Vulners
Lucene search
Frictionless Assessment Asset Inventory
#TRUSTED 0700f4170772e53a49dc2dee808b1827231016831f5b3bb995edf255e54a1d6834482467ba290967f956d1e825b954b0a25ab70c699855ab652cfdb0018c71c15a67754519129c09aadad1f66b8b4d5a361bfafae83570f7076b04467fde484797159541d20e940faa384c1789f1dcaaf21fba6c8d6125d0e017a4c9f0d513741122ba253f4dbbd9dc6380d4b6bcc7dc2cd2fb2305ecf2cdc32b091f3f4c475ace2108360e022f7c8c59201118d7e731b8978ae0e19ddeec124060eeddbbc052e6802e7646d0087129a40e768e088d579df919866188bbee8ec3bfb2781496f5a9c819f312298fb230aa6edee4126639ca589d3baf6be4cf4d756973d7e9d409737246e47998d87ae7931ee867627e162b0580f4fada865d0b5d9736e2755d7651a8771a50462d05e0b280b06a6b29ec6e42286998ab6b3dd1144ff3b79e0e81505c63ca9eef57bf54fe8d1354031de288815a4fb4f2a55c068e52241ff7aafa6ce1d2cf60061904dc84356b7e7b8d0bf9af9ef0f4a581f4dbe5661baaa5668d4cffc13636d5902147f77c2cc3cb64bf8d8500675b239ac7660b4589e78f9d24adb86d5a2411cfdcfbc4e5887b23f74b17242b8a88d1cd7cd1c821a3deba65001fd3f8cc0f9fbb47fe05e986b47569f5cd6c16e96ac9ef9457c66e81442964235196c4471b3ac351cf753642160de21553d269e0521365245351a096a302e527
#TRUST-RSA-SHA256 a87c9e975b0c73cbff30b36904642891a3451171dfd8708d4e9608ab5e84de6a827a121d7f0b8d16e1e9cc8bdf33b74da713194ca18baf02475a3da614fe2e12f756a1c5c94795a176cdfac774ff794c872c5a277eb2f0b3808c0d41298c459bdae8bb54146dba137989ae9cd3fb942c8fbfc4d68c6f6a2bd8b405bb8c09e34e30490336a5ae24fb5a5dad2556362c224354fdad78e7a16ccacbdc29effa44c194c9d13e904f192217674d96d17154f72edea6e03cdcf028c9e60a46da2e32467c7d8e0ee4651b43b38628d1a22082d8eff02dc18eabb77130888db37ebae78b2877573fc254a3df36944f98888a0e9477eeb849ee169457f81088ab2c4e5f63aa8fd76006ddf8353c47a9ddecaf8ff656f3b56a8175b67eb9c7ede898f29538b76c07fd881205badc5169afaaa51efd720ac306a772539ed93a6c3aa4d23531814dd771d14807c0a70f16ac0fc88b171f4bf1b1f6f3132d10c8c5f6cc87afad141f6c4693621b7821b73089ddf9c8c1480535d6d9d7cc2b92077c22f8cd9614d87c00f2b58f3487568f58ef26e8b61c81555f3c4f60eb6b99b33806bbc26e2b653d9b66b5bb706244b096ae3f546dfd28b945176caafa4ca4e3ee16a47b082c73d296501da0d38ad27097506f2d78778788959044a39f394347a32574cb8948a4afd9722565108a34433531f6b4a9f219448a61142ed3c25696257a5fd29c74
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(150427);
script_version("1.42");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/13");
script_name(english:"Frictionless Assessment Asset Inventory");
script_set_attribute(attribute:"synopsis", value:
"Nessus collected information about the network interfaces, installed software, users, and user groups on the target
host.");
script_set_attribute(attribute:"description", value:
"Nessus collected information about the target host to create an inventory for Frictionless Assessment");
script_set_attribute(attribute:"solution", value:"n/a");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/09");
script_set_attribute(attribute:"plugin_type", value:"summary");
script_set_attribute(attribute:"agent", value:"unix");
script_set_attribute(attribute:"always_run", value:TRUE);
script_set_attribute(attribute:"asset_inventory", value:"True");
script_end_attributes();
script_category(ACT_END);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2021-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ifconfig_inet4.nasl", "ifconfig_inet6.nasl", "ifconfig_mac.nasl", "linux_alt_patch_detect.nasl", "redhat_repos.nasl");
script_require_keys("Host/hostname", "Host/cpu");
script_exclude_keys("Host/dead");
exit(0);
}
include('kpatch.inc');
include('ksplice.inc');
include('spad_log_func.inc');
include('nessusd_product_info.inc');
include('inventory_agent.inc');
include('package_manager_utils.inc');
##
# Generate normalized inventory kernel_patches based on kpatch/ksplice detections.
#
# @return kernel_patches item
##
function get_live_kernel_cves()
{
var kernel_cves = make_array('type', 'kernel_patches');
kernel_cves['properties'] = make_array('name', 'cves');
kernel_cves['properties']['cves'] = [];
var live_patch_type = 'kpatch';
spad_log(message: 'Looking for kpatch CVEs.\n');
var cves = kpatch_load_cve_list();
if (isnull(cves))
{
spad_log(message: 'No kpatch CVEs found.\n');
spad_log(message: 'Looking for ksplice CVEs.\n');
live_patch_type = 'ksplice';
cves = ksplice_load_cve_list();
if (isnull(cves))
{
spad_log(message:'No ksplice CVEs found.\n');
return kernel_cves;
}
}
foreach var cve (keys(cves))
{
# Filter out kpatch/ksplice placeholder CVE of NONE and check the CVE is marked as applied.
if (cve != "NONE" && cves[cve])
{
append_element(var:kernel_cves['properties']['cves'], value:cve);
}
}
if (max_index(kernel_cves['properties']['cves']) > 0)
{
spad_log(message: 'Found ' + live_patch_type + ' CVEs.\n');
return kernel_cves;
}
spad_log(message: 'No ' + live_patch_type + ' CVEs applied.\n');
return kernel_cves;
}
##
# Get uptrack-uname -r output.
#
# @return uptrack-uname -r output or NULL if not found.
##
function get_uptrack_kernel_release()
{
return get_kb_item("Host/uptrack-uname-r");
}
##
# Generate normalized inventory dnf_modules list from KB data.
#
# @return array respresenting normalized inventory dnf_modules.
##
function get_dnf_modules()
{
var items = [];
var dnf_modules = get_kb_list("Host/RedHat/modules/*");
foreach var module (dnf_modules)
{
var item = make_array("type", "dnf_module");
item["properties"] = make_array();
foreach var line (split(module, sep:'\n'))
{
var matches = pregmatch(pattern: '^(.*)=(.*)$', string:line);
if (!empty_or_null(matches))
{
if (!empty_or_null(matches[1]))
{
item["properties"][matches[1]] = default_if_empty_or_null(matches[2], default:'');
}
}
}
if (len(keys(item["properties"])) > 0)
{
append_element(var:items, value:item);
}
}
return items;
}
##
# Generate normalized inventory pkg_repository items list from KB data.
#
# @return array respresenting normalized inventory pkg_repository items.
##
function get_package_repositories()
{
var pkg_repo_items = [];
var pkg_repo;
var valid_repos_kb = get_kb_item('Host/RedHat/valid-repos');
if (!empty_or_null(valid_repos_kb))
{
var valid_repos = deserialize(valid_repos_kb);
foreach var repo(valid_repos)
{
pkg_repo = make_array("type", "pkg_repository");
pkg_repo["properties"] = make_array("repo_label", repo);
append_element(var:pkg_repo_items, value:pkg_repo);
}
}
var valid_repo_urls_kb = get_kb_item('Host/RedHat/valid-repo-relative-urls');
if (!empty_or_null(valid_repo_urls_kb))
{
var valid_repo_urls = deserialize(valid_repo_urls_kb);
foreach var url (valid_repo_urls)
{
pkg_repo = make_array('type', 'pkg_repository');
pkg_repo['properties'] = make_array('repo_relative_url', url);
append_element(var:pkg_repo_items, value:pkg_repo);
}
}
if (max_index(pkg_repo_items) > 0)
{
spad_log(message:'Found package repositories.\n');
}
else
{
spad_log(message:'No offical package repositories found. List of officially supported repos in rhel_repos.inc.\n');
}
return pkg_repo_items;
}
if (get_kb_item('Host/dead') == TRUE) exit(0, 'Host is offline.');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var system_hostname = get_kb_item_or_exit('Host/hostname');
var system_arch = get_kb_item_or_exit('Host/cpu');
var system_uname = get_kb_item_or_exit('Host/uname');
var system_kernel_release = get_kb_item_or_exit('Host/uname-r');
global_var DEBUG = get_kb_item("global_settings/enable_plugin_debugging");
global_var CLI = isnull(get_preference("plugins_folder")); #Used to determine if we are running from CLI
global_var STORE_INVENTORY_TO_DISK = get_preference("store_inventory_to_disk"); #Used for internal gathering of inventory
# Skip the inventory agent check if running from CLI or store_inventory_to_disk is set
if (!CLI && isnull(STORE_INVENTORY_TO_DISK) && !nessusd_is_offline_scanner())
{
inventory_agent::inventory_agent_or_exit();
}
# Required to store normalized inventory for the FA pipeline
if (!defined_func('report_tag_internal'))
audit(AUDIT_FN_UNDEF, 'report_tag_internal');
# Check if distro is supported
spad_log(message:'Checking if distribution is supported.\n');
var supported_distros = ['Host/CentOS/release',
'Host/Ubuntu/release',
'Host/RedHat/release',
'Host/Debian/release',
'Host/AmazonLinux/release',
'Host/SuSE/release',
'Host/AlmaLinux/release',
'Host/RockyLinux/release',
'Host/MiracleLinux/release',
'Host/TencentOS/release'];
var release = NULL;
var distro = NULL;
var name = NULL;
var matches;
foreach var supported_distro (supported_distros)
{
release = get_kb_item(supported_distro);
if (!isnull(release))
{
matches = pregmatch(pattern: '^Host/(.+?)/release$', string:supported_distro);
if (!empty_or_null(matches))
{
name = matches[1];
distro = tolower(name);
if (distro == 'redhat')
{
# Oracle stores it's release data in Host/RedHat/release but can be detected with the following KB item.
if (get_kb_item('Host/OracleLinux'))
{
name = "Oracle";
distro = "oracle";
}
# Fedora stores it's release data in Host/RedHat/release but can be detected by looking for Fedora in the release string.
else if ('fedora' >< tolower(release))
{
name = 'Fedora';
distro = 'fedora';
}
}
# Re-write distro for Amazon Linux to match what is expected by TVDL checks
else if (distro == 'amazonlinux')
{
distro = 'amazon';
}
# Re-write distro for Alma Linux to match what is expected by TVDL checks
else if (distro == 'almalinux')
{
distro = 'alma';
}
# Re-write distro for Rocky Linux to match what is expected by TVDL checks
else if (distro == 'rockylinux')
{
distro = 'rocky';
}
# Re-write distro for Miracle Linux to match what is expected by TVDL checks
else if (distro == 'miraclelinux')
{
distro = 'miracle';
}
break;
}
}
}
if(isnull(release) || isnull(distro) || isnull(name))
{
audit(AUDIT_OS_NOT, 'supported');
}
spad_log(message: 'Distro : ' + distro + '\nName : ' + name + '\nRelease : ' + release + '\n');
global_var asset_inventory = make_nested_array();
asset_inventory['source'] = 'NESSUS_AGENT';
# Initilize system block
asset_inventory['system'] = make_array();
# Set distro version info
spad_log(message: 'Set distribution version info.\n');
if ('fedora' == distro)
{
matches = pregmatch(pattern: '^fedora.*release ([0-9]+)', string:release, icase:TRUE);
if (!empty_or_null(matches))
{
asset_inventory['system']['version'] = 'FC' + default_if_empty_or_null(matches[1], default:'0');
}
}
else if ('centos' == distro)
{
matches = pregmatch(pattern: '^CentOS (?:Stream )?(?:Linux )?release (\\d+)(?:\\.(\\d+))?(?:\\.(\\d+))?', string:release, icase:TRUE);
if (!empty_or_null(matches))
{
asset_inventory['system']['version'] = default_if_empty_or_null(matches[1], default:'0');
asset_inventory['system']['sp'] = default_if_empty_or_null(matches[2], default:'0');
asset_inventory['system']['build'] = default_if_empty_or_null(matches[3], default:'0');
if ('Stream' >< release)
{
distro = 'centos-stream';
}
}
}
else if ('ubuntu' == distro)
{
matches = pregmatch(pattern: '^(\\d[\\d\\.]+)', string:release, icase:TRUE);
if (!empty_or_null(matches))
{
asset_inventory['system']['version'] = default_if_empty_or_null(matches[1], default:'0');
}
}
else if ('redhat' == distro)
{
matches = pregmatch(pattern: '^Red Hat Enterprise Linux.*release (\\d+)(?:\\.(\\d+))?(?:\\.(\\d+))?', string:release, icase:TRUE);
if (!empty_or_null(matches))
{
asset_inventory['system']['version'] = default_if_empty_or_null(matches[1], default:'0');
asset_inventory['system']['sp'] = default_if_empty_or_null(matches[2], default:'0');
asset_inventory['system']['build'] = default_if_empty_or_null(matches[3], default:'0');
}
else
{
audit(AUDIT_OS_NOT, 'supported');
}
}
else if ('alma' == distro)
{
matches = pregmatch(pattern: '^AlmaLinux release (\\d+)(?:\\.(\\d+))?(?:\\.(\\d+))?', string:release, icase:TRUE);
if (!empty_or_null(matches))
{
asset_inventory['system']['version'] = default_if_empty_or_null(matches[1], default:'0');
asset_inventory['system']['sp'] = default_if_empty_or_null(matches[2], default:'0');
asset_inventory['system']['build'] = default_if_empty_or_null(matches[3], default:'0');
}
else
{
audit(AUDIT_OS_NOT, 'supported');
}
}
else if ('rocky' == distro)
{
matches = pregmatch(pattern: '^Rocky Linux release (\\d+)(?:\\.(\\d+))?(?:\\.(\\d+))?', string:release, icase:TRUE);
if (!empty_or_null(matches))
{
asset_inventory['system']['version'] = default_if_empty_or_null(matches[1], default:'0');
asset_inventory['system']['sp'] = default_if_empty_or_null(matches[2], default:'0');
asset_inventory['system']['build'] = default_if_empty_or_null(matches[3], default:'0');
}
else
{
audit(AUDIT_OS_NOT, 'supported');
}
}
else if ('debian' == distro)
{
matches = pregmatch(pattern: '^(\\d+)(?:\\.(\\d+))?', string:release, icase:TRUE);
if (!empty_or_null(matches))
{
asset_inventory['system']['version'] = default_if_empty_or_null(matches[1], default:'0');
asset_inventory['system']['sp'] = default_if_empty_or_null(matches[2], default:'0');
}
else
{
audit(AUDIT_OS_NOT, 'supported');
}
}
else if ('oracle' == distro)
{
matches = pregmatch(pattern: '^Oracle (?:Linux Server|Enterprise Linux) .*release (\\d+)(?:\\.(\\d+))?', string:release, icase:TRUE);
if (!empty_or_null(matches))
{
asset_inventory['system']['version'] = default_if_empty_or_null(matches[1], default:'0');
asset_inventory['system']['sp'] = default_if_empty_or_null(matches[2], default:'0');
}
else
{
audit(AUDIT_OS_NOT, 'supported');
}
}
else if ('amazon' == distro)
{
matches = pregmatch(pattern: '^AL(A|\\d|-2023)', string:release);
if (!empty_or_null(matches))
{
asset_inventory['system']['version'] = "unknown";
if (!empty_or_null(matches[1]))
{
if(matches[1] == "A")
{
asset_inventory['system']['version'] = "amzn1";
}
else if (matches[1] == "2")
{
asset_inventory['system']['version'] = "amzn2";
}
else if (matches[1] == "-2023")
{
asset_inventory['system']['version'] = "amzn2023";
}
}
}
else
{
audit(AUDIT_OS_NOT, 'supported');
}
}
else if ('suse' == distro)
{
# Check for SLES / SLED or SLES_SAP / SLED_SAP
matches = pregmatch(pattern: '^SLE(S|D)(?:_SAP)?(\\d+)', string:release);
if (!empty_or_null(matches))
{
if (!empty_or_null(matches[1]) && matches[1] == "S")
{
distro = 'suse-server';
}
else if (!empty_or_null(matches[1]) && matches[1] == "D")
{
distro = 'suse-desktop';
}
var sp = string(get_kb_item("Host/SuSE/patchlevel"));
asset_inventory['system']['version'] = default_if_empty_or_null(matches[2], default:'0');
asset_inventory['system']['sp'] = default_if_empty_or_null(sp, default:'0');
}
# Check for OpenSuSe
else
{
matches = pregmatch(pattern: '^SUSE(\\d+)(?:\\.(\\d+))', string:release);
if (!empty_or_null(matches))
{
distro = 'opensuse';
asset_inventory['system']['version'] = default_if_empty_or_null(matches[1], default:'0');
asset_inventory['system']['sp'] = default_if_empty_or_null(matches[2], default:'0');
}
else
{
audit(AUDIT_OS_NOT, 'supported');
}
}
}
else if ('miracle' == distro)
{
if ('MIRACLE LINUX' >< get_kb_item('installed_os/local/SSH/0/product'))
{
asset_inventory['system']['version'] = default_if_empty_or_null(get_one_kb_item('installed_os/local/SSH/0/release'), default:'0');
}
else
{
audit(AUDIT_OS_NOT, 'supported');
}
}
else if ('tencentos' == distro)
{
if ('TencentOS' >< get_kb_item('installed_os/local/SSH/0/product'))
{
asset_inventory['system']['version'] = default_if_empty_or_null(get_one_kb_item('installed_os/local/SSH/0/release'), default:'0');
}
else
{
audit(AUDIT_OS_NOT, 'supported');
}
}
else
{
audit(AUDIT_OS_NOT, 'supported');
}
spad_log(message:'Populate system block.\n');
asset_inventory['system']['name'] = name;
asset_inventory['system']['distro'] = distro;
asset_inventory['system']['hostname'] = system_hostname;
asset_inventory['system']['arch'] = system_arch;
asset_inventory['system']['os'] = 'linux';
asset_inventory['system']['uname'] = make_array();
asset_inventory['system']['uname']['kernel_release'] = system_kernel_release;
asset_inventory['system']['uname']['all'] = system_uname;
var feed_info = nessusd_plugin_feed_info();
spad_log(message: 'PLUGIN_SET : ' + feed_info['PLUGIN_SET'] + '\n');
# Default to old feed similiar to default in plugin_feed.info.inc
asset_inventory['system']['collection_version'] = default_if_empty_or_null(feed_info['PLUGIN_SET'], '20051108131841');
asset_inventory['items'] = [];
spad_log(message:'Populate packages.\n');
foreach var package(package_manager_utils::get_packages())
{
append_element(var:asset_inventory['items'], value:package);
}
spad_log(message:'Populate dnf_module items.\n');
foreach var dnf_module(get_dnf_modules())
{
append_element(var:asset_inventory['items'], value:dnf_module);
}
spad_log(message:'Populate pkg_repository items.\n');
foreach var pkg_repo(get_package_repositories())
{
append_element(var:asset_inventory['items'], value:pkg_repo);
}
spad_log(message:'Populate live kernel CVEs.\n');
var kernel_cves = get_live_kernel_cves();
if (!isnull(kernel_cves))
{
append_element(var:asset_inventory['items'], value:kernel_cves);
}
spad_log(message:'Populate uptrack kernel release.\n');
var uptrack_kernel_release = get_uptrack_kernel_release();
if (!isnull(uptrack_kernel_release))
{
asset_inventory['system']['uptrack_kernel_release'] = uptrack_kernel_release;
}
spad_log(message:'Populate Product Items.');
var detected_products = inventory_agent::get_detected_products();
if (!empty_or_null(detected_products))
foreach var product_item(detected_products)
append_element(var:asset_inventory['items'], value:product_item);
if (!nessusd_is_offline_scanner())
{
spad_log(message:'Populate networks.\n');
asset_inventory['networks'] = inventory_agent::get_networks();
}
spad_log(message:'Inventory populated.\n');
# Save inventory
inventory_agent::save_normalized_inventory(inventory:asset_inventory, is_cli:CLI, is_debug:DEBUG, store_inventory_to_disk:STORE_INVENTORY_TO_DISK);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Jan 2026 00:00Current
6.7Medium risk
Vulners AI Score6.7