portbunny (NASL wrapper)

This plugin runs portbunny scan to find open ports. Portbunny is (Linux only) kernel module port scanner suitable for large internal portscans. This is experimental plugin, use with care
# OpenVAS Vulnerability Test
# $Id: portbunny.nasl 8023 2017-12-07 08:36:26Z teissa $
#
# Use portbunny as scanner
#
# Authors:
# Vlatko Kosturjak <[email protected]>
#
# Copyright:
# Copyright (c) 2008 Vlatko Kosturjak
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

tag_summary = "This plugin runs portbunny scan to find open ports.
Portbunny is (Linux only) kernel module port scanner 
suitable for large internal portscans.
This is experimental plugin, use with care.";

# TODO:
# - report back banners grabbed
# - script_oid
# - sign the script

if(description)
{
 script_id(80002);
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
 script_version("$Revision: 8023 $");
 script_tag(name:"last_modification", value:"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $");
 script_tag(name:"creation_date", value:"2008-08-31 23:34:05 +0200 (Sun, 31 Aug 2008)");
 script_tag(name:"cvss_base", value:"0.0");
 name = "portbunny (NASL wrapper)";
 script_name(name);


 script_category(ACT_SCANNER);
  script_tag(name:"qod_type", value:"remote_banner");
  script_copyright("This script is Copyright (C) 2008 Vlatko Kosturjak");
 family = "Port scanners";
 script_family(family);
 script_add_preference(name:"Wait longer for triggers to return", type:"checkbox", value: "no");
 script_dependencies("toolcheck.nasl", "ping_host.nasl");
 script_mandatory_keys("Tools/Present/portbunny");
 script_tag(name : "summary" , value : tag_summary);
 exit(0);
}

ip = get_host_ip();
esc_ip = ""; l = strlen(ip);
for (i = 0; i < l; i ++) 
  if (ip[i] == '.')
    esc_ip = strcat(esc_ip, "\.");
  else
    esc_ip = strcat(esc_ip, ip[i]);

 i = 0;
 argv[i++] = "portbunny";
 argv[i++] = "-u";

 p = script_get_preference("Wait longer for triggers to return");
 if ( p) argv[i++] = "-w";

 argv[i++] = ip;
 pr = get_preference("port_range");
 if (! pr) pr = "1-65535"; 
 argv[i++] = "-p";
 argv[i++] = pr;


 res = pread(cmd: "portbunny", argv: argv, cd: 1, nice: 5);

# debug
#	display("\n====DEBUG===\n");
#	display(res);
#	display("\n====DEBUG===\n");

# IP_ADDRESS:PORT:TYPE:FULL_BANNER
# 127.0.0.1     53      OPEN            domain
# 127.0.0.1     80      OPEN            http

n_ports = 0;

foreach line(split(res))
{
  v = eregmatch(string: line, pattern: '^'+esc_ip+'[ \t]*([0-9]+)[ \t]*([A-Z]+)[ \t]*([A-Za-z0-9]*)');
# debug
#	display (":");
#	if (isnull(v)) display ("null:"+esc_ip);
#	else display (v[1]+":"+v[2]+":"+v[3]);
#	display ("\n");
  if (! isnull(v) && v[2] == "OPEN")
  {
	n_ports++;
	port = v[1];
	proto = "tcp";
   scanner_add_port(proto: proto, port: port);
  }
}

if (n_ports == 0)
{
	security_message(port:0, proto:"tcp",data:"Host does not have any open TCP port");
}

set_kb_item(name: "Host/scanned", value: TRUE);
set_kb_item(name: 'Host/scanners/portbunny', value: TRUE);
if (pr == '1-65535')
  set_kb_item(name: "Host/full_scan", value: TRUE);

scanner_status(current: 65535, total: 65535);

exit (0);
07 Dec 2017 00:00Current
7.2High risk
Vulners AI Score7.2