Kost,
On Sun, Oct 18, 2009 at 5:42 PM, Vlatko Kosturjak <k...@linux.hr> wrote:
>> You're welcome. As we talk about OpenVAS, maybe it's good time and
>> place to ask about it. My plan is to write OpenVAS NVT (NASL) script
>> which would run w3af automatically if http(s) port(s) is found
>> (similar to nikto NASL plugin). I think this mailing list is best
>> place (and you Andres) to ask what is the best command line for w3af
>> for automatic vulnerability discovery? i.e. so NASL can launch w3af
>> and parse the results and report it through standard OpenVAS
>> reporting mechanism. Any help would be appreciated.
>> Great Idea!
>
> Here's the experimental NVT on OpenVAS SVN trunk:
> http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/remote-web-w3af.nasl?root=openvas&view=log
>
> Also, it seems that output console cannot be used as w3af (using termios) is
> spitting lot of errors when using NASL pread:
> [ Sun Oct 18 22:39:43 2009 - console ] termios error: (25, 'Inappropriate
> ioctl for device')
> [ Sun Oct 18 22:39:43 2009 - console ]
> [ Sun Oct 18 22:39:43 2009 - console ] termios error: (25, 'Inappropriate
> ioctl for device')
>
> So, I'm using textFile...
Yes, I don't think that termios is going to allow you to do that. You
better use an output file.
> Let me know if you have any comments!
Comments:
- In a section of the code it reads: "See the preferences section for
w3af options.", what are those options? How could I read them?
- "script_require_ports("Services/www", 80);", actually, w3af can
launch a scan on any port that has an HTTP daemon. I don't really know
if this situation is covered by these other lines or not:
"""
port = get_kb_item("Services/www");
if (! port) port = 80;
if (! get_port_state(port)) exit(0);
encaps = get_port_transport(port);
if (encaps > 1) httprefix="https://";;
else httprefix="http://";;
httpver = get_kb_item("http/"+port);
if (httpver == "11") {
httparg=get_host_name();
} else {
httparg=get_host_ip();
}
"""
- Even with the modifications I've been working on, w3af tends to be
time consuming. Maybe users want to be able to set for how much time
w3af is going to run inside openvas? Could this be done here "r =
pread(cmd: cmdw3af, argv: argv, cd: 1);
if (! r) exit(0);" ?
I think that adding w3af to openvas is a good idea, it will give you
guys some advantages over nessus, and on the other side, w3af will be
more widespread. The only problem I see is that openvas users could be
inclined to think that running w3af inside openvas is "100% accurate",
which is not, because openvas will only be able to show some of w3af's
settings, features, etc.
Cheers,
> Kost
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
