Vulners
Lucene search
Frictionless Assessment Asset Inventory Windows
#TRUSTED 451861b0392acae768c920c8f8f51b6fb76277c68fe8ecfba743aad78fcf2a4abf588c08470ffd94daf61afd26a3f8d9c1a12ad8bb95fd38d44eee6181526cafe55324ca8418e6f10f82f9d4bb3899ee8eeffd0d5139dfb6b29df55510f3a793776c86dac122c2a1784577a6321b1ec5c95398ac08cc7077aef18326e0e781446321b0df09571c9b16309e924689f2b529ccc8665e591ccead527470d1a32eda492de916ab71745f11c9f03042cbb0439adf16c41bfd2d942373702b3d12179fa7065cb41c8d78d8757c98e6c9e420d034283c15c4ca63c95baedca842a0b934bad2c7babe16fc3c138cd9fbeb7d08dd8e6e6a77297ae11272313063065a969980a314a2aa961bba577fd774bd091276fb4640a6375e17357a252d0f6b6f132d3f4909ce7f9460c5000713b3a2b0e86be7cf809fcc10b82210d2123818ab75a87e4d3d23786099c848d6df20eca125f17f2f1c685f79954c2739d2129485e3696a0563f2cfb3f04b49f766b9c420ab2b63491974b0d14701805e11ba20cb1f826f72a59f99f48da6058d24ad6bf714160e1de20d2d36a305a1b6f64fd713fc6ad6a4a588b38e9350c3db67dcf6583aaab20c9706b7b8113920b1fc8ebeb18084e42760e5e435aaa1a3faeaeebd909779850a5288a1190666688024acb130941b7a89bc9c24e6e8a0e4adcc5e27662d12784ae81c4d6af63ef823cd248d887bec
#TRUST-RSA-SHA256 90fbecd94f710e5b3cd3b57b3f0aab8b535a1920d5db94c340cf9c54a2f99e277a70e2a27ef80176b00efd5608be5812ca04d07a3b575702cb22c95081f99cc4785d23935536f9320b53f5d6da2988fa4fc1fffbaabc8ab45774b1766218907cbb2c55badf4dc27d344a6250f75260ab361365f17b46498e985ae09882665a20065ed114be92b52e8e9d9a3ea2aee7adbd3282756e803d07544d53cae5ecfc81118498234d7cf142cd5f20187f4f9ad4aa729d625ce9f7a83ecd37035e8d90055d8e828e62029f829c5a86d553e8003369cefb1c338961b21be346472508e134ba74371e605f58ebb52548bf57296c69e1ce02b1f3466a8b61d1cfcbcc9109348c1ecae187d5715caaf225ca53a29e90687b8a1932ab5a27968d49295ceb7aa3ae921fa9377ff8c36f75a2cb4cf1526127355919df4f161a9d9fad70244a34040065e72d20615e8a643c3949b12bdb9caae6fe24c4c2da24a99d05fb21479f157e8879b3879e4fa81c179031d5130b653fc7d019a188fcf8a4e82940c7190a211a2ab5af1d82bfec2123a0f2a341c07b99e11cc37a3e1d4cc96c344dfc0343d91a0d9107de1f6262d369ddaf9e7ce3d77312353bebea179640859f7f6fd5deb986d61723d3ab1fbbf5d828843118499b030509b2ab46374fb19b31c03540f11dd45701e7d4041f871ed5254a358f8831122145c4d620e7115da965845c7acb6d
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(157327);
script_version("1.24");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/18");
script_name(english:"Frictionless Assessment Asset Inventory Windows");
script_set_attribute(attribute:"synopsis", value:
"Nessus collected information about the network interfaces, installed software, users, and user groups on the target
host.");
script_set_attribute(attribute:"description", value:
"Nessus collected information about the target host to create an inventory for Frictionless Assessment");
script_set_attribute(attribute:"solution", value:"n/a");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/02");
script_set_attribute(attribute:"plugin_type", value:"summary");
script_set_attribute(attribute:"agent", value:"windows");
script_set_attribute(attribute:"always_run", value:TRUE);
script_set_attribute(attribute:"asset_inventory", value:"True");
script_end_attributes();
script_category(ACT_END);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2021-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("wmi_system_hostname.nbin", "smb_check_rollup.nasl", "smb_check_dotnet_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl", "smb_reboot_required.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_exclude_keys("Host/dead");
exit(0);
}
include('smb_hotfixes.inc');
include('debug.inc');
include('inventory_agent.inc');
include('collection_metadata.inc');
include("inventory_agent_windows_registry.inc");
function get_rollup_files_as_products()
{
var systemroot = hotfix_get_systemroot();
var systemroot_files = [
'system32\\advapi32.dll',
'system32\\appinfo.dll',
'system32\\bcastdvruserservice.dll',
'system32\\bcrypt.dll',
'system32\\coremessaging.dll',
'system32\\crypt32.dll',
'system32\\cryptcatsvc.dll',
'system32\\drivers\\nwifi.sys',
'system32\\drivers\\srv.sys',
'system32\\drivers\\tcpip.sys',
'system32\\gdi32.dll',
'system32\\gdiplus.dll',
'system32\\hlink.dll',
'system32\\inetcomm.dll',
'system32\\ipnathlp.dll',
'system32\\iprtrmgr.dll',
'system32\\localspl.dll',
'system32\\mprapi.dll',
'system32\\ntdll.dll',
'system32\\ntoskrnl.exe',
'system32\\oleaut32.dll',
'system32\\pcadm.dll',
'system32\\pcasvc.dll',
'system32\\puiobj.dll',
'system32\\shell32.dll',
'system32\\tzres.dll',
'system32\\user32.dll',
'system32\\win32k.sys',
'system32\\win32kfull.sys',
'system32\\winload.exe'
];
var product_items = [];
var id = 0;
foreach var file (systemroot_files) {
var full_path = hotfix_append_path(path:systemroot, value:file);
var kb_path = "SMB/FileVersions/"+tolower(str_replace(string:str_replace(string:full_path, find:":", replace:""), find:"\", replace:"/"));
var version = get_one_kb_item(kb_path);
if(!empty_or_null(version))
{
var product = inventory_agent::generate_product_item(name:'windows_os', properties:{path:full_path, version:version}, id:id++);
var collect = new collection_metadata::collection_metadata();
collect.track_windows_pe_version(path: product.properties['path']);
product.properties['version_file'] = collect.get_metadata(field:'version_file');
product.properties['collect_methods'] = collect.get_collect_methods();
delete collect;
append_element(var: product_items, value:product);
}
}
return product_items;
}
##
# Convert MS Rollup of to version for comparision.
#
# @param rollup MS Rollup date
#
# @return version string suitable for version comparison with ver_compare().
##
function rollup_to_version(rollup)
{
if (rollup !~ "^[0-9]+_[0-9][0-9_]*$") return NULL;
var segs = split(rollup, sep:'_', keep:FALSE);
var month = segs[0];
# Swap month and year
segs[0] = segs[1];
segs[1] = month;
return join(segs, sep:'.');
}
##
# Generate normalized inventory ms_rollup item from KB data.
#
# @param rollup to specify the type of rollup data to report on.
# @return array respresenting normalized inventory ms_rollup item.
##
function get_rollup_data(rollup_item)
{
var item = make_array("type", rollup_item);
item["properties"] = make_array();
var kb_latest_rollup = NULL;
var rollups = NULL;
# MS rollup data
if (rollup_item == "ms_rollup")
{
kb_latest_rollup = get_kb_item('smb_rollup/latest');
rollups = get_kb_list('smb_rollup/fa_info/*');
}
# NET rollup data
if (rollup_item == "dotnet_rollup")
{
kb_latest_rollup = get_kb_item('smb_dotnet_rollup/latest');
rollups = get_kb_list("smb_dotnet_rollup/fa_info/*");
}
var latest_rollup = NULL;
var invalid_rollups_found = FALSE;
# Get individual rollup information
foreach var rollup_key (keys(rollups))
{
# Get rollup date
var rollup = split(rollup_key, sep:'/', keep:FALSE);
rollup = rollup[2];
# patched;full_path;patched_version;file_version
var rollup_data = split(rollups[rollup_key], sep:';', keep:FALSE);
var patched = "false";
if (rollup_data[0] == "1")
{
patched = "true";
}
if (len(rollup_data) >= 4 &&
!empty_or_null(rollup_data[1]) &&
!empty_or_null(rollup_data[2]) &&
!empty_or_null(rollup_data[3]))
{
item["properties"][rollup] = make_array("patched", patched,
"path", rollup_data[1],
"fixed_version", rollup_data[2],
"version", rollup_data[3]);
}
# Track latest patched rollup
if (empty_or_null(kb_latest_rollup) && patched == "true")
{
var latest_rollup_version = rollup_to_version(rollup:latest_rollup);
var rollup_version = rollup_to_version(rollup:rollup);
if (!isnull(latest_rollup_version) && !isnull(rollup_version))
{
if (isnull(latest_rollup) ||
ver_compare(ver:latest_rollup_version,
fix:rollup_version, strict:FALSE) < 0)
{
latest_rollup = rollup;
}
}
else
{
invalid_rollups_found = TRUE;
dbg::detailed_log(lvl: 2, msg: 'Invalid MS rollup date found when comparing "' + latest_rollup_version + '" and "' + rollup_version + '".');
}
}
}
# Use latest rollup from KB if available otherwise fallback to latest rollup from file patch info.
if (!empty_or_null(kb_latest_rollup))
{
item["properties"]["date"] = kb_latest_rollup;
}
else if(!empty_or_null(latest_rollup))
{
item["properties"]["date"] = latest_rollup;
}
else
{
if (invalid_rollups_found)
{
dbg::detailed_log(lvl: 2, msg: 'No valid MS or .NET Rollups found on the host. See previous logs for details on invalid rollups.');
}
else
{
dbg::detailed_log(lvl: 2, msg: 'No MS or .NET Rollups found on the host.');
}
}
return item;
}
##
# Set the host-ip tag in the report for use in the FA pipeline.
# This is used to help improve reporting data and is not required to be set. The Agent ID is the primary way to correlate data to hosts in the FA pipeline.
##
function set_report_tag_host_ip()
{
var ip_addr = get_host_ip();
if (!empty_or_null(ip_addr))
report_xml_tag(tag:"host-ip", value:ip_addr);
}
if (get_kb_item('Host/dead') == TRUE) exit(0, 'Host is offline.');
get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');
var system_name = get_kb_item_or_exit('Host/OS');
var system_hostname = get_kb_item_or_exit('Host/hostname');
var system_arch = get_kb_item_or_exit('SMB/ARCH');
var system_build = get_kb_item_or_exit('SMB/WindowsVersionBuild');
global_var DEBUG = get_kb_item("global_settings/enable_plugin_debugging");
global_var CLI = isnull(get_preference("plugins_folder")); #Used to determine if we are running from CLI
global_var STORE_INVENTORY_TO_DISK = get_preference("store_inventory_to_disk"); #Used for internal gathering of inventory
# Skip the inventory agent check if running from CLI or store_inventory_to_disk is set
if (!CLI && isnull(STORE_INVENTORY_TO_DISK))
{
inventory_agent::inventory_agent_or_exit();
}
# Required to store normalized inventory for the FA pipeline
if (!defined_func('report_tag_internal'))
audit(AUDIT_FN_UNDEF, 'report_tag_internal');
# Check if Windows version is supported
dbg::detailed_log(lvl: 2, msg:'Checking if Windows version is supported.');
var os_version = get_kb_item_or_exit("SMB/WindowsVersion");
os_version = string(os_version);
var supported_os_versions = ['6.0', '6.1', '6.2', '6.3', '10'];
var os_version_supported = FALSE;
foreach var supported_version (supported_os_versions)
{
if (os_version == supported_version)
{
os_version_supported = TRUE;
}
}
if (!os_version_supported)
{
audit(AUDIT_OS_NOT, 'supported');
}
var os_sp = get_kb_item('SMB/CSDVersion');
if (os_sp)
{
os_sp = ereg_replace(pattern:".*Service Pack ([0-9]).*", string:os_sp, replace:"\1");
}
else
{
os_sp = '0';
}
global_var asset_inventory = make_nested_array();
asset_inventory['source'] = 'NESSUS_AGENT';
dbg::detailed_log(lvl: 2, msg:'Populate system block.');
asset_inventory['system'] = make_array();
asset_inventory['system']['name'] = system_name;
asset_inventory['system']['hostname'] = system_hostname;
asset_inventory['system']['arch'] = system_arch;
asset_inventory['system']['os'] = 'windows';
asset_inventory['system']['version'] = os_version;
asset_inventory['system']['sp'] = os_sp;
asset_inventory['system']['build'] = system_build;
asset_inventory['system']['systemroot'] = hotfix_get_systemroot();
var feed_info = nessusd_plugin_feed_info();
dbg::detailed_log(lvl: 2, msg: 'PLUGIN_SET : ' + feed_info['PLUGIN_SET']);
# Default to old feed similiar to default in plugin_feed.info.inc
asset_inventory['system']['collection_version'] = default_if_empty_or_null(feed_info['PLUGIN_SET'], '20051108131841');
asset_inventory['items'] = [];
# Disable legacy MS Rollup data collection.
#dbg::detailed_log(lvl: 2, msg:'Populate MS Rollups.');
#append_element(var:asset_inventory['items'], value:get_rollup_data(rollup_item:'ms_rollup'));
dbg::detailed_log(lvl: 2, msg:'Populate MS Rollups File Product Items.');
var rollup_file_products = get_rollup_files_as_products();
if (!empty_or_null(rollup_file_products))
{
foreach var rollup_file_product_item(rollup_file_products)
{
append_element(var:asset_inventory['items'], value:rollup_file_product_item);
}
}
# .NET rollup
dbg::detailed_log(lvl: 2, msg:'Populate .NET Rollups.');
append_element(var:asset_inventory['items'], value:get_rollup_data(rollup_item:'dotnet_rollup'));
dbg::detailed_log(lvl: 2, msg:'Populate Product Items.');
var detected_products = inventory_agent::get_detected_products();
if (!empty_or_null(detected_products))
{
foreach var product_item(detected_products)
{
append_element(var:asset_inventory['items'], value:product_item);
}
}
dbg::detailed_log(lvl: 2, msg:'Populate networks.');
asset_inventory['networks'] = inventory_agent::get_networks();
dbg::detailed_log(lvl: 2, msg:'Populate registry.');
var registry_items = inventory_agent::windows::registry::inventory_items();
if (!empty_or_null(registry_items))
{
foreach var registry_item (registry_items)
{
append_element(var:asset_inventory['items'], value:registry_item);
}
}
set_report_tag_host_ip();
dbg::detailed_log(lvl: 2, msg:'Inventory populated.');
# Save inventory
inventory_agent::save_normalized_inventory(inventory:asset_inventory, is_cli:CLI, is_debug:DEBUG, store_inventory_to_disk:STORE_INVENTORY_TO_DISK);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 May 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8