On Tue, 4 Mar 2003, Crow, Owen wrote: ->Output from the banner grabber: -> ->Remote SMTP server banner : ->220- hostname.com.com Sendmail 950413.SGI.8.6.12/950213.SGI.AUTOCF ready at ->Tue, 4 Mar 2003 12:54:30 -0600 -> ->220 ESMTP spoken here -> ->Running test manually: -># /opt/nessus/bin/nasl -t hostname -s sendmail_header.nasl ->[25225] plug_set_key:send(0)['1 smtp/banner/25=220- hostname.com.com ->Sendmail 950413.SGI.8.6.12/950213.SGI.AUTOCF ready at Tue, 4 Mar 2003 ->13:05:20 -0600\r\n220 ESMTP spoken here\r\n; ->'](0 out of 153): Socket operation on non-socket ->[25225](sendmail_header.nasl) ereg() : regcomp() failed -> ->I'll leave the regex tweaking to the experts, but shouldn't that version be ->vulnerable? Maybe it's confused because there's an extra "\r\n" in there? -> ->Also, the default read timeout of 5 seconds missed several systems so I ->up-ed it to 15 and it seems to catch the rest. I think that was the old ->default. -> ->Versions: ->Nessus 2.0.1, plugins updated just now (~13:00 CST). ->
Am I supposed to be able to run a single plugin from the command line against a host? xxx /usr/local/bin $ ./nasl -t mail6 -s /tmp/sendmail_header.nasl ./nasl: invalid option -- s ** WARNING : packet forgery will not work ** as NASL is not running as root /tmp/sendmail_header.nasl : Warning : evaluating unknown variable - description [25962] plug_set_key:send(0): Socket operation on non-socket Success xxx /usr/local/bin $ Is there any way to make the plugin print out the alerts, in case it sees the host is vulnerable? Would be practical to be able to run just a single plugin. What does the "Success" mean at the end of this? Why does sendmail_header.nasl complain that description is an unknown variable? Thanks, Jukka
