprintf (ban,
sizeof (ban),
"A dictd server is running on this port%s:\n%s",
1373 snprintf (ban,
sizeof (ban),
1374 "A Netsaint plugin (pNSClient.exe) is running on this port%s",
1386 snprintf (ban,
sizeof (ban),
"VeritasNetBackup is running on this port%s",
1399 snprintf (ban,
sizeof (ban),
1400 "A PowerBroker locald server is running on this port%s:\n%s",
1410 snprintf (ban,
sizeof (ban),
1411 "jabber daemon seems to be running on this port%s",
1424 snprintf (ban,
sizeof (ban),
1425 "An avotus 'mm' server is running on this port%s:\n%s",
1435 snprintf (str,
sizeof (str),
"socks%d", ver);
1437 snprintf (str,
sizeof (str),
"A SOCKS%d proxy is running on this port. ",
1448 snprintf (str,
sizeof (str),
"A Direct Connect Hub is running on this port%s",
1463 #define MAX_SHIFT (3 * 365 * 86400)
1464 #define DIFF_1970_1900 2208988800U
1470 #define ABS(x) (((x) < 0) ? -(x) : (x))
1472 time_t now = time (NULL);
1484 char *head =
"Ports/tcp/", *host_fqdn;
1485 u_short unknown[65535];
1486 int num_unknown = 0;
1487 size_t len_head = strlen (head);
1489 int rw_timeout = 20, cnx_timeout = 20, wrap_timeout = 20;
1500 http_get = g_strdup_printf (
"GET / HTTP/1.0\r\nHost: %s\r\n\r\n", host_fqdn);
1503 if (rw_timeout_s != NULL && (x = atoi (rw_timeout_s)) > 0)
1505 if (cnx_timeout_s != NULL && (x = atoi (cnx_timeout_s)) > 0)
1507 if (wrap_timeout_s != NULL && (x = atoi (wrap_timeout_s)) >= 0)
1510 bzero (unknown,
sizeof (unknown));
1514 if ((strlen (h->data) > len_head) && !strncmp (h->data, head, len_head))
1521 unsigned char *banner = NULL, *bannerHex = NULL;
1522 size_t banner_len, i;
1523 int port = atoi (h->data + len_head);
1525 int unindentified_service = 0;
1526 int three_digits = 0;
1527 int maybe_wrapped = 0;
1531 int diff_tv = 0, diff_tv2 = 0;
1532 int type, no_banner_grabbed = 0;
1534 #define DIFFTV1000(t1, t2) \
1535 ((t1.tv_sec - t2.tv_sec) * 1000 + (t1.tv_usec - t2.tv_usec) / 1000)
1537 bzero (buffer,
sizeof (buffer));
1539 snprintf (kb,
sizeof (kb),
"BannerHex/%d", port);
1541 if (type ==
ARG_STRING && bannerHex != NULL && bannerHex[0] !=
'\0')
1545 banner_len = strlen ((
char *) bannerHex) / 2;
1546 if (banner_len >=
sizeof (buffer))
1547 banner_len =
sizeof (buffer) - 1;
1548 for (i = 0; i < banner_len; i++)
1550 c1 = bannerHex[2 * i];
1551 if (c1 >= 0 && c1 <= 9)
1553 else if (c1 >=
'a' && c1 <=
'f')
1555 else if (c1 >=
'A' && c1 <=
'F')
1559 c2 = bannerHex[2 * i + 1];
1560 if (c2 >= 0 && c2 <= 9)
1562 else if (c2 >=
'a' && c2 <=
'f')
1564 else if (c2 >=
'A' && c2 <=
'F')
1568 buffer[i] = c1 << 4 | c2;
1572 banner = (
unsigned char *) buffer;
1575 if (banner_len == 0)
1577 snprintf (kb,
sizeof (kb),
"Banner/%d", port);
1580 banner_len = strlen ((
char *) banner);
1599 gettimeofday (&tv1, NULL);
1601 if (cnx < 0 && test_ssl)
1604 gettimeofday (&tv1, NULL);
1607 gettimeofday (&tv2, NULL);
1611 if (cnx >= 0 || banner_len > 0)
1613 int line_len, realfd = -1;
1619 snprintf (k,
sizeof (k),
"FindService/CnxTime1000/%d", port);
1621 GSIZE_TO_POINTER (diff_tv));
1622 snprintf (k,
sizeof (k),
"FindService/CnxTime/%d", port);
1625 GSIZE_TO_POINTER (((diff_tv + 500) / 1000)));
1626 if (diff_tv / 1000 > cnx_timeout)
1628 GSIZE_TO_POINTER (1));
1636 snprintf (report,
sizeof (report),
1637 "A %s server answered on this port\n",
1641 GSIZE_TO_POINTER (port));
1649 if (banner != (
unsigned char *) buffer)
1651 if (len >=
sizeof (buffer))
1652 len =
sizeof (buffer) - 1;
1653 memcpy (buffer, banner, len);
1659 snprintf (kb,
sizeof (kb),
"/tmp/NoBanner/%d", port);
1664 no_banner_grabbed = GPOINTER_TO_SIZE (p);
1666 no_banner_grabbed = atoi ((
char *) p);
1670 if (!no_banner_grabbed)
1678 FD_SET (realfd, &rfds);
1679 FD_SET (realfd, &wfds);
1681 (void) gettimeofday (&tv1, NULL);
1683 tv.tv_sec = rw_timeout;
1684 x = select (realfd + 1, &rfds, &wfds, NULL, &tv);
1695 if (FD_ISSET (realfd, &rfds))
1698 cnx, buffer, 1,
sizeof (buffer) - 2);
1701 (void) gettimeofday (&tv2, NULL);
1712 if (len <= 0 && !timeout)
1717 (void) gettimeofday (&tv1, NULL);
1719 buffer[
sizeof (buffer) - 1] =
'\0';
1721 sizeof (buffer) - 1);
1728 if (len > 0 && len < 8
1729 && strncmp (buffer,
"HTTP/1.", len) == 0)
1732 cnx, buffer + len,
sizeof (buffer) - 1 - len);
1737 (void) gettimeofday (&tv2, NULL);
1742 snprintf (k,
sizeof (k),
"FindService/RwTime1000/%d",
1745 GSIZE_TO_POINTER (diff_tv));
1746 snprintf (k,
sizeof (k),
"FindService/RwTime/%d", port);
1749 GSIZE_TO_POINTER ((diff_tv + 500) / 1000));
1750 if (diff_tv / 1000 > rw_timeout)
1752 GSIZE_TO_POINTER (1));
1759 banner = g_malloc0 (len + 1);
1760 memcpy (banner, buffer, len);
1763 for (i = 0; i < len; i++)
1764 buffer[i] = (buffer[i] ==
'\0') ?
'x' : tolower (buffer[i]);
1766 line = g_strdup (buffer);
1768 t = strchr (line,
'\n');
1771 if (isdigit (banner[0]) && isdigit (banner[1])
1772 && isdigit (banner[2])
1773 && (banner[3] ==
'\0' || isspace (banner[3])
1774 || banner[3] ==
'-'))
1781 GSIZE_TO_POINTER (port));
1792 snprintf (kb,
sizeof (kb),
"FindService/tcp/%d/get_http",
1795 snprintf (kb,
sizeof (kb),
"FindService/tcp/%d/spontaneous",
1800 char buf2[
sizeof (buffer) * 2 + 1];
1806 if (len >=
sizeof (buffer))
1807 len =
sizeof (buffer);
1809 for (y = 0; y < len; y++)
1811 snprintf (buf2 + 2 * y,
sizeof (buf2) - (2 * y),
"%02x",
1812 (
unsigned char) banner[y]);
1813 if (banner[y] ==
'\0')
1821 origline = g_strdup ((
char *) banner);
1822 t = strchr (origline,
'\n');
1825 line_len = strlen (origline);
1831 if ((!strncmp (line,
"http/1.", 7)
1832 || strstr ((
char *) banner,
1833 "<title>Not supported</title>")))
1838 && (strstr (line,
"http/1.1 400 bad request")
1840 && !(strncmp (line,
"http/1.0 403 forbidden",
1841 strlen (
"http/1.0 403 forbidden"))
1843 && strstr (buffer,
"server: adsubtract")
1851 if (((u_char) buffer[0] == 255)
1852 && (((u_char) buffer[1] == 251)
1853 || ((u_char) buffer[1] == 252)
1854 || ((u_char) buffer[1] == 253)
1855 || ((u_char) buffer[1] == 254)))
1857 else if (((u_char) buffer[0] == 0)
1858 && ((u_char) buffer[1] == 1)
1859 && ((u_char) buffer[2] == 1)
1860 && ((u_char) buffer[3] == 0))
1862 else if (strncmp (line,
"http/1.0 403 forbidden",
1863 strlen (
"http/1.0 403 forbidden"))
1865 && strstr (buffer,
"server: adsubtract") != NULL)
1869 else if (strstr ((
char *) banner,
"Eggdrop") != NULL
1870 && strstr ((
char *) banner,
"Eggheads") != NULL)
1872 else if (strncmp (line,
"$lock ", strlen (
"$lock ")) == 0)
1874 else if (len > 34 && strstr (&(buffer[34]),
"iss ecnra"))
1876 else if (len == 4 && origline[0] ==
'Q' && origline[1] == 0
1877 && origline[2] == 0 && origline[3] == 0)
1878 mark_fw1 (desc, port, origline, trp);
1879 else if (strstr (line,
"adsgone blocked html ad") != NULL)
1881 else if (strncmp (line,
"icy 200 ok", strlen (
"icy 200 ok"))
1884 else if ((!strncmp (line,
"200", 3)
1886 "running eudora internet mail server")))
1887 || (strstr (line,
"+ok applepasswordserver")
1890 else if ((strstr (line,
"smtp")
1891 || strstr (line,
"simple mail transfer")
1892 || strstr (line,
"mail server")
1893 || strstr (line,
"messaging")
1894 || strstr (line,
"Weasel"))
1895 && !strncmp (line,
"220", 3))
1897 else if (strstr (line,
"220 ***************")
1898 || strstr (line,
"220 eSafe@"))
1901 else if (strstr (line,
"220 esafealert") != NULL)
1903 else if (strncmp (line,
"220", 3) == 0
1904 && strstr (line,
"groupwise internet agent") != NULL)
1906 else if (strncmp (line,
"220", 3) == 0
1907 && strstr (line,
" SNPP ") != NULL)
1909 else if (strncmp (line,
"200", 3) == 0
1910 && strstr (line,
"mail ") != NULL)
1912 else if (strncmp (line,
"421", 3) == 0
1913 && strstr (line,
"smtp ") != NULL)
1916 else if ((line[0] !=
'\0'
1917 || (strstr (buffer,
"mysql") != NULL))
1920 "^.x{3}\n[0-9.]+ [0-9a-z]+@[0-9a-z]+ release")
1923 "^.x{3}\n[0-9.]+-(id[0-9]+-)?release"
1924 " \\([0-9a-z-]+\\)")))
1926 else if (line[0] !=
'\0'
1927 && ((strncmp (buffer + 1,
"host '", 6) == 0)
1928 || (strstr (buffer,
"mysql") != NULL
1929 || strstr (buffer,
"mariadb") != NULL)))
1931 else if (!strncmp (line,
"efatal", 6)
1932 || !strncmp (line,
"einvalid packet length",
1933 strlen (
"einvalid packet length")))
1935 else if (strstr (line,
"cvsup server ready") != NULL)
1937 else if (!strncmp (line,
"cvs [pserver aborted]:", 22)
1938 || !strncmp (line,
"cvs [server aborted]:", 21))
1940 else if (!strncmp (line,
"cvslock ", 8))
1942 else if (!strncmp (line,
"@rsyncd", 7))
1944 else if ((len == 4) &&
may_be_time ((time_t *) banner))
1946 else if (strstr (buffer,
"rmserver")
1947 || strstr (buffer,
"realserver"))
1949 else if ((strstr (line,
"ftp") || strstr (line,
"winsock")
1950 || strstr (line,
"axis network camera")
1951 || strstr (line,
"netpresenz")
1952 || strstr (line,
"serv-u")
1953 || strstr (line,
"service ready for new user"))
1954 && !strncmp (line,
"220", 3))
1956 else if (strncmp (line,
"220-", 4) == 0)
1959 else if (strstr (line,
"220") && strstr (line,
"whois+"))
1961 else if (strstr (line,
"520 command could not be executed"))
1963 else if (strstr (line,
"ssh-"))
1965 else if (!strncmp (line,
"+ok", 3)
1966 || (!strncmp (line,
"+", 1) && strstr (line,
"pop")))
1968 else if (strstr (line,
"imap4") && !strncmp (line,
"* ok", 4))
1970 else if (strstr (line,
"*ok iplanet messaging multiplexor"))
1972 else if (strstr (line,
"*ok communigate pro imap server"))
1974 else if (strstr (line,
"* ok courier-imap"))
1976 else if (strncmp (line,
"giop", 4) == 0)
1978 else if (strstr (line,
"microsoft routing server"))
1981 else if (strstr (line,
"gap service ready"))
1983 else if (strstr (line,
"-service not available"))
1989 else if (strlen (line) > 2 && line[0] == 0x7F
1991 && strncmp (&line[2],
"ica", 3) == 0)
1994 else if (strstr (origline,
" INN ")
1995 || strstr (origline,
" Leafnode ")
1996 || strstr (line,
" nntp daemon")
1997 || strstr (line,
" nnrp service ready")
1998 || strstr (line,
"posting ok")
1999 || strstr (line,
"posting allowed")
2000 || strstr (line,
"502 no permission")
2001 || (strcmp (line,
"502") == 0
2002 && strstr (line,
"diablo") != NULL))
2004 else if (strstr (buffer,
"networking/linuxconf")
2005 || strstr (buffer,
"networking/misc/linuxconf")
2006 || strstr (buffer,
"server: linuxconf"))
2008 else if (strncmp (buffer,
"gnudoit:", 8) == 0)
2010 else if ((buffer[0] ==
'0'
2011 && strstr (buffer,
"error.host\t1") != NULL)
2012 || (buffer[0] ==
'3'
2015 "That item is not currently available")))
2017 else if (strstr (buffer,
2018 "www-authenticate: basic realm=\"swat\""))
2020 else if (strstr (buffer,
"vqserver")
2022 "www-authenticate: basic realm=/"))
2024 else if (strstr (buffer,
"1invalid request") != NULL)
2026 else if (strstr (buffer,
"get: command not found"))
2028 else if (strstr (buffer,
"microsoft windows") != NULL
2029 && strstr (buffer,
"c:\\") != NULL
2030 && strstr (buffer,
"(c) copyright 1985-") != NULL
2031 && strstr (buffer,
"microsoft corp.") != NULL)
2033 else if (strstr (buffer,
"netbus"))
2035 else if (strstr (line,
"0 , 0 : error : unknown-error")
2036 || strstr (line,
"0, 0: error: unknown-error")
2037 || strstr (line,
"get : error : unknown-error")
2038 || strstr (line,
"0 , 0 : error : invalid-port"))
2040 else if (!strncmp (line,
"http/1.", 7)
2041 && strstr (line,
"proxy"))
2044 else if (!strncmp (line,
"http/1.", 7)
2045 && strstr (buffer,
"via: "))
2047 else if (!strncmp (line,
"http/1.", 7)
2048 && strstr (buffer,
"proxy-connection: "))
2050 else if (!strncmp (line,
"http/1.", 7)
2051 && strstr (buffer,
"cache")
2052 && strstr (line,
"bad request"))
2054 else if (!strncmp (origline,
"RFB 00", 6)
2055 && strstr (line,
".00"))
2057 else if (!strncmp (line,
"ncacn_http/1.", 13))
2059 else if (line_len >= 14 &&
2062 strncmp (origline,
http_get, line_len) == 0)
2064 else if (strstr ((
char *) banner,
"!\"#$%&'()*+,-./")
2065 && strstr ((
char *) banner,
"ABCDEFGHIJ")
2066 && strstr ((
char *) banner,
"abcdefghij")
2067 && strstr ((
char *) banner,
"0123456789"))
2069 else if (strstr (line,
"vtun server"))
2071 else if (strcmp (line,
"login: password: ") == 0)
2073 else if (strcmp (line,
"bad request") == 0
2077 "invalid protocol request (71): gget / http/1.0")
2078 || (strncmp (line,
"lpd:", 4) == 0)
2079 || (strstr (line,
"lpsched") != NULL)
2080 || (strstr (line,
"malformed from address") != NULL)
2081 || (strstr (line,
"no connect permissions") != NULL)
2083 strcmp (line,
"bad request") == 0)
2085 else if (strstr (line,
"%%lyskom unsupported protocol"))
2087 else if (strstr (line,
"598:get:command not recognized"))
2089 else if (strstr (line,
"BitTorrent prot"))
2091 else if (banner[0] ==
'A' && banner[1] == 0x01
2092 && banner[2] == 0x02 && banner[3] ==
'\0')
2094 else if (!strncmp (line,
"0 succeeded\n",
2095 strlen (
"0 succeeded\n")))
2097 else if (strlen ((
char *) banner) == 3 && banner[2] ==
'\n')
2099 else if ((!strncmp (line,
"220", 3)
2100 && strstr (line,
"poppassd")))
2102 else if (strstr (line,
"welcome!psybnc@") != NULL)
2104 else if (strncmp (line,
"* acap ", strlen (
"* acap ")) == 0)
2106 else if (strstr (origline,
"Sorry, you (") != NULL
2107 && strstr (origline,
2108 "are not among the allowed hosts...\n")
2111 else if (strstr (line,
"[ts].error") != NULL
2112 || strstr (line,
"[ts].\n") != NULL)
2114 else if (strstr (origline,
"Language received from client:")
2115 && strstr (origline,
"Setlocale:"))
2117 else if (strncmp (origline,
"CNFGAPI", 7) == 0)
2119 else if (strstr (line,
"suse meta pppd") != NULL)
2121 else if (strncmp (origline,
"ERR UNKNOWN-COMMAND",
2122 strlen (
"ERR UNKNOWN-COMMAND"))
2125 else if (strncmp (line,
"connected. ", strlen (
"connected. "))
2127 && strstr (line,
"legends") != NULL)
2129 else if (strncmp (line,
"spamd/", strlen (
"spamd/")) == 0)
2131 else if (strstr (line,
" dictd ")
2132 && strncmp (line,
"220", 3) == 0)
2134 else if (strncmp (line,
"220 ", 4) == 0
2135 && strstr (line,
"vmware authentication daemon")
2138 else if (strncmp (line,
"220 ", 4) == 0
2139 && strstr (line,
"interscan version") != NULL)
2141 else if ((strlen ((
char *) banner) > 1) && (banner[0] ==
'~')
2142 && (banner[strlen ((
char *) banner) - 1] ==
'~')
2143 && (strchr ((
char *) banner,
'}') != NULL))
2145 else if (strstr ((
char *) banner,
"Hello, this is zebra ")
2148 else if (strstr (line,
"ircxpro ") != NULL)
2150 else if (strncmp (origline,
"version report",
2151 strlen (
"version report"))
2154 else if (strncmp (origline,
"RTSP/1.0", strlen (
"RTSP/1.0"))
2155 && strstr (origline,
"QTSS/") != NULL)
2157 else if (strlen (origline) >= 2 && origline[0] == 0x30
2158 && origline[1] == 0x11 && origline[2] == 0)
2160 else if (strstr (line,
"stonegate firewall") != NULL)
2162 else if (strncmp (line,
"pbmasterd", strlen (
"pbmasterd"))
2165 else if (strncmp (line,
"pblocald", strlen (
"pblocald")) == 0)
2168 line,
"<stream:error>invalid xml</stream:error>",
2170 "<stream:error>invalid xml</stream:error>"))
2173 else if (strncmp (line,
"/c -2 get ctgetoptions",
2174 strlen (
"/c -2 get ctgetoptions"))
2177 else if (strncmp (line,
"error:wrong password",
2178 strlen (
"error:wrong password"))
2181 else if (strncmp (line,
"1000 2", strlen (
"1000 2"))
2184 else if (strstr (line,
2185 "the file name you specified is invalid")
2186 && strstr (line,
"listserv"))
2188 else if (strncmp (line,
"control password:",
2189 strlen (
"control password:"))
2192 else if (strncmp (line,
"remotenc control password:",
2193 strlen (
"remotenc control password:"))
2196 else if (((p = (
unsigned char *) strstr (
2197 (
char *) banner,
"finger: GET: no such user"))
2199 && strstr ((
char *) banner,
2200 "finger: /: no such user")
2202 && strstr ((
char *) banner,
2203 "finger: HTTP/1.0: no such user")
2209 while (p - banner > 0 && isspace (*p))
2219 else if (banner[0] == 5 && banner[1] <= 8 && banner[2] == 0
2222 else if (banner[0] == 0 && banner[1] >= 90 && banner[1] <= 93)
2225 unindentified_service = !flg;
2232 unindentified_service = 1;
2233 #define TESTSTRING "OpenVAS Wrap Test"
2244 if (port == 513 || port == 514 )
2251 int nfd, fd, x, flag = 0;
2262 tv.tv_sec = wrap_timeout;
2265 signal (SIGALRM, SIG_IGN);
2267 (void) gettimeofday (&tv1, NULL);
2268 x = select (fd + 1, &rfds, NULL, NULL, &tv);
2269 (void) gettimeofday (&tv2, NULL);
2280 x = recv (fd, &b, 1, MSG_DONTWAIT);
2281 if (x == 0 || (x < 0 && errno == EPIPE))
2298 if (send (fd,
"Z", 1, MSG_DONTWAIT) < 0)
2308 if (diff_tv2 <= 2 * diff_tv + 1)
2311 unindentified_service = 0;
2317 if (unindentified_service && port != 139 && port != 135
2324 unknown[num_unknown++] = port;
2342 #define MAX_SONS 128
2355 kill (
sons[i], SIGTERM);
2368 waitpid (
sons[i], NULL, WNOHANG);
2380 struct kb_item *kbitem, *kbitem_tmp;
2395 if (key && key[0] !=
'\0')
2400 if (cert && cert[0] !=
'\0')
2405 if (cafile && cafile[0] !=
'\0')
2410 if (test_ssl_s != NULL)
2412 if (strcmp (test_ssl_s,
"None") == 0)
2415 g_free (test_ssl_s);
2425 if (pempass != NULL)
2433 if (num_sons_s != NULL)
2434 num_sons = atoi (num_sons_s);
2435 g_free (num_sons_s);
2443 for (i = 0; i < num_sons; i++)
2446 sons_args[i] = NULL;
2452 kbitem = kb_item_get_pattern (kb,
"Ports/tcp/*");
2455 kbitem_tmp = kbitem;
2456 while (kbitem_tmp != NULL)
2459 kbitem_tmp = kbitem_tmp->next;
2462 port_per_son = num_ports / num_sons;
2467 kbitem_tmp = kbitem;
2469 for (i = 0; i < num_sons; i = i + 1)
2473 if (kbitem_tmp != NULL)
2475 for (j = 0; j < port_per_son && kbitem_tmp != NULL;)
2478 g_slist_prepend (sons_args[i], g_strdup (kbitem_tmp->name));
2480 kbitem_tmp = kbitem_tmp->next;
2487 for (i = 0; (i < num_ports % num_sons) && kbitem_tmp != NULL;)
2490 g_slist_prepend (sons_args[i], g_strdup (kbitem_tmp->name));
2492 kbitem_tmp = kbitem_tmp->next;
2495 kb_item_free (kbitem);
2497 for (i = 0; i < num_sons; i++)
2498 if (sons_args[i] == NULL)
2503 for (i = 0; i < num_sons; i++)
2506 if (sons_args[i] != NULL)
2513 signal (SIGTERM, _exit);
2522 g_slist_free_full (sons_args[i], g_free);
2530 for (i = 0; i < num_sons; i++)
2534 while (waitpid (
sons[i], NULL, WNOHANG) && errno == EINTR)
2537 if (kill (
sons[i], 0) >= 0)
#define WRAP_TIMEOUT_PREF
static void mark_chargen_server(struct script_infos *desc, int port)
static void mark_time_server(struct script_infos *desc, int port, int trp)
void mark_echo_server(struct script_infos *desc, int port)
void mark_ftp_server(struct script_infos *desc, int port, char *buffer, int trp)
void mark_cvsupserver(struct script_infos *desc, int port)
static void mark_lpd_server(struct script_infos *desc, int port, int trp)
static void mark_nagiosd_server(struct script_infos *desc, int port, int trp)
static void mark_iss_realsecure(struct script_infos *desc, int port)
void plug_replace_key(struct script_infos *args, char *name, int type, void *value)
static void mark_finger_server(struct script_infos *desc, int port, int trp)
void post_alarm(const char *oid, struct script_infos *desc, int port, const char *action)
void * plug_get_key(struct script_infos *args, char *name, int *type, size_t *len, int single)
Get values from a kb under the given key name.
static int may_be_time(time_t *rtime)
static void mark_ircxpro_admin_server(struct script_infos *desc, int port, int trp)
kb_t plug_get_kb(struct script_infos *args)
static pid_t sons[MAX_SONS]
static void mark_mon_server(struct script_infos *desc, int port, char *buffer, int trp)
int open_stream_connection(struct script_infos *args, unsigned int port, int transport, int timeout)
void mark_http_server(struct script_infos *desc, int port, unsigned char *buffer, int trp)
static void mark_dameware_server(struct script_infos *desc, int port, int trp)
char * plug_get_host_fqdn(struct script_infos *args)
void mark_mldonkey(struct script_infos *desc, int port)
static void mark_fw1(struct script_infos *desc, int port, char *buffer, int trp)
void mark_swat_server(struct script_infos *desc, int port)
void plug_set_ssl_key(struct script_infos *args, char *key)
void mark_netbus_server(struct script_infos *desc, int port)
void mark_remote_nc_server(struct script_infos *desc, int port, int trp)
static void mark_lyskom_server(struct script_infos *desc, int port, int trp)
int openvas_get_socket_from_connection(int fd)
void mark_cvspserver(struct script_infos *desc, int port)
static int plugin_do_run(struct script_infos *desc, GSList *h, int test_ssl)
struct timeval timeval(unsigned long val)
static void mark_gnocatan_server(struct script_infos *desc, int port, int trp)
static void mark_pop3pw_server(struct script_infos *desc, int port, char *buffer, int trp)
const char * get_encaps_name(openvas_encaps_t code)
void plug_set_ssl_CA_file(struct script_infos *args, char *key)
static void mark_teamspeak2_server(struct script_infos *desc, int port, int trp)
static void mark_adsgone(struct script_infos *desc, int port, char *buffer, int trp)
void post_log(const char *oid, struct script_infos *desc, int port, const char *action)
Post a log message about a tcp port.
static void mark_vtun_server(struct script_infos *desc, int port, unsigned char *banner, int trp)
static void mark_LISa_server(struct script_infos *desc, int port, int trp)
static void mark_giop_server(struct script_infos *desc, int port, int trp)
static void mark_ppp_daemon(struct script_infos *desc, int port, int trp)
@ OPENVAS_ENCAPS_TLScustom
static void mark_acap_server(struct script_infos *desc, int port, char *buffer, int trp)
static void mark_smppd_server(struct script_infos *desc, int port, int trp)
void mark_pop_server(struct script_infos *desc, int port, char *buffer)
static void mark_ens_server(struct script_infos *desc, int port, int trp)
static void mark_jabber_server(struct script_infos *desc, int port, int trp)
void plug_set_port_transport(struct script_infos *args, int port, int tr)
static void mark_zebra_server(struct script_infos *desc, int port, char *buffer, int trp)
void mark_postgresql(struct script_infos *desc, int port)
void mark_telnet_server(struct script_infos *desc, int port, int trp)
static const char * port_to_name(int port)
void mark_rsync(struct script_infos *desc, int port)
int read_stream_connection(int fd, void *buf0, int len)
static void mark_quicktime_streaming_server(struct script_infos *desc, int port, int trp)
void mark_vnc_server(struct script_infos *desc, int port, char *buffer)
static void mark_citrix_server(struct script_infos *desc, int port, int trp)
char * get_plugin_preference(const char *oid, const char *name, int pref_id)
Get the a plugins preference.
static void mark_interscan_viruswall(struct script_infos *desc, int port, char *buffer, int trp)
void mark_mysql(struct script_infos *desc, int port)
int read_stream_connection_min(int fd, void *buf0, int min_len, int max_len)
static void mark_whois_plus2_server(struct script_infos *desc, int port, char *buffer, int trp)
void mark_gnome14_server(struct script_infos *desc, int port, int trp)
void mark_smtp_server(struct script_infos *desc, int port, char *buffer, int trp)
static void mark_pbmaster_server(struct script_infos *desc, int port, char *buffer, int trp)
const char * get_encaps_through(openvas_encaps_t code)
struct script_infos * script_infos
static void mark_wrapped_svc(struct script_infos *desc, int port, int delta)
void mark_sphinxql(struct script_infos *desc, int port)
static void mark_veritas_backup(struct script_infos *desc, int port, int trp)
static void register_service(struct script_infos *desc, int port, const char *proto)
static void mark_BitTorrent_server(struct script_infos *desc, int port, int trp)
void mark_listserv_server(struct script_infos *desc, int port, int trp)
static void mark_websm_server(struct script_infos *desc, int port, int trp)
static void mark_shoutcast_server(struct script_infos *desc, int port, char *buffer, int trp)
tree_cell * plugin_run_find_service(lex_ctxt *lexic)
static void mark_vmware_auth(struct script_infos *desc, int port, char *buffer, int trp)
static void mark_gnuserv(struct script_infos *desc, int port)
void mark_eggdrop_server(struct script_infos *desc, int port, int trp)
static void mark_ph_server(struct script_infos *desc, int port, int trp)
const char * get_plugin_preference_fname(struct script_infos *desc, const char *filename)
Get the file name of a plugins preference that is of type "file".
void mark_cvslockserver(struct script_infos *desc, int port)
void mark_auth_server(struct script_infos *desc, int port)
static void sigterm(int s)
void mark_snpp_server(struct script_infos *desc, int port, char *buffer, int trp)
static void mark_smux_server(struct script_infos *desc, int port, int trp)
void mark_fssniffer(struct script_infos *desc, int port, int trp)
static void mark_direct_connect_hub(struct script_infos *desc, int port, int trp)
#define DIFFTV1000(t1, t2)
static void mark_uucp_server(struct script_infos *desc, int port, unsigned char *banner, int trp)
void mark_wild_shell(struct script_infos *desc, int port)
void mark_nntp_server(struct script_infos *desc, int port, char *buffer, int trp)
static void mark_unknown_svc(struct script_infos *desc, int port, const unsigned char *banner, int trp)
void plug_set_ssl_cert(struct script_infos *args, char *cert)
tree_cell * http_get(lex_ctxt *lexic)
static void mark_stonegate_auth_server(struct script_infos *desc, int port, int trp)
void plug_set_ssl_pem_password(struct script_infos *args, char *key)
static int regex_match(char *string, char *pattern)
Compares string with the regular expression. Null characters in buffer are replaced by 'x'.
static void mark_sub7_server(struct script_infos *desc, int port, int trp)
void plug_set_key(struct script_infos *args, char *name, int type, const void *value)
int write_stream_connection(int fd, void *buf0, int n)
void mark_ssh_server(struct script_infos *desc, int port, char *buffer)
void mark_locked_adsubtract_server(struct script_infos *desc, int port, unsigned char *buffer, int trp)
int close_stream_connection(int fd)
static void sigchld(int s)
void mark_http_proxy(struct script_infos *desc, int port, int trp)
static void mark_upsmon_server(struct script_infos *desc, int port, int trp)
void mark_ncacn_http_server(struct script_infos *desc, int port, char *buffer)
static void mark_tcpmux_server(struct script_infos *desc, int port, int trp)
static void mark_socks_proxy(struct script_infos *desc, int port, int ver)
static void mark_msdtc_server(struct script_infos *desc, int port)
static void mark_avotus_mm_server(struct script_infos *desc, int port, char *buffer, int trp)
static void mark_gopher_server(struct script_infos *desc, int port)
static void mark_ofa_express_server(struct script_infos *desc, int port, int trp)
static void mark_pblocald_server(struct script_infos *desc, int port, char *buffer, int trp)
static void mark_dictd_server(struct script_infos *desc, int port, char *buffer, int trp)
void mark_vqserver(struct script_infos *desc, int port)
void mark_imap_server(struct script_infos *desc, int port, char *buffer, int trp)
void mark_rmserver(struct script_infos *desc, int port, char *buffer, int trp)
static void mark_psybnc(struct script_infos *desc, int port, char *buffer, int trp)
void mark_linuxconf(struct script_infos *desc, int port, unsigned char *buffer)
static void mark_exchg_routing_server(struct script_infos *desc, int port, char *buffer, int trp)
static void mark_pnsclient(struct script_infos *desc, int port, int trp)
static void mark_spamd_server(struct script_infos *desc, int port, int trp)
int stream_set_timeout(int fd, int timeout)