OpenVAS Kompendium -- Wissensbasis

Wissensbasis

Wissensbasis

Um den Informationsaustausch zwischen verschiedenen NVTs zu erleichtern und den Scanablauf zu beschleunigen, werden von NVTs gesammelte Informationen in einer so genannten Wissensbasis („Knowledge Base“, KB) abgelegt. Dies ermöglicht es NVTs, auf den Ergebnissen anderer NVTs aufzubauen und hilft, doppelte Scans zu vermeiden.

Die folgende Liste enthält bekannte Einträge in die Wissensbasis und die Namen der NASL/NES-Skripte, die diese Werte setzten. Berücksichtigen Sie bitte, dass diese Liste vermutlich lückenhaft ist und ständigen Änderungen unterworfen ist.

Amanda/running: (amanda_detect.nasl): 1 = Amanda läuft auf dem Zielrechner
Amanda/version: (amanda_version.nasl):
Amap/*/FullBanner: (amap.nasl):
Amap/*/PrintableBanner: (amap.nasl):
Amap/*/Svc: (amap.nasl):
bind/version: (bind_version.nasl): Version des entfernten BIND-Servers
cfengine/running: (cfengine_detect.nasl):
cheopsNG/password: (cheopsNG_detect.nasl):
cheopsNG/unprotected: (cheopsNG_detect.nasl):
CVE-2003-1011: (apple-sa-2004-08-09.nasl):
ebola/banner/*: (find_service2.nasl):
fake_identd/113: (w32_spybot_worm_variant.nasl):
fake_identd/*: (slident.nasl, find_service1.nasl, ident_backdoor.nasl):
FindService/tcp/*/get_http: (doublecheck_std_services.nasl, apache_SSL_complain.nasl):
FindService/tcp/*/help: (doublecheck_std_services.nasl, find_service2.nasl, find_service_3digits.nasl):
FindService/tcp/*/spontaneous: (find_service_3digits.nasl, doublecheck_std_services.nasl):
fsp/banner/*: (fsp_detection.nasl):
ftp/backdoor: (ftp_kibuv_worm.nasl):
ftp/fw1ftpd: (ftpserver_detect_type_nd_version.nasl): 1 = Auf dem Zielrechner läuft FW/1 FTPd
ftp/login: (logins.nasl): Benutzername für FTP-Anmeldung
ftp/msftpd: (ftpserver_detect_type_nd_version.nasl): 1 = Auf dem Zielrechner läuft IIS FTPd
ftp/ncftpd: (ftpserver_detect_type_nd_version.nasl): 1 = Auf dem Zielrechner läuft NcFTPd
ftp/password: (logins.nasl): Passwort für FTP-Anmeldung
ftp/*/AnyUser: (DDI_FTP_Any_User_Login.nasl):
ftp/*/backdoor: (ftp_kibuv_worm.nasl):
ftp/*/syst: (find_service_3digits.nasl):
ftp/vxftpd: (ftpserver_detect_type_nd_version.nasl):
ftp/writeable_dir: (ftp_writeable_directories.nasl, logins.nasl, ftp_write_dirs.nes):
ftp/wuftpd: (ftpserver_detect_type_nd_version.nasl):
global_settings/debug_level: (global_settings.nasl):
global_settings/experimental_scripts: (global_settings.nasl):
global_settings/http_user_agent: (global_settings.nasl):
global_settings/log_verbosity: (global_settings.nasl):
global_settings/network_type: (global_settings.nasl):
global_settings/report_paranoia: (global_settings.nasl):
global_settings/report_verbosity: (global_settings.nasl):
global_settings/thorough_tests: (global_settings.nasl):
Host/accept_lsrr: (source_routed.nasl):
Host/dead: (3com_nbx_voip_netset_detection.nasl, blackice_dos.nasl, dont_scan_printers.nasl, ftp_w98_devname_dos.nasl, fw1_udp_DoS.nasl, http_w98_devname_dos.nasl, jolt2.nasl, jolt.nasl, labrea.nasl, linux_icmp_sctp_DoS.nasl, open_all_ports_DoS.nasl, p-smash.nasl, spank.nasl, TLD_wildcard.nasl, vxworks_ftpdDOS.nasl): 1 = Der Zielrechner antwortet nicht mehr
Host/Debian/dpkg-l: (ssh_get_info.nasl):
Host/firewall: (securemote_info_leak.nasl, securemote.nasl): (Name des Firewalls) Der Zielrechner ist ein Firewall
Host/full_scan: (amap.nasl, netstat_portscan.nasl, nmap.nasl, snmpwalk_portscan.nasl, openvas_tcp_scanner.nes, synscan.nes):
Host/ident_scanned: (ident_process_owner.nasl, netstat_portscan.nasl, nmap.nasl):
Host/num_ports_scanned: (openvas_tcp_scanner.nes, synscan.nes):
Host/OS: (nmap.nasl, nmap_wrapper.nes):
Host/OS/ntp: (ntp_open.nasl):
Host/ping_failed: (nmap.nasl, nmap_wrapper.nes):
Host/processor/ntp: (ntp_open.nasl):
Host/protocol_scanned: (ip_protocol_scan.nasl):
Host/scanned: (amap.nasl, netstat_portscan.nasl, nmap.nasl, snmpwalk_portscan.nasl, nmap_tcp_connect.nes, nmap_wrapper.nes, synscan.nes, openvas_tcp_scanner.nes, ike-scan.nasl): 1 = Der Portscan des Zielrechners ist abgeschlossen
Host/scanners/amap: (amap.nasl):
Host/scanners/ike-scan: (ike-scan.nasl):
Host/scanners/netstat: (netstat_portscan.nasl):
Host/scanners/nmap: (nmap.nasl):
Host/scanners/openvas_tcp_scanner: (openvas_tcp_scanner.nes):
Host/scanners/snmpwalk: (snmpwalk_portscan.nasl):
Host/scanners/synscan: (synscan.nes):
Host/tcp_reverse_lsrr: (source_routed.nasl):
Host/tcp_seq_idx: (nmap.nasl):
Host/tcp_seq: (nmap.nasl, nmap_wrapper.nes):
Host/udp_scanned: (amap.nasl, netstat_portscan.nasl, nmap.nasl, snmpwalk_portscan.nasl, nmap_wrapper.nes):
http/auth: (logins.nasl): Benutzername für HTTP-Anfragen
http/login: (logins.nasl):
http/password: (logins.nasl): Passwort für HTTP-Anfragen
Hydra/cisco-enable/*: (hydra_cisco_enable.nasl):
Hydra/cisco/*: (hydra_cisco.nasl):
Hydra/cvs/*: (hydra_cvs.nasl):
Hydra/ftp/*: (hydra_ftp.nasl):
Hydra/http/*: (hydra_http.nasl):
Hydra/http-proxy/*: (hydra_http_proxy.nasl):
Hydra/icq/*: (hydra_icq.nasl):
Hydra/imap/*: (hydra_imap.nasl):
Hydra/ldap/*: (hydra_ldap.nasl):
Hydra/mssql/*: (hydra_mssql.nasl):
Hydra/nntp/*: (hydra_nntp.nasl):
Hydra/pcnfs/*: (hydra_pcnfs.nasl):
Hydra/rexec/*: (hydra_rexec.nasl):
Hydra/sapr3/*: (hydra_sapr3.nasl):
Hydra/smtp-auth/*: (hydra_smtp_auth.nasl):
Hydra/snmp/*: (hydra_snmp.nasl):
Hydra/socks5/*: (hydra_socks5.nasl):
Hydra/ssh2/*: (hydra_ssh2.nasl):
Hydra/telnet/*: (hydra_telnet.nasl):
Hydra/vnc/*: (hydra_vnc.nasl):
Ident/*/*: (nmap.nasl):
Ident/tcp/*: (ident_process_owner.nasl, netstat_portscan.nasl):
iis/global.asa.download: (DDI_GlobalASA_Retrieval.nasl):
imap/banner/*: (find_service2.nasl):
imap/login: (logins.nasl): Benutzername für IMAP-Anmeldung
imap/password: (logins.nasl): Passwort für IMAP-Anmeldung
imap/*/Cyrus: (cyrus_imap_prelogin_overflow.nasl):
IPProtocol/*: (ip_protocol_scan.nasl):
kazaa/username: (kazaa_morpheus_detect.nasl):
mssql/SQLVersion: (mssql_version.nasl):
mssql/udp/1434: (mssql_ping.nasl):
MSSQL/UDP/Ping: (mssql_ping.nasl):
Nmap/*/svc: (nmap.nasl):
Nmap/*/version: (nmap.nasl):
nntp/local_distrib: (nntp_info.nasl):
nntp/login: (logins.nasl):
nntp/password: (logins.nasl):
nntp/*/cancel: (nntp_info.nasl):
nntp/*/noauth: (nntp_info.nasl):
nntp/*/posted: (nntp_info.nasl):
nntp/*/posting: (nntp_info.nasl):
nntp/*/ready: (nntp_info.nasl):
nntp/*/supersed: (nntp_info.nasl):
nntp/x_no_archive: (nntp_info.nasl):
NTP/Running: (ntp_open.nasl):
oracle_tnslsnr/*/version: (oracle_tnslsnr_version.nasl):
pop2/login: (logins.nasl):
pop2/password: (logins.nasl):
pop3/login: (logins.nasl):
pop3/password: (logins.nasl):
/rip/*/broken_source_port: (rip_detect.nasl):
/rip/*/version: (rip_detect.nasl):
Secret/hydra/logins_file: (hydra_options.nasl):
Secret/hydra/passwords_file: (hydra_options.nasl):
Secret/SSH/login: (ssh_authorization.nasl):
Secret/SSH/passphrase: (ssh_authorization.nasl):
Secret/SSH/password: (ssh_authorization.nasl):
Secret/SSH/privatekey: (ssh_authorization.nasl):
Secret/SSH/publickey: (ssh_authorization.nasl):
Services/data_protector/build: (hp_data_protector_installed.nasl):
Services/data_protector/version: (hp_data_protector_installed.nasl):
Services/three_digits: (find_service.nes):
Services/unknown: (find_service.nes): Port des unbekannten Dienstes
Services/wrapped: (find_service.nes):
Services/www/*/broken: (http_func.inc, no404.nasl):
Services/www/*/embedded: (3com_nbx_voip_netset_detection.nasl, ciscoworks_detect.nasl, clearswift_mimesweeper_smtp_detect.nasl, cobalt_web_admin_server.nasl, DDI_Cabletron_Web_View.nasl, DDI_F5_Default_Support.nasl, embedded_web_server_detect.nasl, imss_detect.nasl, interspect_detect.nasl, intrushield_console_detect.nasl, iwss_detect.nasl, linksys_multiple_vulns.nasl, raptor_detect.nasl, securenet_provider_detect.nasl, sitescope_management_server.nasl, sun_cobalt_adaptive_firewall_detect.nasl, tmcm_detect.nasl, websense_detect.nasl, xedus_detect.nasl):
Services/www/*/kerio_wrf: (kerio_wrf_management_detection.nasl):
Services/www/*/working: (http_func.inc):
Settings/disable_cgi_scanning: (global_settings.nasl):
Settings/ExperimentalScripts: (global_settings.nasl):
Settings/ThoroughTests: (global_settings.nasl):
sip/banner/5060: (sip_detection.nasl):
SMB/domain_filled/0: (smb_authorization.nasl):
SMB/DOMAIN: (smbcl_func.inc):
SMB/dont_send_in_cleartext: (logins.nasl):
SMB/dont_send_ntlmv1: (logins.nasl):
SMB/ERROR: (smbcl_func.inc):
SMB/FILEVERSION/*: (smbcl_func.inc):
SMB/login_filled/0: (smb_authorization.nasl):
SMB/name: (netbios_name_get.nasl): NetBIOS-Name des Zielrechners
SMB/OS: (smbcl_func.inc):
SMB/password_filled/0: (smb_authorization.nasl):
SMB/PRODUCTVERSION/*: (smbcl_func.inc):
SMB/samba: (netbios_name_get.nasl): 1 = Auf dem entfernen Zielrechner läuft Samba
SMB/SERVER: (smbcl_func.inc):
SMB/smbclient: (smbcl_func.inc):
SMB/transport: (cifs445.nasl):
SMB/username: (netbios_name_get.nasl):
SMB/WinXP/ServicePack: (smb_reg_service_pack_XP.nasl):
SMB/workgroup: (netbios_name_get.nasl): Name der Arbeitsgruppe/Domäne des Zielrechners
SMTP/3comnbx: (smtpserver_detect.nasl):
SMTP/domino: (smtpscan.nasl, smtpserver_detect.nasl):
SMTP/exim: (smtpscan.nasl, smtpserver_detect.nasl):
SMTP/firewall-1: (smtpscan.nasl, smtpserver_detect.nasl):
SMTP/intermail: (smtpscan.nasl, smtpserver_detect.nasl):
SMTP/interscan: (smtpscan.nasl):
SMTP/microsoft_esmtp_5: (smtpscan.nasl, smtpserver_detect.nasl): 1 = Auf dem Zielrechner läuft MS SMTP 5
smtp/*/broken: (check_smtp_helo.nasl):
smtp/*/denied: (check_smtp_helo.nasl):
smtp/*/helo: (check_smtp_helo.nasl):
smtp/*/real_banner: (smtpscan.nasl):
smtp/*/temp_denied: (check_smtp_helo.nasl):
SMTP/postfix: (smtpscan.nasl, smtpserver_detect.nasl): 1 = Auf dem Zielrechner läuft Postfix
SMTP/postoffice: (smtpscan.nasl):
SMTP/qmail: (smtpscan.nasl, smtpserver_detect.nasl): 1 = Auf dem Zielrechner läuft qmail
SMTP/sendmail: (smtpscan.nasl): 1 = Auf dem Zielrechner läuft Sendmail
SMTP/sendmail: (smtpserver_detect.nasl): 1 = Auf dem Zielrechner läuft Sendmail
SMTP/snubby: (smtpserver_detect.nasl):
SMTP/wrapped: (check_smtp_helo.nasl): 1 = Sendmail auf dem Zielrechner ist „wrapped“
SMTP/wrapped: (smtpserver_detect.nasl): 1 = Sendmail auf dem Zielrechner ist „wrapped“
SMTP/xmail: (smtpscan.nasl, smtpserver_detect.nasl):
SMTP/zmailer: (smtpserver_detect.nasl):
SNMP/community: (snmp_default_communities.nasl): Name einer gültigen SNMP-Community
SNMP/port: (snmp_default_communities.nasl):
SNMP/running: (snmp_detect.nasl):
socks/*/auth/*: (socks.nasl):
SSH/banner/*: (ssh_detect.nasl):
ssh/login/freebsdpatchlevel: (gather-package-list.nasl):
ssh/login/freebsdpkg: (gather-package-list.nasl):
ssh/login/freebsdrel: (gather-package-list.nasl):
ssh/login/gentoo: (gather-package-list.nasl):
ssh/login/packages: (gather-package-list.nasl):
ssh/login/pkg: (gather-package-list.nasl):
ssh/login/release: (gather-package-list.nasl):
ssh/login/rpms: (gather-package-list.nasl):
ssh/login/slackpack: (gather-package-list.nasl):
ssh/login/solosversion: (gather-package-list.nasl): Solaris OS Version wie von uname -r berichtet
ssh/login/solhardwaretype: (gather-package-list.nasl): Solaris Hardware Typ wie von uname -p berichtet
ssh/login/solpackages: (gather-package-list.nasl): Solaris Pakete wie von pkginfo berichtet
ssh/login/solpatches: (gather-package-list.nasl): Solaris Patches wie von showrev -p berichtet
ssh/login/uname: (gather-package-list.nasl, ssh_get_info.nasl):
SSH/supportedauth/*: (ssh_detect.nasl):
SSH/textbanner/*: (ssh_detect.nasl):
TCPScanner/NbPasses: (openvas_tcp_scanner.nes):
TCPScanner/OpenPortsNb: (openvas_tcp_scanner.nes):
TCPScanner/ClosedPortsNb: (openvas_tcp_scanner.nes):
TCPScanner/FilteredPortsNb: (openvas_tcp_scanner.nes):
TCPScanner/RSTRateLimit: (openvas_tcp_scanner.nes):
tftp/get_file: (tftp_grab_file.nes):
tftp/backdoor: (tftpd_backdoor.nasl):
tftp/*/backdoor: (tftpd_backdoor.nasl):
tftp/*/filecontent/*: (tftpd_dir_trav.nasl):
tftp/*/filename/*: (tftpd_dir_trav.nasl):
tftp/*/get_file: (tftpd_dir_trav.nasl):
tftp/*/overflow: (tftpd_overflow.nasl):
tftp/*/smalloverflow: (tftpd_small_overflow.nasl):
/tmp/cgibin: (DDI_Directory_Scanner.nasl):
/tmp/http/auth/*: (http_login.nasl):
/tmp/hydra/empty_password: (hydra_options.nasl):
/tmp/hydra/exit_ASAP: (hydra_options.nasl):
/tmp/hydra/login_password: (hydra_options.nasl):
/tmp/hydra/tasks: (hydra_options.nasl):
/tmp/hydra/timeout: (hydra_options.nasl):
/tmp/rpc/noportmap/*: (misc_func.inc):
/tmp/UnableToRun/14254: (nikto.nasl):
/tmp/UnableToRun/14255: (nmap.nasl):
/tmp/UnableToRun/14663: (amap.nasl):
/tmp/UnableToRun/91984: (ldapsearch.nasl):
/tmp/UnableToRun/80000: (ike-scan.nasl):
Transport/SSL: (find_service.nes):
webmin/*/version: (webmin.nasl):
www/abyss: (http_version.nasl):
www/akamaighost: (http_version.nasl):
www/alchemy: (http_version.nasl):
www/alibaba: (http_version.nasl):
www/allegro: (http_version.nasl):
www/anti-OpenVAS/*/rand-url: (anti_nessus.nasl):
www/anti-OpenVAS/*/user-agent: (anti_nessus.nasl):
www/anweb: (http_version.nasl):
www/aolserver: (http_version.nasl):
www/apache: (http_version.nasl): 1 = Auf dem Zielrechner läuft Apache
www/appleshareip: (http_version.nasl):
www/badblue: (http_version.nasl):
www/banner/*: (apache_SSL_complain.nasl, http_version.nasl):
www/BitKeeper: (http_version.nasl):
www/buggy_post_crash: (monkeyweb_post_DoS.nasl):
www/caudium: (http_version.nasl):
www/cern: (http_version.nasl): 1 = Auf dem Zielrechner läuft CERN httpd
www/communigatepro: (http_version.nasl):
www/communique: (http_version.nasl):
www/compaq: (http_version.nasl):
www/cougar: (http_version.nasl):
www/cups: (http_version.nasl):
www/doc_browseable: (doc_browsable.nasl):
www/domino: (http_version.nasl): 1 = Auf dem Zielrechner läuft domino
www/domino/*/db: (domino_default_db.nasl):
www/emweb: (http_version.nasl):
www/filemakerpro: (http_version.nasl):
www/firstclass: (http_version.nasl):
www/goahead: (http_version.nasl):
www/hmap/*/banner_ok: (www_fingerprinting_hmap.nasl):
www/hmap/*/banner_regex: (www_fingerprinting_hmap.nasl):
www/hmap/*/description: (www_fingerprinting_hmap.nasl):
www/hmap/*/raw_signature: (www_fingerprinting_hmap.nasl):
www/hmap/*/signature: (www_fingerprinting_hmap.nasl):
www/ibm-http: (http_version.nasl):
www/ideawebserver: (http_version.nasl):
www/iis: (http_version.nasl):
www/iplanet: (http_version.nasl):
www/ipswitch-imail: (http_version.nasl):
www/jetty: (http_version.nasl):
www/jigsaw: (http_version.nasl):
www/KFWebServer: (http_version.nasl):
www/linuxconf: (http_version.nasl):
www/miniserv: (http_version.nasl):
www/multiple_get/*: (www_multiple_get.nasl):
www/ncsa: (http_version.nasl):
www/netcache: (http_version.nasl):
www/netscape-commerce: (http_version.nasl):
www/netscape-fasttrack: (http_version.nasl):
www/netware: (http_version.nasl):
www/novell: (http_version.nasl):
www/omnihttpd: (http_version.nasl):
www/OracleApache: (http_version.nasl):
www/oracle-web-listener: (http_version.nasl):
www/pi3web: (http_version.nasl):
www/*/generic_xss: (cross_site_scripting.nasl):
www/*/punBB: (punBB_detect.nasl):
www/*/vBulletin: (vbulletin_detect.nasl):
www/*/webmin: (webmin.nasl):
www/real_banner/*: (http_version.nasl):
www/resin: (http_version.nasl):
www/roxen: (http_version.nasl):
www/sambar: (http_version.nasl):
www/savant: (http_version.nasl):
www/simpleserver: (http_version.nasl):
www/squid: (http_version.nasl):
www/statistics-server: (http_version.nasl):
www/stronghold: (http_version.nasl):
www/stweb: (http_version.nasl):
www/theserver: (http_version.nasl):
www/thttpd: (http_version.nasl):
www/tigershark: (http_version.nasl):
www/tomcat: (http_version.nasl):
www/too_big_post_crash: (monkeyweb_too_big_post.nasl):
www/too_long_url_crash: (oracle9iAS_too_long_url.nasl, ws4e_too_long_url.nasl):
www/tux: (http_version.nasl):
www/visualroute: (http_version.nasl):
www/vnc: (vnc_http.nasl):
www/vqserver: (http_version.nasl):
www/wdaemon: (http_version.nasl):
www/weblogic: (http_version.nasl):
www/webserver4everyone: (http_version.nasl):
www/websitepro: (http_version.nasl):
www/webstar: (http_version.nasl):
www/wwwfileshare: (http_version.nasl):
www/xitami: (http_version.nasl):
www/zeus: (http_version.nasl):
www/zope: (http_version.nasl):
X11/*/answer: (X.nasl):
X11/*/open: (X.nasl):
X11/*/version: (X.nasl):
xedus/*/running: (xedus_detect.nasl):
zebra/banner/*: (find_service2.nasl):
zebra/banner/*: (zebra_dos.nasl):
zonealarm/version: (zone_alarm_local_dos.nasl):

Wissensbasis