Well I wanted to get a bit more familiar with NASL (Nessus Attack Scripting Language). I've modified nessus plugins in the past but never really did much with it. I have to say I do like it, pretty easy to do testing with.
I needed a way to check a lot of webservers for their versions, and fast. So figured what the heck let me throw something together with NASL. Now this is just a stand-alone script, it will not work within the nessus framework.
(More docs to work with nessus framework are below)
This just sends a HEAD request to the webserver and greps for the server string.
This also could be easly modified to read from the socket and grab other banners. I found this would work for telnet, ftp ,ssh, etc. but for some reason I could not grab the banner from the webservers I was testing. Hence sending
"HEAD / HTTP/1.0\r\n\r\n"
If you wanted to read right from the socket without sending the HEAD command you could just comment that out and replace name w/ server.
I will be looking into this more, but this was just a quick script to get my feet wet.
#####################################################################
# Name: webserv-naslgrab.nasl #
# Description: A non-intrusive way to grab the web server version #
# by sending opening a socket to 80 and sending a #
# HEAD Request. This can be modified to use other #
# ports. #
# Version: .1 #
# Author : Devin Ertel #
# Usage : nasl -t 192.168.1-155 webserv-naslgrab.nasl #
#####################################################################
#Create tcp socket to port 80
soc = open_sock_tcp(80);
#grab host ip of current box with socket open
hostip=get_host_ip();
#if socket was created
if (soc) {
#create string and send
str = string("HEAD / HTTP/1.0\r\n\r\n");
send(socket:soc, data:str);
#grab data from the socket
name = recv(socket:soc, length:1024);
#grep for the line with server in it
server = egrep(pattern:"Server.*", string : name);
#if grep returns value
if(server){
display(server," On IP ",hostip,"\n");
}
#close socket
close(soc);
}
Links:
http://michel.arboi.free.fr/nasl2ref/
http://www.oreillynet.com/pub/a/security/2004/06/03/nessus_plugins.html
http://www.virtualblueness.net/nasl.html
Wednesday, January 11, 2006
Saturday, January 7, 2006
GPG Signature Checking w/ Debian And Apt 0.6
In new versions of apt. GPG signature checking is enabled by default. This is a good thing, allowing us trust the packages we are installing on our system. But if you recently updgraded apt it will begin to complain about not being able to find the pubkey. It should look something like this.
W: GPG error: http://mirrors.kernel.org testing Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 010908312D230C5F
Now I just recently got sick of seeing this message and decided I should really get this working for security reasons. That being said I am a bit new to this. There are many documents out there on how to get this working, I am just documenting different things I did and found. Hopefully once I fully understand the process I will clean this up.
First, you will need to have a 0.6 version of apt and gnupgp installed.
Once you have that an easy way to try and fix this problem is install the debian-keyring.
apt-get install debian-keyring
Now we can import the key using apt-key.
apt-key add /usr/share/keyrings/debian-keyring.gpg
apt-key add /usr/share/keyrings/debian-role-keys.gpg
Now I am really not sure what the difference is between them.
This fixed my message of NO_PUBKEY for ftp.nerim.net
If you don't have this in your sources.list and its a desktop. I really would add this, alot of video and media type debs that debian does not carry. Link below:
http://debian.video.free.fr
Ok, back to buisness. apt is still complaining about my kernel.org mirror.
I read somewhere that a new key will added every year on the year. Somehow I did not have that new key from the debian-keyring package. So lets go get it.
wget http://ftp-master.debian.org/ziyi_key_year.asc
Now I just added it with apt-key but you could just do it with gpg.
gpg --import ziyi_key_2006.asc
or
apt-key add ziyi_key_2006.asc
Now apt-get update and it should be fixed. Like I said earlier, I'm a little unclear about this whole process. I would have thought downloading the whole debian-keyring would have done it. It is even over kill becuase I really only needed a couple of keys.
Links:
http://www.debian-administration.org/articles/174
http://secure-testing-master.debian.net/
http://lists.debian.org/debian-user/2005/11/msg00064.html
http://moonbase.rydia.net/mental/blog/life/mixing-ubuntu-and-debian.html
W: GPG error: http://mirrors.kernel.org testing Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 010908312D230C5F
Now I just recently got sick of seeing this message and decided I should really get this working for security reasons. That being said I am a bit new to this. There are many documents out there on how to get this working, I am just documenting different things I did and found. Hopefully once I fully understand the process I will clean this up.
First, you will need to have a 0.6 version of apt and gnupgp installed.
Once you have that an easy way to try and fix this problem is install the debian-keyring.
apt-get install debian-keyring
Now we can import the key using apt-key.
apt-key add /usr/share/keyrings/debian-keyring.gpg
apt-key add /usr/share/keyrings/debian-role-keys.gpg
Now I am really not sure what the difference is between them.
This fixed my message of NO_PUBKEY for ftp.nerim.net
If you don't have this in your sources.list and its a desktop. I really would add this, alot of video and media type debs that debian does not carry. Link below:
http://debian.video.free.fr
Ok, back to buisness. apt is still complaining about my kernel.org mirror.
I read somewhere that a new key will added every year on the year. Somehow I did not have that new key from the debian-keyring package. So lets go get it.
wget http://ftp-master.debian.org/ziyi_key_year.asc
Now I just added it with apt-key but you could just do it with gpg.
gpg --import ziyi_key_2006.asc
or
apt-key add ziyi_key_2006.asc
Now apt-get update and it should be fixed. Like I said earlier, I'm a little unclear about this whole process. I would have thought downloading the whole debian-keyring would have done it. It is even over kill becuase I really only needed a couple of keys.
Links:
http://www.debian-administration.org/articles/174
http://secure-testing-master.debian.net/
http://lists.debian.org/debian-user/2005/11/msg00064.html
http://moonbase.rydia.net/mental/blog/life/mixing-ubuntu-and-debian.html
Subscribe to:
Posts (Atom)
Posts
