script categories and safe

Discussion:

script categories and safe_checks

Rene Behring

2014-07-24 11:21:47 UTC

Hey,

Where can i find all script categories and which are executed when safe_checks are enabled, which not?
And maybe you can give me a shot introduction.

i only found:
ACT_SCANNER
ACT_GATHER_INFO
ACT_ATTACK
ACT_MIXED_ATTACK
ACT_DENAIL
ACT_KILL_HOST
ACT_FLOOD
ACT_SETTINGS
ACT_END

Thanks,
Rene

Rene Behring

2014-08-02 18:30:14 UTC

Permalink

Hey,
i thought, when safe_checks are enabled, all nvts are executed expect ACT_DENIAL, ACT_KILL_HOST, ACT_DESTRUCTIVE_ATTACK and ACT_FLOOD.
And in the category ACT_MIXED_ATTACK its only looking for banners when safe_checks are enabled and its attacking when not.

but in some nvts is a „if(safe_checks())“, even in some ACT_GATHER_INFO.
so which exactly are executed and which not?

Thanks,
Rene

Post by Rene Behring
Hey,
Where can i find all script categories and which are executed when safe_checks are enabled, which not?
And maybe you can give me a shot introduction.
ACT_SCANNER
ACT_GATHER_INFO
ACT_ATTACK
ACT_MIXED_ATTACK
ACT_DENAIL
ACT_KILL_HOST
ACT_FLOOD
ACT_SETTINGS
ACT_END
Thanks,
Rene

Jan-Oliver Wagner

2014-08-03 16:57:49 UTC

Permalink

Post by Rene Behring
Hey,
i thought, when safe_checks are enabled, all nvts are executed expect
ACT_DENIAL, ACT_KILL_HOST, ACT_DESTRUCTIVE_ATTACK and ACT_FLOOD. And in
the category ACT_MIXED_ATTACK its only looking for banners when
safe_checks are enabled and its attacking when not.
but in some nvts is a „if(safe_checks())“, even in some ACT_GATHER_INFO.
so which exactly are executed and which not?

well, if safe checks are enabled, those are not executed:

ACT_DESTRUCTIVE_ATTACK, ACT_KILL_HOST, ACT_FLOOD and ACT_DENIAL
and all NVTs that use the conditional. In some NVTs that might be only parts of
the NVT not the full NVT.

--
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner

Rene Behring

2014-08-04 15:06:21 UTC

Permalink

Okay, i have written a script to look if there is a "safe_checks()“ in a NVT an which category it is.
the first numbers are the scripts with safe_checks, the second the total number of NVTs.
ACT_SETTINGS=1/17
ACT_GATHER_INFO=21/33070
ACT_FLOOD=0/4
ACT_KILL_HOST=1/17
ACT_DENIAL=44/290
ACT_ATTACK=59/1861
ACT_INIT=83/176
ACT_SCANNER=4/15
ACT_DESTRUCTIVE_ATTACK=3/46
ACT_MIXED_ATTACK=101/114
ACT_END=2/18

so, if ACT_DESTRUCTIVE_ATTACK, ACT_KILL_HOST and ACT_DENIAL are not executed, why are there safe_checks?
if they are executed and test with if(safe_checks()) if they should run or not, why is not in every dangerous NVT a safe_checks?

i was also looking into the nessus network auditing pdf, but i haven’t found a satisfying answer…

Thanks,
Rene

Post by Jan-Oliver Wagner

ACT_DESTRUCTIVE_ATTACK, ACT_KILL_HOST, ACT_FLOOD and ACT_DENIAL
and all NVTs that use the conditional. In some NVTs that might be only parts of
the NVT not the full NVT.
--
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Jan-Oliver Wagner

2014-08-15 07:04:17 UTC

Permalink

Post by Rene Behring
so, if ACT_DESTRUCTIVE_ATTACK, ACT_KILL_HOST and ACT_DENIAL are not executed, why are there safe_checks?
if they are executed and test with if(safe_checks()) if they should run or not, why is not in every dangerous NVT a safe_checks?

safe_checks() helps to have unsafe parts within a else safe check.

Indeed it seems redundant to use safe_checks() in one of the unsafe categories.

--
Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner