OpenVAS Scanner 23.40.3
nasl_builtin_find_service.c
Go to the documentation of this file.
1/* SPDX-FileCopyrightText: 2023 Greenbone AG
2 * SPDX-FileCopyrightText: 2002 Renaud Deraison
3 *
4 * SPDX-License-Identifier: GPL-2.0-only
5 */
6
7#define SMART_TCP_RW
8
9#include "../misc/kb_cache.h" /* for get_main_kb */
10#include "../misc/network.h" /* for get_encaps_through */
11#include "../misc/plugutils.h" /* for OPENVAS_ENCAPS_IP */
12#include "nasl_builtin_plugins.h"
13#include "nasl_lex_ctxt.h"
14
15#include <ctype.h> /* for tolower() */
16#include <errno.h> /* for errno() */
17#include <glib.h>
18#include <gvm/util/mqtt.h>
19#include <gvm/util/nvticache.h>
20#include <regex.h> /* for regex_t */
21#include <signal.h> /* for signal() */
22#include <stdio.h> /* for snprintf() */
23#include <stdlib.h> /* for atoi() */
24#include <string.h> /* for strstr() */
25#include <sys/time.h> /* for gettimeofday() */
26#include <sys/types.h> /* for waitpid() */
27#include <sys/wait.h> /* for waitpid() */
28#include <unistd.h> /* for usleep() */
29
30#define CERT_FILE "SSL certificate : "
31#define KEY_FILE "SSL private key : "
32#define PEM_PASS "PEM password : "
33#define CA_FILE "CA file : "
34#define CNX_TIMEOUT_PREF "Network connection timeout : "
35#define RW_TIMEOUT_PREF "Network read/write timeout : "
36#define WRAP_TIMEOUT_PREF "Wrapped service read timeout : "
37#define TEST_SSL_PREF "Test SSL based services"
38
39#define NUM_CHILDREN "Number of connections done in parallel : "
40
41// we cannot use the GNU ones due to number mismatch
42#define TLS_PRIME_UNACCEPTABLE -2
43#define TLS_FATAL_ALERT -3
44
45#undef G_LOG_DOMAIN
49#define G_LOG_DOMAIN "lib nasl"
50
51const char *oid;
52
53static void
54register_service (struct script_infos *desc, int port, const char *proto)
55{
56 char k[265];
57
58 /* Old "magical" key set */
59 snprintf (k, sizeof (k), "Services/%s", proto);
60 /* Do NOT use plug_replace_key! */
61 plug_set_key (desc, k, ARG_INT, GSIZE_TO_POINTER (port));
62
63 /*
64 * 2002-08-24 - MA - My new key set There is a problem: if
65 * register_service is called twice for a port, e.g. first with HTTP
66 * and then with SWAT, the plug_get_key function will fork. This
67 * would not happen if we registered a boolean (i.e. "known") instead
68 * of the name of the protocol. However, we *need* this name for some
69 * scripts. We'll just have to keep in mind that a fork is
70 * possible...
71 *
72 * 2005-06-01 - MA - with plug_replace_key the problem is solved, but I
73 * wonder if this is so great...
74 */
75 snprintf (k, sizeof (k), "Known/tcp/%d", port);
76 plug_replace_key (desc, k, ARG_STRING, (char *) proto);
77}
78
87static int
88regex_match (char *string, char *pattern)
89{
90 regex_t re;
91 int ret = 1;
92
93 if (regcomp (&re, pattern, REG_EXTENDED | REG_NOSUB | REG_ICASE))
94 ret = 0;
95 if (regexec (&re, string, 0, NULL, 0))
96 ret = 0;
97
98 regfree (&re);
99 return ret;
100}
101
102static void
103mark_chargen_server (struct script_infos *desc, int port)
104{
105 register_service (desc, port, "chargen");
106 post_log (oid, desc, port, "Chargen is running on this port");
107}
108
109static void
110mark_echo_server (struct script_infos *desc, int port)
111{
112 register_service (desc, port, "echo");
113 post_log (oid, desc, port, "An echo server is running on this port");
114}
115
116static void
117mark_ncacn_http_server (struct script_infos *desc, int port, char *buffer)
118{
119 char ban[256];
120 if (port == 593)
121 {
122 register_service (desc, port, "http-rpc-epmap");
123 snprintf (ban, sizeof (ban), "http-rpc-epmap/banner/%d", port);
124 plug_replace_key (desc, ban, ARG_STRING, buffer);
125 }
126 else
127 {
128 register_service (desc, port, "ncacn_http");
129 snprintf (ban, sizeof (ban), "ncacn_http/banner/%d", port);
130 plug_replace_key (desc, ban, ARG_STRING, buffer);
131 }
132}
133
134static void
135mark_vnc_server (struct script_infos *desc, int port, char *buffer)
136{
137 char ban[512];
138 register_service (desc, port, "vnc");
139 snprintf (ban, sizeof (ban), "vnc/banner/%d", port);
140 plug_replace_key (desc, ban, ARG_STRING, buffer);
141}
142
143static void
144mark_nntp_server (struct script_infos *desc, int port, char *buffer, int trp)
145{
146 char ban[512];
147 register_service (desc, port, "nntp");
148 snprintf (ban, sizeof (ban), "nntp/banner/%d", port);
149 plug_replace_key (desc, ban, ARG_STRING, buffer);
150 snprintf (ban, sizeof (ban), "An NNTP server is running on this port%s",
151 get_encaps_through (trp));
152 post_log (oid, desc, port, ban);
153}
154
155static void
156mark_swat_server (struct script_infos *desc, int port)
157{
158 register_service (desc, port, "swat");
159}
160
161static void
162mark_vqserver (struct script_infos *desc, int port)
163{
164 register_service (desc, port, "vqServer-admin");
165}
166
167static void
168mark_mldonkey (struct script_infos *desc, int port)
169{
170 char ban[512];
171 register_service (desc, port, "mldonkey");
172 snprintf (ban, sizeof (ban), "A mldonkey server is running on this port");
173 post_log (oid, desc, port, ban);
174}
175
176static void
177mark_http_server (struct script_infos *desc, int port, unsigned char *buffer,
178 int trp)
179{
180 char ban[512];
181 register_service (desc, port, "www");
182 snprintf (ban, sizeof (ban), "www/banner/%d", port);
183 plug_replace_key (desc, ban, ARG_STRING, buffer);
184 snprintf (ban, sizeof (ban), "A web server is running on this port%s",
185 get_encaps_through (trp));
186 post_log (oid, desc, port, ban);
187}
188
189static void
190mark_locked_adsubtract_server (struct script_infos *desc, int port,
191 unsigned char *buffer, int trp)
192{
193 char ban[512];
194 register_service (desc, port, "AdSubtract");
195 snprintf (ban, sizeof (ban), "AdSubtract/banner/%d", port);
196 plug_replace_key (desc, ban, ARG_STRING, buffer);
197 snprintf (ban, sizeof (ban),
198 "A (locked) AdSubtract server is running on this port%s",
199 get_encaps_through (trp));
200 post_log (oid, desc, port, ban);
201}
202
203static void
204mark_gopher_server (struct script_infos *desc, int port)
205{
206 register_service (desc, port, "gopher");
207 post_log (oid, desc, port, "A gopher server is running on this port");
208}
209
210static void
211mark_rmserver (struct script_infos *desc, int port, char *buffer, int trp)
212{
213 char ban[512];
214 register_service (desc, port, "realserver");
215 snprintf (ban, sizeof (ban), "realserver/banner/%d", port);
216 plug_replace_key (desc, ban, ARG_STRING, buffer);
217
218 snprintf (ban, sizeof (ban), "A RealMedia server is running on this port%s",
219 get_encaps_through (trp));
220 post_log (oid, desc, port, ban);
221}
222
223static void
224mark_smtp_server (struct script_infos *desc, int port, char *buffer, int trp)
225{
226 char ban[512];
227 register_service (desc, port, "smtp");
228 snprintf (ban, sizeof (ban), "smtp/banner/%d", port);
229 plug_replace_key (desc, ban, ARG_STRING, buffer);
230
231 if (strstr (buffer, " postfix"))
232 plug_replace_key (desc, "smtp/postfix", ARG_INT, (void *) 1);
233
234 {
235 char *report = g_malloc0 (255 + strlen (buffer));
236 char *t = strchr (buffer, '\n');
237 if (t)
238 t[0] = 0;
239 snprintf (report, 255 + strlen (buffer),
240 "An SMTP server is running on this port%s\n\
241Here is its banner : \n%s",
242 get_encaps_through (trp), buffer);
243 post_log (oid, desc, port, report);
244 g_free (report);
245 }
246}
247
248static void
249mark_snpp_server (struct script_infos *desc, int port, char *buffer, int trp)
250{
251 char ban[512], *report, *t;
252 register_service (desc, port, "snpp");
253 snprintf (ban, sizeof (ban), "snpp/banner/%d", port);
254 plug_replace_key (desc, ban, ARG_STRING, buffer);
255
256 report = g_malloc0 (255 + strlen (buffer));
257 t = strchr (buffer, '\n');
258 if (t != NULL)
259 *t = '\0';
260 snprintf (report, 255 + strlen (buffer),
261 "An SNPP server is running on this port%s\n\
262Here is its banner : \n%s",
263 get_encaps_through (trp), buffer);
264 post_log (oid, desc, port, report);
265 g_free (report);
266}
267
268static void
269mark_ftp_server (struct script_infos *desc, int port, char *buffer, int trp)
270{
271 register_service (desc, port, "ftp");
272
273 if (buffer != NULL)
274 {
275 char ban[255];
276
277 snprintf (ban, sizeof (ban), "ftp/banner/%d", port);
278 plug_replace_key (desc, ban, ARG_STRING, buffer);
279 }
280 if (buffer != NULL)
281 {
282 char *report = g_malloc0 (255 + strlen (buffer));
283 char *t = strchr (buffer, '\n');
284 if (t != NULL)
285 t[0] = '\0';
286 snprintf (report, 255 + strlen (buffer),
287 "An FTP server is running on this port%s.\n\
288Here is its banner : \n%s",
289 get_encaps_through (trp), buffer);
290 post_log (oid, desc, port, report);
291 g_free (report);
292 }
293 else
294 {
295 char report[255];
296 snprintf (report, sizeof (report),
297 "An FTP server is running on this port%s.",
298 get_encaps_through (trp));
299 post_log (oid, desc, port, report);
300 }
301}
302
303static void
304mark_ssh_server (struct script_infos *desc, int port, char *buffer)
305{
306 register_service (desc, port, "ssh");
307 while ((buffer[strlen (buffer) - 1] == '\n')
308 || (buffer[strlen (buffer) - 1] == '\r'))
309 buffer[strlen (buffer) - 1] = '\0';
310 post_log (oid, desc, port, "An ssh server is running on this port");
311}
312
313static void
314mark_http_proxy (struct script_infos *desc, int port, int trp)
315{
316 char ban[512];
317 /* the banner is in www/banner/port */
318 register_service (desc, port, "http_proxy");
319 snprintf (ban, sizeof (ban), "An HTTP proxy is running on this port%s",
320 get_encaps_through (trp));
321 post_log (oid, desc, port, ban);
322}
323
324static void
325mark_pop_server (struct script_infos *desc, int port, char *buffer)
326{
327 char *c = strchr (buffer, '\n');
328 char ban[512];
329 char *buffer2;
330 unsigned int i;
331
332 if (c)
333 c[0] = 0;
334 buffer2 = g_strdup (buffer);
335 for (i = 0; i < strlen (buffer2); i++)
336 buffer2[i] = tolower (buffer2[i]);
337 if (!strcmp (buffer2, "+ok"))
338 {
339 register_service (desc, port, "pop1");
340 snprintf (ban, sizeof (ban), "pop1/banner/%d", port);
341 plug_replace_key (desc, ban, ARG_STRING, buffer);
342 }
343 else if (strstr (buffer2, "pop2"))
344 {
345 register_service (desc, port, "pop2");
346 snprintf (ban, sizeof (ban), "pop2/banner/%d", port);
347 plug_replace_key (desc, ban, ARG_STRING, buffer);
348 post_log (oid, desc, port, "a pop2 server is running on this port");
349 }
350 else
351 {
352 register_service (desc, port, "pop3");
353 snprintf (ban, sizeof (ban), "pop3/banner/%d", port);
354 plug_replace_key (desc, ban, ARG_STRING, buffer);
355 post_log (oid, desc, port, "A pop3 server is running on this port");
356 }
357 g_free (buffer2);
358}
359
360static void
361mark_imap_server (struct script_infos *desc, int port, char *buffer, int trp)
362{
363 char ban[512];
364 register_service (desc, port, "imap");
365 snprintf (ban, sizeof (ban), "imap/banner/%d", port);
366 plug_replace_key (desc, ban, ARG_STRING, buffer);
367 {
368 snprintf (ban, sizeof (ban), "An IMAP server is running on this port%s",
369 get_encaps_through (trp));
370 post_log (oid, desc, port, ban);
371 }
372}
373
374static void
375mark_auth_server (struct script_infos *desc, int port)
376{
377 register_service (desc, port, "auth");
378 post_log (oid, desc, port, "An identd server is running on this port");
379}
380
381/*
382 * Postgres, MySQL & CVS pserver detection by Vincent Renardias
383 * <vincent@strongholdnet.com>
384 */
385static void
386mark_postgresql (struct script_infos *desc, int port)
387{
388 register_service (desc, port, "postgresql");
389 /* if (port != 5432) */
390 post_log (oid, desc, port, "A PostgreSQL server is running on this port");
391}
392
393static void
394mark_sphinxql (struct script_infos *desc, int port)
395{
396 register_service (desc, port, "sphinxql");
397 post_log (oid, desc, port,
398 "A Sphinx search server (MySQL listener) "
399 "seems to be running on this port");
400}
401
402static void
403mark_mysql (struct script_infos *desc, int port)
404{
405 register_service (desc, port, "mysql");
406 /* if (port != 3306) */
407 post_log (oid, desc, port, "A MySQL/MariaDB server is running on this port");
408}
409
410static void
411mark_cvspserver (struct script_infos *desc, int port)
412{
413 register_service (desc, port, "cvspserver");
414 /* if (port != 2401) */
415 post_log (oid, desc, port, "A CVS pserver server is running on this port");
416}
417
418static void
419mark_cvsupserver (struct script_infos *desc, int port)
420{
421 register_service (desc, port, "cvsup");
422 post_log (oid, desc, port, "A CVSup server is running on this port");
423}
424
425static void
426mark_cvslockserver (struct script_infos *desc, int port)
427{
428 register_service (desc, port, "cvslockserver");
429 /* if (port != 2401) */
430 post_log (oid, desc, port, "A CVSLock server server is running on this port");
431}
432
433static void
434mark_rsync (struct script_infos *desc, int port)
435{
436 register_service (desc, port, "rsync");
437 post_log (oid, desc, port, "A rsync server is running on this port");
438}
439
440static void
441mark_wild_shell (struct script_infos *desc, int port)
442{
443 register_service (desc, port, "wild_shell");
444
445 post_alarm (
446 oid, desc, port,
447 "A shell seems to be running on this port ! (this is a possible backdoor)",
448 NULL);
449}
450
451static void
452mark_telnet_server (struct script_infos *desc, int port, int trp)
453{
454 char ban[255];
455 register_service (desc, port, "telnet");
456 {
457 snprintf (ban, sizeof (ban),
458 "A telnet server seems to be running on this port%s",
459 get_encaps_through (trp));
460 post_log (oid, desc, port, ban);
461 }
462}
463
464static void
465mark_gnome14_server (struct script_infos *desc, int port, int trp)
466{
467 char ban[255];
468 register_service (desc, port, "gnome14");
469 {
470 snprintf (ban, sizeof (ban),
471 "A Gnome 1.4 server seems to be running on this port%s",
472 get_encaps_through (trp));
473 post_log (oid, desc, port, ban);
474 }
475}
476
477static void
478mark_eggdrop_server (struct script_infos *desc, int port, int trp)
479{
480 char ban[255];
481 register_service (desc, port, "eggdrop");
482 {
483 snprintf (
484 ban, sizeof (ban),
485 "An eggdrop IRC bot seems to be running a control server on this port%s",
486 get_encaps_through (trp));
487 post_log (oid, desc, port, ban);
488 }
489}
490
491static void
492mark_netbus_server (struct script_infos *desc, int port)
493{
494 register_service (desc, port, "netbus");
495 post_alarm (oid, desc, port, "NetBus is running on this port", NULL);
496}
497
498static void
499mark_linuxconf (struct script_infos *desc, int port, unsigned char *buffer)
500{
501 char ban[512];
502 register_service (desc, port, "linuxconf");
503 snprintf (ban, sizeof (ban), "linuxconf/banner/%d", port);
504 plug_replace_key (desc, ban, ARG_STRING, buffer);
505 post_log (oid, desc, port, "Linuxconf is running on this port");
506}
507
508static void
509mark_finger_server (struct script_infos *desc, int port, int trp)
510{
511 char tmp[256];
512
513 register_service (desc, port, "finger");
514
515 snprintf (tmp, sizeof (tmp),
516 "A finger server seems to be running on this port%s",
517 get_encaps_through (trp));
518 post_log (oid, desc, port, tmp);
519}
520
521static void
522mark_vtun_server (struct script_infos *desc, int port, unsigned char *banner,
523 int trp)
524{
525 char tmp[255];
526
527 snprintf (tmp, sizeof (tmp), "vtun/banner/%d", port);
528 plug_replace_key (desc, tmp, ARG_STRING, (char *) banner);
529
530 register_service (desc, port, "vtun");
531
532 if (banner == NULL)
533 {
534 snprintf (tmp, sizeof (tmp),
535 "A VTUN server seems to be running on this port%s",
536 get_encaps_through (trp));
537 }
538 else
539 snprintf (tmp, sizeof (tmp),
540 "A VTUN server seems to be running on this port%s\n"
541 "Here is its banner:\n%s\n",
542 get_encaps_through (trp), banner);
543
544 post_log (oid, desc, port, tmp);
545}
546
547static void
548mark_uucp_server (struct script_infos *desc, int port, unsigned char *banner,
549 int trp)
550{
551 char tmp[255];
552
553 snprintf (tmp, sizeof (tmp), "uucp/banner/%d", port);
554 plug_replace_key (desc, tmp, ARG_STRING, (char *) banner);
555
556 register_service (desc, port, "uucp");
557
558 snprintf (tmp, sizeof (tmp),
559 "An UUCP server seems to be running on this port%s",
560 get_encaps_through (trp));
561 post_log (oid, desc, port, tmp);
562}
563
564static void
565mark_lpd_server (struct script_infos *desc, int port, int trp)
566{
567 char tmp[255];
568
569 register_service (desc, port, "lpd");
570 snprintf (tmp, sizeof (tmp),
571 "A LPD server seems to be running on this port%s",
572 get_encaps_through (trp));
573 post_log (oid, desc, port, tmp);
574}
575
576/* http://www.lysator.liu.se/lyskom/lyskom-server/ */
577static void
578mark_lyskom_server (struct script_infos *desc, int port, int trp)
579{
580 char tmp[255];
581
582 register_service (desc, port, "lyskom");
583 snprintf (tmp, sizeof (tmp),
584 "A LysKOM server seems to be running on this port%s",
585 get_encaps_through (trp));
586 post_log (oid, desc, port, tmp);
587}
588
589/* http://www.emailman.com/ph/ */
590static void
591mark_ph_server (struct script_infos *desc, int port, int trp)
592{
593 char tmp[255];
594
595 register_service (desc, port, "ph");
596 snprintf (tmp, sizeof (tmp), "A PH server seems to be running on this port%s",
597 get_encaps_through (trp));
598 post_log (oid, desc, port, tmp);
599}
600
601static void
602mark_time_server (struct script_infos *desc, int port, int trp)
603{
604 char tmp[256];
605
606 register_service (desc, port, "time");
607 snprintf (tmp, sizeof (tmp),
608 "A time server seems to be running on this port%s",
609 get_encaps_through (trp));
610 post_log (oid, desc, port, tmp);
611}
612
613static void
614mark_ens_server (struct script_infos *desc, int port, int trp)
615{
616 char tmp[255];
617 register_service (desc, port, "iPlanetENS");
618
619 snprintf (tmp, sizeof (tmp),
620 "An iPlanet ENS (Event Notification Server) seems to be running on "
621 "this port%s",
622 get_encaps_through (trp));
623 post_log (oid, desc, port, tmp);
624}
625
626static void
627mark_citrix_server (struct script_infos *desc, int port, int trp)
628{
629 char tmp[255];
630
631 register_service (desc, port, "citrix");
632 snprintf (tmp, sizeof (tmp),
633 "a Citrix server seems to be running on this port%s",
634 get_encaps_through (trp));
635 post_log (oid, desc, port, tmp);
636}
637
638static void
639mark_giop_server (struct script_infos *desc, int port, int trp)
640{
641 char tmp[255];
642
643 register_service (desc, port, "giop");
644 snprintf (tmp, sizeof (tmp),
645 "A GIOP-enabled service is running on this port%s",
646 get_encaps_through (trp));
647
648 post_log (oid, desc, port, tmp);
649}
650
651static void
652mark_exchg_routing_server (struct script_infos *desc, int port, char *buffer,
653 int trp)
654{
655 char ban[255];
656
657 register_service (desc, port, "exchg-routing");
658 snprintf (ban, sizeof (ban), "exchg-routing/banner/%d", port);
659 plug_replace_key (desc, ban, ARG_STRING, buffer);
660 {
661 snprintf (ban, sizeof (ban),
662 "A Microsoft Exchange routing server is running on this port%s",
663 get_encaps_through (trp));
664 post_log (oid, desc, port, ban);
665 }
666}
667
668static void
669mark_tcpmux_server (struct script_infos *desc, int port, int trp)
670{
671 char msg[255];
672
673 register_service (desc, port, "tcpmux");
674 snprintf (msg, sizeof (msg),
675 "A tcpmux server seems to be running on this port%s",
676 get_encaps_through (trp));
677 post_log (oid, desc, port, msg);
678}
679
680static void
681mark_BitTorrent_server (struct script_infos *desc, int port, int trp)
682{
683 char msg[255];
684
685 register_service (desc, port, "BitTorrent");
686 snprintf (msg, sizeof (msg),
687 "A BitTorrent server seems to be running on this port%s",
688 get_encaps_through (trp));
689 post_log (oid, desc, port, msg);
690}
691
692static void
693mark_smux_server (struct script_infos *desc, int port, int trp)
694{
695 char msg[255];
696
697 register_service (desc, port, "smux");
698 snprintf (msg, sizeof (msg),
699 "A SNMP Multiplexer (smux) seems to be running on this port%s",
700 get_encaps_through (trp));
701 post_log (oid, desc, port, msg);
702}
703
704/*
705 * LISa is the LAN Information Server that comes
706 * with KDE in Mandrake Linux 9.0. Apparently
707 * it usually runs on port 7741.
708 */
709static void
710mark_LISa_server (struct script_infos *desc, int port, int trp)
711{
712 char tmp[255];
713
714 register_service (desc, port, "LISa");
715 snprintf (tmp, sizeof (tmp), "A LISa daemon is running on this port%s",
716 get_encaps_through (trp));
717
718 post_log (oid, desc, port, tmp);
719}
720
721/*
722 * msdtc is Microsoft Distributed Transaction Coordinator
723 *
724 * Thanks to jtant@shardwebdesigns.com for reporting it
725 *
726 */
727static void
728mark_msdtc_server (struct script_infos *desc, int port)
729{
730 register_service (desc, port, "msdtc");
731 post_log (oid, desc, port, "A MSDTC server is running on this port");
732}
733
734static void
735mark_pop3pw_server (struct script_infos *desc, int port, char *buffer, int trp)
736{
737 char ban[512];
738 register_service (desc, port, "pop3pw");
739 snprintf (ban, sizeof (ban), "pop3pw/banner/%d", port);
740 plug_replace_key (desc, ban, ARG_STRING, buffer);
741 snprintf (ban, sizeof (ban), "A pop3pw server is running on this port%s",
742 get_encaps_through (trp));
743 post_log (oid, desc, port, ban);
744}
745
746/*
747 * whois++ server, thanks to Adam Stephens -
748 * http://roads.sourceforge.net/index.php
749 *
750 * 00: 25 20 32 32 30 20 4c 55 54 20 57 48 4f 49 53 2b % 220 LUT WHOIS+
751 * 10: 2b 20 73 65 72 76 65 72 20 76 32 2e 31 20 72 65 + server v2.1 re
752 * 20: 61 64 79 2e 20 20 48 69 21 0d 0a 25 20 32 30 30 ady. Hi!..% 200
753 * 30: 20 53 65 61 72 63 68 69 6e 67 20 66 6f 72 20 47 Searching for G
754 * 40: 45 54 26 2f 26 48 54 54 50 2f 31 2e 30 0d 0a 25 ET&/&HTTP/1.0..%
755 * 50: 20 35 30 30 20 45 72 72 6f 72 20 70 61 72 73 69 500 Error parsi
756 * 60: 6e 67 20 42 6f 6f 6c 65 61 6e 20 65 78 70 72 65 ng Boolean expre
757 * 70: 73 73 69 6f 6e 0d 0a ssion..
758 */
759
760static void
761mark_whois_plus2_server (struct script_infos *desc, int port, char *buffer,
762 int trp)
763{
764 char ban[255];
765 register_service (desc, port, "whois++");
766 snprintf (ban, sizeof (ban), "whois++/banner/%d", port);
767 plug_replace_key (desc, ban, ARG_STRING, buffer);
768 snprintf (ban, sizeof (ban), "A whois++ server is running on this port%s",
769 get_encaps_through (trp));
770 post_log (oid, desc, port, ban);
771}
772
773/*
774 * mon server, thanks to Rafe Oxley <rafe.oxley@moving-edge.net>
775 * (http://www.kernel.org/software/mon/)
776 *
777 * An unknown server is running on this port. If you know what it is, please
778 * send this banner to the development team: 00: 35 32 30 20 63 6f 6d 6d 61 6e
779 * 64 20 63 6f 75 6c 520 command coul 10: 64 20 6e 6f 74 20 62 65 20 65 78 65 63
780 * 75 74 65 d not be execute 20: 64 0a d.
781 */
782static void
783mark_mon_server (struct script_infos *desc, int port, char *buffer, int trp)
784{
785 char ban[255];
786 register_service (desc, port, "mon");
787 snprintf (ban, sizeof (ban), "mon/banner/%d", port);
788 plug_replace_key (desc, ban, ARG_STRING, buffer);
789 snprintf (ban, sizeof (ban), "A mon server is running on this port%s",
790 get_encaps_through (trp));
791 post_log (oid, desc, port, ban);
792}
793
794static void
795mark_fw1 (struct script_infos *desc, int port, char *buffer, int trp)
796{
797 char ban[255];
798 register_service (desc, port, "cpfw1");
799 plug_replace_key (desc, ban, ARG_STRING, buffer);
800 snprintf (ban, sizeof (ban),
801 "A CheckPoint FW1 SecureRemote or FW1 FWModule server is running "
802 "on this port%s",
803 get_encaps_through (trp));
804 post_log (oid, desc, port, ban);
805}
806
807/*
808 * From: Mike Gitarev [mailto:mik@bofh.lv]
809 *
810 * http://www.psychoid.lam3rz.de
811 * 00: 3a 57 65 6c 63 6f 6d 65 21 70 73 79 42 4e 43 40 :Welcome!psyBNC@
812 * 10: 6c 61 6d 33 72 7a 2e 64 65 20 4e 4f 54 49 43 45 lam3rz.de NOTICE
813 * 20: 20 2a 20 3a 70 73 79 42 4e 43 32 2e 33 2e 31 2d * :psyBNC2.3.1-
814 * 30: 37 0d 0a 7..
815 */
816
817static void
818mark_psybnc (struct script_infos *desc, int port, char *buffer, int trp)
819{
820 char ban[255];
821 register_service (desc, port, "psybnc");
822 plug_replace_key (desc, ban, ARG_STRING, buffer);
823 snprintf (ban, sizeof (ban), "A PsyBNC IRC proxy is running on this port%s",
824 get_encaps_through (trp));
825 post_log (oid, desc, port, ban);
826}
827
828/*
829 * From "Russ Paton" <russell.paton@blueyonder.co.uk>
830 *
831 * 00: 49 43 59 20 32 30 30 20 4f 4b 0d 0a 69 63 79 2d ICY 200 OK..icy-
832 * 10: 6e 6f 74 69 63 65 31 3a 3c 42 52 3e 54 68 69 73 notice1:<BR>This
833 * 20: 20 73 74 72 65 61 6d 20 72 65 71 75 69 72 65 73 stream requires
834 */
835static void
836mark_shoutcast_server (struct script_infos *desc, int port, char *buffer,
837 int trp)
838{
839 char ban[255];
840 register_service (desc, port, "shoutcast");
841 plug_replace_key (desc, ban, ARG_STRING, buffer);
842 snprintf (ban, sizeof (ban), "A shoutcast server is running on this port%s",
843 get_encaps_through (trp));
844 post_log (oid, desc, port, ban);
845}
846
847/*
848 * From "Hendrickson, Chris" <chendric@qssmeds.com>
849 * 00: 41 64 73 47 6f 6e 65 20 42 6c 6f 63 6b 65 64 20 AdsGone Blocked
850 * 10: 48 54 4d 4c 20 41 64 HTML Ad
851 */
852
853static void
854mark_adsgone (struct script_infos *desc, int port, char *buffer, int trp)
855{
856 char ban[255];
857 register_service (desc, port, "adsgone");
858 plug_replace_key (desc, ban, ARG_STRING, buffer);
859 snprintf (
860 ban, sizeof (ban),
861 "An AdsGone (a popup banner blocking server) is running on this port%s",
862 get_encaps_through (trp));
863 post_log (oid, desc, port, ban);
864}
865
866/*
867 * Sig from harm vos <h.vos@fwn.rug.nl> :
868 *
869 * 00: 2a 20 41 43 41 50 20 28 49 4d 50 4c 45 4d 45 4e * ACAP (IMPLEMEN 10:
870 * 54 41 54 49 4f 4e 20 22 43 6f 6d 6d 75 6e 69 47 TATION "CommuniG 20: 61
871 * 74 65 20 50 72 6f 20 41 43 41 50 20 34 2e 30 ate Pro ACAP 4.0 30: 62 39
872 * 22 29 20 28 53 54 41 52 54 54 4c 53 29 20 b9") (STARTTLS) 40: 28 53 41
873 * 53 4c 20 22 4c 4f 47 49 4e 22 20 22 50 (SASL "LOGIN" "P 50: 4c 41 49 4e
874 * 22 20 22 43 52 41 4d 2d 4d 44 35 22 LAIN" "CRAM-MD5" 60: 20 22 44 49 47
875 * 45 53 54 2d 4d 44 35 22 20 22 4e "DIGEST-MD5" "N 70: 54 4c 4d 22 29 20
876 * 28 43 4f 4e 54 45 58 54 4c 49 TLM") (CONTEXTLI 80: 4d 49 54 20 22 32 30
877 * 30 22 29 0d 0a MIT "200")..
878 *
879 * The ACAP protocol allows a client (mailer) application to connect to the
880 * Server computer and upload and download the application preferences,
881 * configuration settings and other datasets (such as personal address
882 * books).
883 */
884static void
885mark_acap_server (struct script_infos *desc, int port, char *buffer, int trp)
886{
887 char ban[255];
888 register_service (desc, port, "acap");
889 snprintf (ban, sizeof (ban), "acap/banner/%d", port);
890 plug_replace_key (desc, ban, ARG_STRING, buffer);
891 {
892 snprintf (ban, sizeof (ban), "An ACAP server is running on this port%s",
893 get_encaps_through (trp));
894 post_log (oid, desc, port, ban);
895 }
896}
897
898/*
899 * Sig from Cedric Foll <cedric.foll@ac-rouen.fr>
900 *
901 *
902 * 00: 53 6f 72 72 79 2c 20 79 6f 75 20 28 31 37 32 2e Sorry, you (172. 10: 33
903 * 30 2e 31 39 32 2e 31 30 33 29 20 61 72 65 20 30.192.103)are 20: 6e 6f 74
904 * 20 61 6d 6f 6e 67 20 74 68 65 20 61 6c not among the al 30: 6c 6f 77 65 64
905 * 20 68 6f 73 74 73 2e 2e 2e 0a lowed hosts....
906 *
907 * The ACAP protocol allows a client (mailer) application to connect to the
908 * Server computer and upload and download the application preferences,
909 * configuration settings and other datasets (such as personal address
910 * books).
911 */
912static void
913mark_nagiosd_server (struct script_infos *desc, int port, int trp)
914{
915 char ban[255];
916 register_service (desc, port, "nagiosd");
917 snprintf (ban, sizeof (ban), "A nagiosd server is running on this port%s",
918 get_encaps_through (trp));
919 post_log (oid, desc, port, ban);
920}
921
922/*
923 * Sig from Michael Löffler <nimrod@n1mrod.de>
924 *
925 * 00: 5b 54 53 5d 0a 65 72 72 6f 72 0a [TS].error.
926 *
927 * That's Teamspeak2 rc2 Server - http://www.teamspeak.org/
928 */
929static void
930mark_teamspeak2_server (struct script_infos *desc, int port, int trp)
931{
932 char ban[255];
933 register_service (desc, port, "teamspeak2");
934 snprintf (ban, sizeof (ban), "A teamspeak2 server is running on this port%s",
935 get_encaps_through (trp));
936 post_log (oid, desc, port, ban);
937}
938
939/*
940 * Sig from <Gary.Crowell@experian.com>
941 *
942 *
943 *
944 *
945 * 00: 4c 61 6e 67 75 61 67 65 20 72 65 63 65 69 76 65 Language receive 10:
946 * 64 20 66 72 6f 6d 20 63 6c 69 65 6e 74 3a 20 47 d from client: G 20: 45
947 * 54 20 2f 20 48 54 54 50 2f 31 2e 30 0d 0a 53 ET / HTTP/1.0..S 30: 65 74
948 * 6c 6f 63 61 6c 65 3a 20 0a etlocale: .
949 *
950 * Port 9090 is for WEBSM, the GUI SMIT tool that AIX RMC (port 657) is
951 * configured and used with. (AIX Version 5.1)
952 */
953static void
954mark_websm_server (struct script_infos *desc, int port, int trp)
955{
956 char ban[255];
957 register_service (desc, port, "websm");
958 snprintf (ban, sizeof (ban), "A WEBSM server is running on this port%s",
959 get_encaps_through (trp));
960 post_log (oid, desc, port, ban);
961}
962
963/*
964 * From Gary Crowell :
965 * 00: 43 4e 46 47 41 50 49 CNFGAPI
966 */
967static void
968mark_ofa_express_server (struct script_infos *desc, int port, int trp)
969{
970 char ban[255];
971 register_service (desc, port, "ofa_express");
972 snprintf (ban, sizeof (ban),
973 "An OFA/Express server is running on this port%s",
974 get_encaps_through (trp));
975 post_log (oid, desc, port, ban);
976}
977
978/*
979 * From Pierre Abbat <phma@webjockey.net> 00: 53 75 53 45 20 4d 65 74 61 20
980 * 70 70 70 64 20 28 SuSE Meta pppd ( 10: 73 6d 70 70 70 64 29 2c 20 56 65 72
981 * 73 69 6f 6e smpppd), Version 20: 20 30 2e 37 38 0d 0a
982 * 0.78..
983 */
984static void
985mark_smppd_server (struct script_infos *desc, int port, int trp)
986{
987 char ban[255];
988 register_service (desc, port, "smppd");
989 snprintf (ban, sizeof (ban),
990 "A SuSE Meta pppd server is running on this port%s",
991 get_encaps_through (trp));
992 post_log (oid, desc, port, ban);
993}
994
995/*
996 * From DaLiV <daliv@apollo.lv
997 *
998 * 00: 45 52 52 20 55 4e 4b 4e 4f 57 4e 2d 43 4f 4d 4d ERR UNKNOWN-COMM
999 * 10: 41 4e 44 0a 45 52 52 20 55 4e 4b 4e 4f 57 4e 2d AND.ERR UNKNOWN-
1000 * 20: 43 4f 4d 4d 41 4e 44 0a COMMAND.
1001 */
1002static void
1003mark_upsmon_server (struct script_infos *desc, int port, int trp)
1004{
1005 char ban[255];
1006 register_service (desc, port, "upsmon");
1007 snprintf (ban, sizeof (ban),
1008 "An upsd/upsmon server is running on this port%s",
1009 get_encaps_through (trp));
1010 post_log (oid, desc, port, ban);
1011}
1012
1013/*
1014 * From Andrew Yates <pilot1_ace@hotmail.com>
1015 *
1016 * 00: 63 6f 6e 6e 65 63 74 65 64 2e 20 31 39 3a 35 31 connected. 19:51
1017 * 10: 20 2d 20 4d 61 79 20 32 35 2c 20 32 30 30 33 2c - May 25, 2003,
1018 * 20: 20 53 75 6e 64 61 79 2c 20 76 65 72 3a 20 4c 65 Sunday, ver: Le
1019 * 30: 67 65 6e 64 73 20 32 2e 31 gends 2.1
1020 */
1021static void
1022mark_sub7_server (struct script_infos *desc, int port, int trp)
1023{
1024 char ban[255];
1025 register_service (desc, port, "sub7");
1026 snprintf (ban, sizeof (ban), "The Sub7 trojan is running on this port%s",
1027 get_encaps_through (trp));
1028 post_alarm (oid, desc, port, ban, NULL);
1029}
1030
1031/*
1032 * From "Alex Lewis" <alex@sgl.org.au>
1033 *
1034 * 00: 53 50 41 4d 44 2f 31 2e 30 20 37 36 20 42 61 64 SPAMD/1.0 76 Bad
1035 * 10: 20 68 65 61 64 65 72 20 6c 69 6e 65 3a 20 47 45 header line: GE
1036 * 20: 54 20 2f 20 48 54 54 50 2f 31 2e 30 0d 0d 0a T /
1037 */
1038static void
1039mark_spamd_server (struct script_infos *desc, int port, int trp)
1040{
1041 char ban[255];
1042 register_service (desc, port, "spamd");
1043 snprintf (ban, sizeof (ban),
1044 "a spamd server (part of spamassassin) is running on this port%s",
1045 get_encaps_through (trp));
1046 post_log (oid, desc, port, ban);
1047}
1048
1049/* Thanks to Mike Blomgren */
1050static void
1051mark_quicktime_streaming_server (struct script_infos *desc, int port, int trp)
1052{
1053 char ban[255];
1054 register_service (desc, port, "quicktime-streaming-server");
1055 snprintf (ban, sizeof (ban),
1056 "a quicktime streaming server is running on this port%s",
1057 get_encaps_through (trp));
1058 post_log (oid, desc, port, ban);
1059}
1060
1061/* Thanks to Allan <als@bpal.com> */
1062static void
1063mark_dameware_server (struct script_infos *desc, int port, int trp)
1064{
1065 char ban[255];
1066 register_service (desc, port, "dameware");
1067 snprintf (ban, sizeof (ban), "a dameware server is running on this port%s",
1068 get_encaps_through (trp));
1069 post_log (oid, desc, port, ban);
1070}
1071
1072static void
1073mark_stonegate_auth_server (struct script_infos *desc, int port, int trp)
1074{
1075 char ban[255];
1076 register_service (desc, port, "SG_ClientAuth");
1077 snprintf (ban, sizeof (ban),
1078 "a StoneGate authentication server is running on this port%s",
1079 get_encaps_through (trp));
1080 post_log (oid, desc, port, ban);
1081}
1082
1083static void
1084mark_listserv_server (struct script_infos *desc, int port, int trp)
1085{
1086 char ban[255];
1087 register_service (desc, port, "listserv");
1088 {
1089 snprintf (ban, sizeof (ban),
1090 "A LISTSERV daemon seems to be running on this port%s",
1091 get_encaps_through (trp));
1092 post_log (oid, desc, port, ban);
1093 }
1094}
1095
1096static void
1097mark_fssniffer (struct script_infos *desc, int port, int trp)
1098{
1099 char ban[255];
1100 register_service (desc, port, "FsSniffer");
1101 {
1102 snprintf (ban, sizeof (ban),
1103 "A FsSniffer backdoor seems to be running on this port%s",
1104 get_encaps_through (trp));
1105 post_alarm (oid, desc, port, ban, NULL);
1106 }
1107}
1108
1109static void
1110mark_remote_nc_server (struct script_infos *desc, int port, int trp)
1111{
1112 char ban[255];
1113 register_service (desc, port, "RemoteNC");
1114 {
1115 snprintf (ban, sizeof (ban),
1116 "A RemoteNC backdoor seems to be running on this port%s",
1117 get_encaps_through (trp));
1118 post_log (oid, desc, port, ban);
1119 }
1120}
1121
1122/* Do not use register_service for unknown and wrapped services! */
1123
1124static void
1125mark_wrapped_svc (struct script_infos *desc, int port, int delta)
1126{
1127 char msg[256];
1128
1129 snprintf (msg, sizeof (msg),
1130 "The service closed the connection after %d seconds "
1131 "without sending any data\n"
1132 "It might be protected by some TCP wrapper\n",
1133 delta);
1134 post_log (oid, desc, port, msg);
1135 /* Do NOT use plug_replace_key! */
1136 plug_set_key (desc, "Services/wrapped", ARG_INT, GSIZE_TO_POINTER (port));
1137}
1138
1139static const char *
1140port_to_name (int port)
1141{
1142 /* Note: only includes services that are recognized by this plugin! */
1143 switch (port)
1144 {
1145 case 7:
1146 return "Echo";
1147 case 19:
1148 return "Chargen";
1149 case 21:
1150 return "FTP";
1151 case 22:
1152 return "SSH";
1153 case 23:
1154 return "Telnet";
1155 case 25:
1156 return "SMTP";
1157 case 37:
1158 return "Time";
1159 case 70:
1160 return "Gopher";
1161 case 79:
1162 return "Finger";
1163 case 80:
1164 return "HTTP";
1165 case 98:
1166 return "Linuxconf";
1167 case 109:
1168 return "POP2";
1169 case 110:
1170 return "POP3";
1171 case 113:
1172 return "AUTH";
1173 case 119:
1174 return "NNTP";
1175 case 143:
1176 return "IMAP";
1177 case 220:
1178 return "IMAP3";
1179 case 443:
1180 return "HTTPS";
1181 case 465:
1182 return "SMTPS";
1183 case 563:
1184 return "NNTPS";
1185 case 593:
1186 return "Http-Rpc-Epmap";
1187 case 873:
1188 return "Rsyncd";
1189 case 901:
1190 return "SWAT";
1191 case 993:
1192 return "IMAPS";
1193 case 995:
1194 return "POP3S";
1195 case 1109:
1196 return "KPOP"; /* ? */
1197 case 2309:
1198 return "Compaq Management Server";
1199 case 2401:
1200 return "CVSpserver";
1201 case 3128:
1202 return "Squid";
1203 case 3306:
1204 return "MySQL/MariaDB";
1205 case 5000:
1206 return "VTUN";
1207 case 5432:
1208 return "PostgreSQL";
1209 case 8080:
1210 return "HTTP-Alt";
1211 }
1212 return NULL;
1213}
1214
1215static void
1216mark_unknown_svc (struct script_infos *desc, int port,
1217 const unsigned char *banner, int trp)
1218{
1219 char tmp[1600], *norm = NULL;
1220
1221 /* Do NOT use plug_replace_key! */
1222 plug_set_key (desc, "Services/unknown", ARG_INT, GSIZE_TO_POINTER (port));
1223 snprintf (tmp, sizeof (tmp), "unknown/banner/%d", port);
1224 plug_replace_key (desc, tmp, ARG_STRING, (char *) banner);
1225
1226 norm = (char *) port_to_name (port);
1227 *tmp = '\0';
1228 if (norm != NULL)
1229 {
1230 snprintf (tmp, sizeof (tmp),
1231 "An unknown service is running on this port%s.\n"
1232 "It is usually reserved for %s",
1233 get_encaps_through (trp), norm);
1234 }
1235 if (*tmp != '\0')
1236 post_log (oid, desc, port, tmp);
1237}
1238
1239static void
1240mark_gnuserv (struct script_infos *desc, int port)
1241{
1242 register_service (desc, port, "gnuserv");
1243 post_log (oid, desc, port, "gnuserv is running on this port");
1244}
1245
1246static void
1247mark_iss_realsecure (struct script_infos *desc, int port)
1248{
1249 register_service (desc, port, "issrealsecure");
1250 post_log (oid, desc, port, "ISS RealSecure is running on this port");
1251}
1252
1253static void
1254mark_vmware_auth (struct script_infos *desc, int port, char *buffer, int trp)
1255{
1256 char ban[512];
1257
1258 register_service (desc, port, "vmware_auth");
1259
1260 snprintf (ban, sizeof (ban),
1261 "A VMWare authentication daemon is running on this port%s:\n%s",
1262 get_encaps_through (trp), buffer);
1263 post_log (oid, desc, port, ban);
1264}
1265
1266static void
1267mark_interscan_viruswall (struct script_infos *desc, int port, char *buffer,
1268 int trp)
1269{
1270 char ban[512];
1271
1272 register_service (desc, port, "interscan_viruswall");
1273
1274 snprintf (ban, sizeof (ban),
1275 "An interscan viruswall is running on this port%s:\n%s",
1276 get_encaps_through (trp), buffer);
1277 post_log (oid, desc, port, ban);
1278}
1279
1280static void
1281mark_ppp_daemon (struct script_infos *desc, int port, int trp)
1282{
1283 char ban[512];
1284
1285 register_service (desc, port, "pppd");
1286
1287 snprintf (ban, sizeof (ban), "A PPP daemon is running on this port%s",
1288 get_encaps_through (trp));
1289 post_log (oid, desc, port, ban);
1290}
1291
1292static void
1293mark_zebra_server (struct script_infos *desc, int port, char *buffer, int trp)
1294{
1295 char ban[512];
1296
1297 register_service (desc, port, "zebra");
1298 snprintf (ban, sizeof (ban), "zebra/banner/%d", port);
1299 plug_replace_key (desc, ban, ARG_STRING, buffer);
1300 snprintf (ban, sizeof (ban),
1301 "A zebra daemon (bgpd or zebrad) is running on this port%s",
1302 get_encaps_through (trp));
1303 post_log (oid, desc, port, ban);
1304}
1305
1306static void
1307mark_ircxpro_admin_server (struct script_infos *desc, int port, int trp)
1308{
1309 char ban[512];
1310
1311 register_service (desc, port, "ircxpro_admin");
1312
1313 snprintf (ban, sizeof (ban),
1314 "An IRCXPro administrative server is running on this port%s",
1315 get_encaps_through (trp));
1316 post_log (oid, desc, port, ban);
1317}
1318
1319static void
1320mark_gnocatan_server (struct script_infos *desc, int port, int trp)
1321{
1322 char ban[512];
1323
1324 register_service (desc, port, "gnocatan");
1325
1326 snprintf (ban, sizeof (ban),
1327 "A gnocatan game server is running on this port%s",
1328 get_encaps_through (trp));
1329 post_log (oid, desc, port, ban);
1330}
1331
1332/* Thanks to Owell Crow */
1333static void
1334mark_pbmaster_server (struct script_infos *desc, int port, char *buffer,
1335 int trp)
1336{
1337 char ban[512];
1338
1339 register_service (desc, port, "power-broker-master");
1340
1341 snprintf (ban, sizeof (ban),
1342 "A PowerBroker master server is running on this port%s:\n%s",
1343 get_encaps_through (trp), buffer);
1344 post_log (oid, desc, port, ban);
1345}
1346
1347/* Thanks to Paulo Jorge */
1348static void
1349mark_dictd_server (struct script_infos *desc, int port, char *buffer, int trp)
1350{
1351 char ban[512];
1352
1353 register_service (desc, port, "dicts");
1354
1355 snprintf (ban, sizeof (ban), "A dictd server is running on this port%s:\n%s",
1356 get_encaps_through (trp), buffer);
1357 post_log (oid, desc, port, ban);
1358}
1359
1360/* Thanks to Tony van Lingen */
1361static void
1362mark_pnsclient (struct script_infos *desc, int port, int trp)
1363{
1364 char ban[512];
1365
1366 register_service (desc, port, "pNSClient");
1367
1368 snprintf (ban, sizeof (ban),
1369 "A Netsaint plugin (pNSClient.exe) is running on this port%s",
1370 get_encaps_through (trp));
1371 post_log (oid, desc, port, ban);
1372}
1373
1374/* Thanks to Jesus D. Munoz */
1375static void
1376mark_veritas_backup (struct script_infos *desc, int port, int trp)
1377{
1378 char ban[512];
1379 register_service (desc, port, "VeritasNetBackup");
1380
1381 snprintf (ban, sizeof (ban), "VeritasNetBackup is running on this port%s",
1382 get_encaps_through (trp));
1383 post_log (oid, desc, port, ban);
1384}
1385
1386static void
1387mark_pblocald_server (struct script_infos *desc, int port, char *buffer,
1388 int trp)
1389{
1390 char ban[512];
1391
1392 register_service (desc, port, "power-broker-master");
1393
1394 snprintf (ban, sizeof (ban),
1395 "A PowerBroker locald server is running on this port%s:\n%s",
1396 get_encaps_through (trp), buffer);
1397 post_log (oid, desc, port, ban);
1398}
1399
1400static void
1401mark_jabber_server (struct script_infos *desc, int port, int trp)
1402{
1403 char ban[255];
1404 register_service (desc, port, "jabber");
1405 snprintf (ban, sizeof (ban),
1406 "jabber daemon seems to be running on this port%s",
1407 get_encaps_through (trp));
1408 post_log (oid, desc, port, ban);
1409}
1410
1411static void
1412mark_avotus_mm_server (struct script_infos *desc, int port, char *buffer,
1413 int trp)
1414{
1415 char ban[512];
1416
1417 register_service (desc, port, "avotus_mm");
1418
1419 snprintf (ban, sizeof (ban),
1420 "An avotus 'mm' server is running on this port%s:\n%s",
1421 get_encaps_through (trp), buffer);
1422 post_log (oid, desc, port, ban);
1423}
1424
1425static void
1426mark_socks_proxy (struct script_infos *desc, int port, int ver)
1427{
1428 char str[256];
1429
1430 snprintf (str, sizeof (str), "socks%d", ver);
1431 register_service (desc, port, str);
1432 snprintf (str, sizeof (str), "A SOCKS%d proxy is running on this port. ",
1433 ver);
1434 post_log (oid, desc, port, str);
1435}
1436
1437static void
1438mark_direct_connect_hub (struct script_infos *desc, int port, int trp)
1439{
1440 char str[256];
1441
1442 register_service (desc, port, "DirectConnectHub");
1443 snprintf (str, sizeof (str), "A Direct Connect Hub is running on this port%s",
1444 get_encaps_through (trp));
1445 post_log (oid, desc, port, str);
1446}
1447
1448static void
1449mark_mongodb (struct script_infos *desc, int port)
1450{
1451 register_service (desc, port, "mongodb");
1452 post_log (oid, desc, port, "A MongoDB server is running on this port");
1453}
1454
1455/*
1456 * We determine if the 4 bytes we received look like a date. We
1457 * accept clocks desynched up to 3 years;
1458 *
1459 * MA 2002-09-09 : time protocol (RFC 738) returns number of seconds since
1460 * 1900-01-01, while time() returns nb of sec since 1970-01-01.
1461 * The difference is 2208988800 seconds.
1462 * By the way, although the RFC is imprecise, it seems that the returned
1463 * integer is in "network byte order" (i.e. big endian)
1464 */
1465#define MAX_SHIFT (3 * 365 * 86400)
1466#define DIFF_1970_1900 2208988800U
1467
1468static int
1469may_be_time (time_t *rtime)
1470{
1471#ifndef ABS
1472#define ABS(x) (((x) < 0) ? -(x) : (x))
1473#endif
1474 time_t now = time (NULL);
1475 int rt70 = ntohl (*rtime) - DIFF_1970_1900;
1476
1477 if (ABS (now - rt70) < MAX_SHIFT)
1478 return 1;
1479 else
1480 return 0;
1481}
1482
1483static int
1484retry_stream_connection (int test_ssl, struct script_infos *desc, int port,
1485 int timeout, int *trp)
1486{
1487 const char *p = "NORMAL:+ARCFOUR-128:%COMPAT";
1488 const char *lp = "LEGACY:%COMPAT:%UNSAFE_RENEGOTIATION";
1489 int cnx;
1490
1491 if (test_ssl)
1492 *trp = OPENVAS_ENCAPS_TLScustom;
1493 else
1494 *trp = OPENVAS_ENCAPS_IP;
1495
1496 cnx = open_stream_connection (desc, port, *trp, timeout);
1497 if (test_ssl)
1498 {
1499 switch (cnx)
1500 {
1501 case TLS_PRIME_UNACCEPTABLE:
1502 // retry with insecure bit
1503 g_debug ("%s: NO_PRIORITY_FLAGS failed, retrying with "
1504 "INSECURE_DH_PRIME_BITS",
1505 __func__);
1506 cnx = open_stream_connection_ext (desc, port, *trp, timeout, p,
1507 INSECURE_DH_PRIME_BITS);
1508 if (cnx >= 0)
1509 {
1510 open_stream_tls_default_priorities (p, INSECURE_DH_PRIME_BITS);
1511 }
1512 break;
1513 case TLS_FATAL_ALERT:
1514 // retry with legacy option
1515 g_debug ("%s: %s failed, retrying with %s", __func__, p, lp);
1516 cnx = open_stream_connection_ext (desc, port, *trp, timeout, lp,
1517 NO_PRIORITY_FLAGS);
1518 if (cnx >= 0)
1519 {
1520 open_stream_tls_default_priorities (lp, NO_PRIORITY_FLAGS);
1521 }
1522 break;
1523 default:
1524 // do nothing
1525 break;
1526 }
1527 // verify if retries went successful and if not retry without tls
1528 if (cnx < 0)
1529 {
1530 g_debug ("%s: unable to establish a TLS connection to %s; falling "
1531 "back to unencrypted connection",
1532 __func__, plug_get_host_fqdn (desc));
1533 *trp = OPENVAS_ENCAPS_IP;
1534 cnx = open_stream_connection (desc, port, *trp, timeout);
1535 }
1536 }
1537
1538 return cnx;
1539}
1540
1541static int
1542plugin_do_run (struct script_infos *desc, GSList *h, int test_ssl)
1543{
1544 char *head = "Ports/tcp/", *host_fqdn;
1545 u_short unknown[65535];
1546 int num_unknown = 0;
1547 size_t len_head = strlen (head);
1548
1549 int rw_timeout = 20, cnx_timeout = 20, wrap_timeout = 20;
1550 int x, timeout;
1551 char *rw_timeout_s = get_plugin_preference (oid, RW_TIMEOUT_PREF, -1);
1552 char *cnx_timeout_s = get_plugin_preference (oid, CNX_TIMEOUT_PREF, -1);
1553 char *wrap_timeout_s = get_plugin_preference (oid, WRAP_TIMEOUT_PREF, -1);
1554 unsigned char *p;
1555 fd_set rfds, wfds;
1556 struct timeval tv;
1557 char k[32], *http_get;
1558
1559 host_fqdn = plug_get_host_fqdn (desc);
1560 http_get = g_strdup_printf ("GET / HTTP/1.0\r\nHost: %s\r\n\r\n", host_fqdn);
1561 g_free (host_fqdn);
1562
1563 if (rw_timeout_s != NULL && (x = atoi (rw_timeout_s)) > 0)
1564 rw_timeout = x;
1565 if (cnx_timeout_s != NULL && (x = atoi (cnx_timeout_s)) > 0)
1566 cnx_timeout = x;
1567 if (wrap_timeout_s != NULL && (x = atoi (wrap_timeout_s)) >= 0)
1568 wrap_timeout = x;
1569
1570 bzero (unknown, sizeof (unknown));
1571
1572 while (h)
1573 {
1574 if ((strlen (h->data) > len_head) && !strncmp (h->data, head, len_head))
1575 {
1576 int cnx;
1577 char *line;
1578 char *origline;
1579 int trp;
1580 char buffer[2049];
1581 unsigned char *banner = NULL, *bannerHex = NULL;
1582 size_t banner_len, i;
1583 int port = atoi ((const char *) h->data + len_head);
1584 int flg = 0;
1585 int unindentified_service = 0;
1586 int three_digits = 0;
1587 int maybe_wrapped = 0;
1588 char kb[64];
1589 int get_sent = 0;
1590 struct timeval tv1, tv2;
1591 int diff_tv = 0, diff_tv2 = 0;
1592 int type, no_banner_grabbed = 0;
1593
1594#define DIFFTV1000(t1, t2) \
1595 ((t1.tv_sec - t2.tv_sec) * 1000 + (t1.tv_usec - t2.tv_usec) / 1000)
1596
1597 bzero (buffer, sizeof (buffer));
1598 banner_len = 0;
1599 snprintf (kb, sizeof (kb), "BannerHex/%d", port);
1600 bannerHex = plug_get_key (desc, kb, &type, NULL, 0);
1601 if (type == ARG_STRING && bannerHex != NULL && bannerHex[0] != '\0')
1602 {
1603 int c1, c2;
1604 unsigned int j;
1605 banner_len = strlen ((char *) bannerHex) / 2;
1606 if (banner_len >= sizeof (buffer))
1607 banner_len = sizeof (buffer) - 1;
1608 for (j = 0; j < banner_len; j++)
1609 {
1610 c1 = bannerHex[2 * j];
1611 if (c1 >= 0 && c1 <= 9)
1612 c1 -= '0';
1613 else if (c1 >= 'a' && c1 <= 'f')
1614 c1 -= 'a';
1615 else if (c1 >= 'A' && c1 <= 'F')
1616 c1 -= 'A';
1617 else
1618 banner_len = 0; /* Invalid value */
1619 c2 = bannerHex[2 * j + 1];
1620 if (c2 >= 0 && c2 <= 9)
1621 c2 -= '0';
1622 else if (c2 >= 'a' && c2 <= 'f')
1623 c2 -= 'a';
1624 else if (c2 >= 'A' && c2 <= 'F')
1625 c2 -= 'A';
1626 else
1627 banner_len = 0; /* Invalid value */
1628 buffer[j] = c1 << 4 | c2;
1629 }
1630 buffer[j] = '\0';
1631 if (banner_len > 0)
1632 banner = (unsigned char *) buffer;
1633 }
1634 g_free (bannerHex);
1635 if (banner_len == 0)
1636 {
1637 snprintf (kb, sizeof (kb), "Banner/%d", port);
1638 banner = plug_get_key (desc, kb, &type, NULL, 0);
1639 if (banner)
1640 banner_len = strlen ((char *) banner);
1641 }
1642 if (banner_len > 0)
1643 {
1644 cnx = -1;
1645 trp = OPENVAS_ENCAPS_IP;
1646 }
1647 else
1648 {
1649 if (banner != NULL)
1650 {
1651 g_free (banner);
1652 banner = NULL;
1653 }
1654 gettimeofday (&tv1, NULL);
1655 cnx = retry_stream_connection (test_ssl, desc, port, cnx_timeout,
1656 &trp);
1657 gettimeofday (&tv2, NULL);
1658 diff_tv = DIFFTV1000 (tv2, tv1);
1659 }
1660
1661 if (cnx >= 0 || banner_len > 0)
1662 {
1663 int line_len, realfd = -1;
1664 size_t len;
1665
1666 if (cnx >= 0)
1667 {
1668 realfd = openvas_get_socket_from_connection (cnx);
1669 snprintf (k, sizeof (k), "FindService/CnxTime1000/%d", port);
1670 plug_replace_key (desc, k, ARG_INT,
1671 GSIZE_TO_POINTER (diff_tv));
1672 snprintf (k, sizeof (k), "FindService/CnxTime/%d", port);
1673 plug_replace_key (
1674 desc, k, ARG_INT,
1675 GSIZE_TO_POINTER (((diff_tv + 500) / 1000)));
1676 if (diff_tv / 1000 > cnx_timeout)
1677 plug_replace_key (desc, "/tmp/SlowFindService", ARG_INT,
1678 GSIZE_TO_POINTER (1));
1679 }
1680 plug_set_port_transport (desc, port, trp);
1681 (void) stream_set_timeout (port, rw_timeout);
1682
1683 if (IS_ENCAPS_SSL (trp))
1684 {
1685 char report[160];
1686 snprintf (report, sizeof (report),
1687 "A %s server answered on this port\n",
1688 get_encaps_name (trp));
1689 post_log (oid, desc, port, report);
1690 plug_set_key (desc, "Transport/SSL", ARG_INT,
1691 GSIZE_TO_POINTER (port));
1692 }
1693
1694 len = 0;
1695 timeout = 0;
1696 if (banner_len > 0)
1697 {
1698 len = banner_len;
1699 if (banner != (unsigned char *) buffer)
1700 {
1701 if (len >= sizeof (buffer))
1702 len = sizeof (buffer) - 1;
1703 memcpy (buffer, banner, len);
1704 buffer[len] = '\0';
1705 }
1706 }
1707 else
1708 {
1709 snprintf (kb, sizeof (kb), "/tmp/NoBanner/%d", port);
1710 p = plug_get_key (desc, kb, &type, NULL, 0);
1711 if (p != NULL)
1712 {
1713 if (type == ARG_INT)
1714 no_banner_grabbed = GPOINTER_TO_SIZE (p);
1715 else if (type == ARG_STRING)
1716 no_banner_grabbed = atoi ((char *) p);
1717 }
1718 g_free (p);
1719
1720 if (!no_banner_grabbed)
1721 {
1722#ifdef SMART_TCP_RW
1723 if (trp == OPENVAS_ENCAPS_IP && realfd >= 0)
1724 {
1725 select_again:
1726 FD_ZERO (&rfds);
1727 FD_ZERO (&wfds);
1728 FD_SET (realfd, &rfds);
1729 FD_SET (realfd, &wfds);
1730
1731 (void) gettimeofday (&tv1, NULL);
1732 tv.tv_usec = 0;
1733 tv.tv_sec = rw_timeout;
1734 x = select (realfd + 1, &rfds, &wfds, NULL, &tv);
1735 if (x < 0)
1736 {
1737 if (errno == EINTR)
1738 goto select_again;
1739 perror ("select");
1740 }
1741 else if (x == 0)
1742 timeout = 1;
1743 else if (x > 0)
1744 {
1745 if (FD_ISSET (realfd, &rfds))
1746 {
1747 len = read_stream_connection_min (
1748 cnx, buffer, 1, sizeof (buffer) - 2);
1749 }
1750 }
1751 (void) gettimeofday (&tv2, NULL);
1752 diff_tv = DIFFTV1000 (tv2, tv1);
1753 }
1754 }
1755 else
1756 { /* No banner was found
1757 * by openvas_tcp_scanner */
1758 len = 0;
1759 timeout = 0;
1760 }
1761
1762 if (len <= 0 && !timeout)
1763#endif
1764 {
1765 write_stream_connection (cnx, http_get,
1766 strlen (http_get));
1767 (void) gettimeofday (&tv1, NULL);
1768 get_sent = 1;
1769 buffer[sizeof (buffer) - 1] = '\0';
1770 len = read_stream_connection (cnx, buffer,
1771 sizeof (buffer) - 1);
1772#if 1
1773 /*
1774 * Try to work around broken
1775 * web server (or "magic
1776 * read" bug??)
1777 */
1778 if (len > 0 && len < 8
1779 && strncmp (buffer, "HTTP/1.", len) == 0)
1780 {
1781 int len2 = read_stream_connection (
1782 cnx, buffer + len, sizeof (buffer) - 1 - len);
1783 if (len2 > 0)
1784 len += len2;
1785 }
1786#endif
1787 (void) gettimeofday (&tv2, NULL);
1788 diff_tv = DIFFTV1000 (tv2, tv1);
1789 }
1790 if (len > 0)
1791 {
1792 snprintf (k, sizeof (k), "FindService/RwTime1000/%d",
1793 port);
1794 plug_replace_key (desc, k, ARG_INT,
1795 GSIZE_TO_POINTER (diff_tv));
1796 snprintf (k, sizeof (k), "FindService/RwTime/%d", port);
1797 plug_replace_key (
1798 desc, k, ARG_INT,
1799 GSIZE_TO_POINTER ((diff_tv + 500) / 1000));
1800 if (diff_tv / 1000 > rw_timeout)
1801 plug_replace_key (desc, "/tmp/SlowFindService", ARG_INT,
1802 GSIZE_TO_POINTER (1));
1803 }
1804 }
1805
1806 if (len > 0)
1807 {
1808 char *t;
1809 banner = g_malloc0 (len + 1);
1810 memcpy (banner, buffer, len);
1811 banner[len] = '\0';
1812
1813 for (i = 0; i < len; i++)
1814 buffer[i] = (buffer[i] == '\0') ? 'x' : tolower (buffer[i]);
1815
1816 line = g_strdup (buffer);
1817
1818 t = strchr (line, '\n');
1819 if (t)
1820 t[0] = '\0';
1821 if (isdigit (banner[0]) && isdigit (banner[1])
1822 && isdigit (banner[2])
1823 && (banner[3] == '\0' || isspace (banner[3])
1824 || banner[3] == '-'))
1825 {
1826 /*
1827 * Do NOT use
1828 * plug_replace_key!
1829 */
1830 plug_set_key (desc, "Services/three_digits", ARG_INT,
1831 GSIZE_TO_POINTER (port));
1832 /*
1833 * Do *not* set
1834 * Known/tcp/<port> to
1835 * "three_digits": the
1836 * service must remain
1837 * "unknown"
1838 */
1839 three_digits = 1;
1840 }
1841 if (get_sent)
1842 snprintf (kb, sizeof (kb), "FindService/tcp/%d/get_http",
1843 port);
1844 else
1845 snprintf (kb, sizeof (kb), "FindService/tcp/%d/spontaneous",
1846 port);
1847 plug_replace_key (desc, kb, ARG_STRING, banner);
1848
1849 {
1850 char buf2[sizeof (buffer) * 2 + 1];
1851 int flag = 0;
1852 unsigned int y;
1853
1854 strcat (kb, "Hex");
1855
1856 if (len >= sizeof (buffer))
1857 len = sizeof (buffer);
1858
1859 for (y = 0; y < len; y++)
1860 {
1861 snprintf (buf2 + 2 * y, sizeof (buf2) - (2 * y), "%02x",
1862 (unsigned char) banner[y]);
1863 if (banner[y] == '\0')
1864 flag = 1;
1865 }
1866 buf2[2 * y] = '\0';
1867 if (flag)
1868 plug_replace_key (desc, kb, ARG_STRING, buf2);
1869 }
1870
1871 origline = g_strdup ((char *) banner);
1872 t = strchr (origline, '\n');
1873 if (t)
1874 t[0] = '\0';
1875 line_len = strlen (origline);
1876
1877 /*
1878 * Many services run on the top of an HTTP protocol,
1879 * so the HTTP test is not an 'ELSE ... IF'
1880 */
1881 if ((!strncmp (line, "http/1.", 7)
1882 || strstr ((char *) banner,
1883 "<title>Not supported</title>")))
1884 { /* <- broken hp
1885 * jetdirect */
1886 flg++;
1887 if (!(port == 5000
1888 && (strstr (line, "http/1.1 400 bad request")
1889 != NULL))
1890 && !(strncmp (line, "http/1.0 403 forbidden",
1891 strlen ("http/1.0 403 forbidden"))
1892 == 0
1893 && strstr (buffer, "server: adsubtract") != NULL)
1894 && !(strstr (
1895 buffer,
1896 "it looks like you are trying to access "
1897 "mongodb over http on the native driver port.")
1898 != NULL
1899 && strstr (buffer, "content-length: 84")
1900 != NULL))
1901 mark_http_server (desc, port, banner, trp);
1902 }
1903 /*
1904 * RFC 854 defines commands between 240 and 254
1905 * shouldn't we look for them too?
1906 */
1907 if (((u_char) buffer[0] == 255)
1908 && (((u_char) buffer[1] == 251)
1909 || ((u_char) buffer[1] == 252)
1910 || ((u_char) buffer[1] == 253)
1911 || ((u_char) buffer[1] == 254)))
1912 mark_telnet_server (desc, port, trp);
1913 else if (((u_char) buffer[0] == 0)
1914 && ((u_char) buffer[1] == 1)
1915 && ((u_char) buffer[2] == 1)
1916 && ((u_char) buffer[3] == 0))
1917 mark_gnome14_server (desc, port, trp);
1918 else if (strncmp (line, "http/1.0 403 forbidden",
1919 strlen ("http/1.0 403 forbidden"))
1920 == 0
1921 && strstr (buffer, "server: adsubtract") != NULL)
1922 {
1923 mark_locked_adsubtract_server (desc, port, banner, trp);
1924 }
1925 else if (strstr ((char *) banner, "Eggdrop") != NULL
1926 && strstr ((char *) banner, "Eggheads") != NULL)
1927 mark_eggdrop_server (desc, port, trp);
1928 else if (strncmp (line, "$lock ", strlen ("$lock ")) == 0)
1929 mark_direct_connect_hub (desc, port, trp);
1930 else if (len > 34 && strstr (&(buffer[34]), "iss ecnra"))
1931 mark_iss_realsecure (desc, port);
1932 else if (len == 4 && origline[0] == 'Q' && origline[1] == 0
1933 && origline[2] == 0 && origline[3] == 0)
1934 mark_fw1 (desc, port, origline, trp);
1935 else if (strstr (line, "adsgone blocked html ad") != NULL)
1936 mark_adsgone (desc, port, origline, trp);
1937 else if (strncmp (line, "icy 200 ok", strlen ("icy 200 ok"))
1938 == 0)
1939 mark_shoutcast_server (desc, port, origline, trp);
1940 else if ((!strncmp (line, "200", 3)
1941 && (strstr (line,
1942 "running eudora internet mail server")))
1943 || (strstr (line, "+ok applepasswordserver")
1944 != NULL))
1945 mark_pop3pw_server (desc, port, origline, trp);
1946 else if ((strstr (line, "smtp")
1947 || strstr (line, "simple mail transfer")
1948 || strstr (line, "mail server")
1949 || strstr (line, "messaging")
1950 || strstr (line, "Weasel"))
1951 && !strncmp (line, "220", 3))
1952 mark_smtp_server (desc, port, origline, trp);
1953 else if (strstr (line, "220 ***************")
1954 || strstr (line, "220 eSafe@")) /* CISCO SMTP (?) -
1955 * see bug #175 */
1956 mark_smtp_server (desc, port, origline, trp);
1957 else if (strstr (line, "220 esafealert") != NULL)
1958 mark_smtp_server (desc, port, origline, trp);
1959 else if (strncmp (line, "220", 3) == 0
1960 && strstr (line, "groupwise internet agent") != NULL)
1961 mark_smtp_server (desc, port, origline, trp);
1962 else if (strncmp (line, "220", 3) == 0
1963 && strstr (line, " SNPP ") != NULL)
1964 mark_snpp_server (desc, port, origline, trp);
1965 else if (strncmp (line, "200", 3) == 0
1966 && strstr (line, "mail ") != NULL)
1967 mark_smtp_server (desc, port, origline, trp);
1968 else if (strncmp (line, "421", 3) == 0
1969 && strstr (line, "smtp ") != NULL)
1970 mark_smtp_server (desc, port, origline, trp);
1971 // Null characters in buffer were replaced by 'x'.
1972 else if ((line[0] != '\0'
1973 || (strstr (buffer, "mysql") != NULL))
1974 && (regex_match (
1975 buffer,
1976 "^.x{3}\n[0-9.]+ [0-9a-z]+@[0-9a-z]+ release")
1977 || regex_match (
1978 buffer, "^.x{3}\n[0-9.]+-(id[0-9]+-)?release"
1979 " \\([0-9a-z-]+\\)")))
1980 mark_sphinxql (desc, port);
1981 else if (line[0] != '\0'
1982 && ((strncmp (buffer + 1, "host '", 6) == 0)
1983 || (strstr (buffer, "mysql") != NULL
1984 || strstr (buffer, "mariadb") != NULL)))
1985 mark_mysql (desc, port);
1986 else if (!strncmp (line, "efatal", 6)
1987 || !strncmp (line, "einvalid packet length",
1988 strlen ("einvalid packet length")))
1989 mark_postgresql (desc, port);
1990 else if (strstr (line, "cvsup server ready") != NULL)
1991 mark_cvsupserver (desc, port);
1992 else if (!strncmp (line, "cvs [pserver aborted]:", 22)
1993 || !strncmp (line, "cvs [server aborted]:", 21))
1994 mark_cvspserver (desc, port);
1995 else if (!strncmp (line, "cvslock ", 8))
1996 mark_cvslockserver (desc, port);
1997 else if (!strncmp (line, "@rsyncd", 7))
1998 mark_rsync (desc, port);
1999 else if ((len == 4) && may_be_time ((time_t *) banner))
2000 mark_time_server (desc, port, trp);
2001 else if (strstr (buffer, "rmserver")
2002 || strstr (buffer, "realserver"))
2003 mark_rmserver (desc, port, origline, trp);
2004 else if ((strstr (line, "ftp") || strstr (line, "winsock")
2005 || strstr (line, "axis network camera")
2006 || strstr (line, "netpresenz")
2007 || strstr (line, "serv-u")
2008 || strstr (line, "service ready for new user"))
2009 && !strncmp (line, "220", 3))
2010 mark_ftp_server (desc, port, origline, trp);
2011 else if (strncmp (line, "220-", 4) == 0) /* FTP server with a
2012 * long banner */
2013 mark_ftp_server (desc, port, NULL, trp);
2014 else if (strstr (line, "220") && strstr (line, "whois+"))
2015 mark_whois_plus2_server (desc, port, origline, trp);
2016 else if (strstr (line, "520 command could not be executed"))
2017 mark_mon_server (desc, port, origline, trp);
2018 else if (strstr (line, "ssh-"))
2019 mark_ssh_server (desc, port, origline);
2020 else if (!strncmp (line, "+ok", 3)
2021 || (!strncmp (line, "+", 1) && strstr (line, "pop")))
2022 mark_pop_server (desc, port, origline);
2023 else if (strstr (line, "imap4") && !strncmp (line, "* ok", 4))
2024 mark_imap_server (desc, port, origline, trp);
2025 else if (strstr (line, "*ok iplanet messaging multiplexor"))
2026 mark_imap_server (desc, port, origline, trp);
2027 else if (strstr (line, "*ok communigate pro imap server"))
2028 mark_imap_server (desc, port, origline, trp);
2029 else if (strstr (line, "* ok courier-imap"))
2030 mark_imap_server (desc, port, origline, trp);
2031 else if (strncmp (line, "giop", 4) == 0)
2032 mark_giop_server (desc, port, trp);
2033 else if (strstr (line, "microsoft routing server"))
2034 mark_exchg_routing_server (desc, port, origline, trp);
2035 /* Apparently an iPlanet ENS server */
2036 else if (strstr (line, "gap service ready"))
2037 mark_ens_server (desc, port, trp);
2038 else if (strstr (line, "-service not available"))
2039 mark_tcpmux_server (desc, port, trp);
2040 /*
2041 * Citrix sends 7f 7f 49 43 41, that
2042 * we converted to lowercase
2043 */
2044 else if (strlen (line) > 2 && line[0] == 0x7F
2045 && line[1] == 0x7F
2046 && strncmp (&line[2], "ica", 3) == 0)
2047 mark_citrix_server (desc, port, trp);
2048
2049 else if (strstr (origline, " INN ")
2050 || strstr (origline, " Leafnode ")
2051 || strstr (line, " nntp daemon")
2052 || strstr (line, " nnrp service ready")
2053 || strstr (line, "posting ok")
2054 || strstr (line, "posting allowed")
2055 || strstr (line, "502 no permission")
2056 || (strcmp (line, "502") == 0
2057 && strstr (line, "diablo") != NULL))
2058 mark_nntp_server (desc, port, origline, trp);
2059 else if (strstr (buffer, "networking/linuxconf")
2060 || strstr (buffer, "networking/misc/linuxconf")
2061 || strstr (buffer, "server: linuxconf"))
2062 mark_linuxconf (desc, port, banner);
2063 else if (strncmp (buffer, "gnudoit:", 8) == 0)
2064 mark_gnuserv (desc, port);
2065 else if ((buffer[0] == '0'
2066 && strstr (buffer, "error.host\t1") != NULL)
2067 || (buffer[0] == '3'
2068 && strstr (
2069 buffer,
2070 "That item is not currently available")))
2071
2072 mark_gopher_server (desc, port);
2073 else if (strstr (buffer,
2074 "www-authenticate: basic realm=\"swat\""))
2075 mark_swat_server (desc, port);
2076 else if (strstr (buffer, "vqserver")
2077 && strstr (buffer,
2078 "www-authenticate: basic realm=/"))
2079 mark_vqserver (desc, port);
2080 else if (strstr (buffer, "1invalid request") != NULL)
2081 mark_mldonkey (desc, port);
2082 else if (strstr (buffer, "get: command not found"))
2083 mark_wild_shell (desc, port);
2084 else if (strstr (buffer, "microsoft windows") != NULL
2085 && strstr (buffer, "c:\\") != NULL
2086 && strstr (buffer, "(c) copyright 1985-") != NULL
2087 && strstr (buffer, "microsoft corp.") != NULL)
2088 mark_wild_shell (desc, port);
2089 else if (strstr (buffer, "netbus"))
2090 mark_netbus_server (desc, port);
2091 else if (strstr (line, "0 , 0 : error : unknown-error")
2092 || strstr (line, "0, 0: error: unknown-error")
2093 || strstr (line, "get : error : unknown-error")
2094 || strstr (line, "0 , 0 : error : invalid-port"))
2095 mark_auth_server (desc, port);
2096 else if (!strncmp (line, "http/1.", 7)
2097 && strstr (line, "proxy")) /* my proxy "HTTP/1.1
2098 * 502 Proxy Error" */
2099 mark_http_proxy (desc, port, trp);
2100 else if (!strncmp (line, "http/1.", 7)
2101 && strstr (buffer, "via: "))
2102 mark_http_proxy (desc, port, trp);
2103 else if (!strncmp (line, "http/1.", 7)
2104 && strstr (buffer, "proxy-connection: "))
2105 mark_http_proxy (desc, port, trp);
2106 else if (!strncmp (line, "http/1.", 7)
2107 && strstr (buffer, "cache")
2108 && strstr (line, "bad request"))
2109 mark_http_proxy (desc, port, trp);
2110 else if (!strncmp (origline, "RFB 00", 6)
2111 && strstr (line, ".00"))
2112 mark_vnc_server (desc, port, origline);
2113 else if (!strncmp (line, "ncacn_http/1.", 13))
2114 mark_ncacn_http_server (desc, port, origline);
2115 else if (line_len >= 14 && /* no ending \r\n */
2116 line_len <= 18 && /* full GET request
2117 * length */
2118 strncmp (origline, http_get, line_len) == 0)
2119 mark_echo_server (desc, port);
2120 else if (strstr ((char *) banner, "!\"#$%&'()*+,-./")
2121 && strstr ((char *) banner, "ABCDEFGHIJ")
2122 && strstr ((char *) banner, "abcdefghij")
2123 && strstr ((char *) banner, "0123456789"))
2124 mark_chargen_server (desc, port);
2125 else if (strstr (line, "vtun server"))
2126 mark_vtun_server (desc, port, banner, trp);
2127 else if (strcmp (line, "login: password: ") == 0)
2128 mark_uucp_server (desc, port, banner, trp);
2129 else if (strcmp (line, "bad request") == 0
2130 || /* See bug # 387 */
2131 strstr (
2132 line,
2133 "invalid protocol request (71): gget / http/1.0")
2134 || (strncmp (line, "lpd:", 4) == 0)
2135 || (strstr (line, "lpsched") != NULL)
2136 || (strstr (line, "malformed from address") != NULL)
2137 || (strstr (line, "no connect permissions") != NULL)
2138 || /* <- RH 8 lpd */
2139 strcmp (line, "bad request") == 0)
2140 mark_lpd_server (desc, port, trp);
2141 else if (strstr (line, "%%lyskom unsupported protocol"))
2142 mark_lyskom_server (desc, port, trp);
2143 else if (strstr (line, "598:get:command not recognized"))
2144 mark_ph_server (desc, port, trp);
2145 else if (strstr (line, "BitTorrent prot"))
2146 mark_BitTorrent_server (desc, port, trp);
2147 else if (banner[0] == 'A' && banner[1] == 0x01
2148 && banner[2] == 0x02 && banner[3] == '\0')
2149 mark_smux_server (desc, port, trp);
2150 else if (!strncmp (line, "0 succeeded\n",
2151 strlen ("0 succeeded\n")))
2152 mark_LISa_server (desc, port, trp);
2153 else if (strlen ((char *) banner) == 3 && banner[2] == '\n')
2154 mark_msdtc_server (desc, port);
2155 else if ((!strncmp (line, "220", 3)
2156 && strstr (line, "poppassd")))
2157 mark_pop3pw_server (desc, port, origline, trp);
2158 else if (strstr (line, "welcome!psybnc@") != NULL)
2159 mark_psybnc (desc, port, origline, trp);
2160 else if (strncmp (line, "* acap ", strlen ("* acap ")) == 0)
2161 mark_acap_server (desc, port, origline, trp);
2162 else if (strstr (origline, "Sorry, you (") != NULL
2163 && strstr (origline,
2164 "are not among the allowed hosts...\n")
2165 != NULL)
2166 mark_nagiosd_server (desc, port, trp);
2167 else if (strstr (line, "[ts].error") != NULL
2168 || strstr (line, "[ts].\n") != NULL)
2169 mark_teamspeak2_server (desc, port, trp);
2170 else if (strstr (origline, "Language received from client:")
2171 && strstr (origline, "Setlocale:"))
2172 mark_websm_server (desc, port, trp);
2173 else if (strncmp (origline, "CNFGAPI", 7) == 0)
2174 mark_ofa_express_server (desc, port, trp);
2175 else if (strstr (line, "suse meta pppd") != NULL)
2176 mark_smppd_server (desc, port, trp);
2177 else if (strncmp (origline, "ERR UNKNOWN-COMMAND",
2178 strlen ("ERR UNKNOWN-COMMAND"))
2179 == 0)
2180 mark_upsmon_server (desc, port, trp);
2181 else if (strncmp (line, "connected. ", strlen ("connected. "))
2182 == 0
2183 && strstr (line, "legends") != NULL)
2184 mark_sub7_server (desc, port, trp);
2185 else if (strncmp (line, "spamd/", strlen ("spamd/")) == 0)
2186 mark_spamd_server (desc, port, trp);
2187 else if (strstr (line, " dictd ")
2188 && strncmp (line, "220", 3) == 0)
2189 mark_dictd_server (desc, port, origline, trp);
2190 else if (strncmp (line, "220 ", 4) == 0
2191 && strstr (line, "vmware authentication daemon")
2192 != NULL)
2193 mark_vmware_auth (desc, port, origline, trp);
2194 else if (strncmp (line, "220 ", 4) == 0
2195 && strstr (line, "interscan version") != NULL)
2196 mark_interscan_viruswall (desc, port, origline, trp);
2197 else if ((strlen ((char *) banner) > 1) && (banner[0] == '~')
2198 && (banner[strlen ((char *) banner) - 1] == '~')
2199 && (strchr ((char *) banner, '}') != NULL))
2200 mark_ppp_daemon (desc, port, trp);
2201 else if (strstr ((char *) banner, "Hello, this is zebra ")
2202 != NULL)
2203 mark_zebra_server (desc, port, origline, trp);
2204 else if (strstr (line, "ircxpro ") != NULL)
2205 mark_ircxpro_admin_server (desc, port, trp);
2206 else if (strncmp (origline, "version report",
2207 strlen ("version report"))
2208 == 0)
2209 mark_gnocatan_server (desc, port, trp);
2210 else if (strncmp (origline, "RTSP/1.0", strlen ("RTSP/1.0"))
2211 && strstr (origline, "QTSS/") != NULL)
2212 mark_quicktime_streaming_server (desc, port, trp);
2213 else if (strlen (origline) >= 2 && origline[0] == 0x30
2214 && origline[1] == 0x11 && origline[2] == 0)
2215 mark_dameware_server (desc, port, trp);
2216 else if (strstr (line, "stonegate firewall") != NULL)
2217 mark_stonegate_auth_server (desc, port, trp);
2218 else if (strncmp (line, "pbmasterd", strlen ("pbmasterd"))
2219 == 0)
2220 mark_pbmaster_server (desc, port, origline, trp);
2221 else if (strncmp (line, "pblocald", strlen ("pblocald")) == 0)
2222 mark_pblocald_server (desc, port, origline, trp);
2223 else if (strncmp (
2224 line, "<stream:error>invalid xml</stream:error>",
2225 strlen (
2226 "<stream:error>invalid xml</stream:error>"))
2227 == 0)
2228 mark_jabber_server (desc, port, trp);
2229 else if (strncmp (line, "/c -2 get ctgetoptions",
2230 strlen ("/c -2 get ctgetoptions"))
2231 == 0)
2232 mark_avotus_mm_server (desc, port, origline, trp);
2233 else if (strncmp (line, "error:wrong password",
2234 strlen ("error:wrong password"))
2235 == 0)
2236 mark_pnsclient (desc, port, trp);
2237 else if (strncmp (line, "1000 2", strlen ("1000 2"))
2238 == 0)
2239 mark_veritas_backup (desc, port, trp);
2240 else if (strstr (line,
2241 "the file name you specified is invalid")
2242 && strstr (line, "listserv"))
2243 mark_listserv_server (desc, port, trp);
2244 else if (strncmp (line, "control password:",
2245 strlen ("control password:"))
2246 == 0)
2247 mark_fssniffer (desc, port, trp);
2248 else if (strncmp (line, "remotenc control password:",
2249 strlen ("remotenc control password:"))
2250 == 0)
2251 mark_remote_nc_server (desc, port, trp);
2252 else if (((p = (unsigned char *) strstr (
2253 (char *) banner, "finger: GET: no such user"))
2254 != NULL
2255 && strstr ((char *) banner,
2256 "finger: /: no such user")
2257 != NULL
2258 && strstr ((char *) banner,
2259 "finger: HTTP/1.0: no such user")
2260 != NULL))
2261 {
2262 char c = '\0';
2263 if (p != NULL)
2264 {
2265 while (p - banner > 0 && isspace (*p))
2266 p--;
2267 c = *p;
2268 *p = '\0';
2269 mark_finger_server (desc, port, trp);
2270 }
2271
2272 if (p != NULL)
2273 *p = c;
2274 }
2275 else if (banner[0] == 5 && banner[1] <= 8 && banner[2] == 0
2276 && banner[3] <= 4)
2277 mark_socks_proxy (desc, port, 5);
2278 else if (banner[0] == 0 && banner[1] >= 90 && banner[1] <= 93)
2279 mark_socks_proxy (desc, port, 4);
2280 else if (strstr (
2281 buffer,
2282 "it looks like you are trying to access mongodb "
2283 "over http on the native driver port.")
2284 != NULL)
2285 mark_mongodb (desc, port);
2286 else
2287 unindentified_service = !flg;
2288 g_free (line);
2289 g_free (origline);
2290 }
2291 /* len >= 0 */
2292 else
2293 {
2294 unindentified_service = 1;
2295#define TESTSTRING "OpenVAS Wrap Test"
2296 if (trp == OPENVAS_ENCAPS_IP && wrap_timeout > 0)
2297 maybe_wrapped = 1;
2298 }
2299 if (cnx > 0)
2300 close_stream_connection (cnx);
2301
2302 /*
2303 * I'll clean this later. Meanwhile, we will not print a silly
2304 * message for rsh and rlogin.
2305 */
2306 if (port == 513 /* rlogin */ || port == 514 /* rsh */)
2307 maybe_wrapped = 0;
2308
2309 if (maybe_wrapped /* && trp ==
2310 * OPENVAS_ENCAPS_IP &&
2311 wrap_timeout > 0 */ )
2312 {
2313 int nfd, fd, wx, flag = 0;
2314 char b;
2315
2316 nfd = open_stream_connection (desc, port, OPENVAS_ENCAPS_IP,
2317 cnx_timeout);
2318 if (nfd >= 0)
2319 {
2320 fd = openvas_get_socket_from_connection (nfd);
2321 select_again2:
2322 FD_ZERO (&rfds);
2323 FD_SET (fd, &rfds);
2324 tv.tv_sec = wrap_timeout;
2325 tv.tv_usec = 0;
2326
2327 signal (SIGALRM, SIG_IGN);
2328
2329 (void) gettimeofday (&tv1, NULL);
2330 wx = select (fd + 1, &rfds, NULL, NULL, &tv);
2331 (void) gettimeofday (&tv2, NULL);
2332 diff_tv2 = DIFFTV1000 (tv2, tv1);
2333 if (wx < 0)
2334 {
2335 if (errno == EINTR)
2336 goto select_again2;
2337 perror ("select");
2338 }
2339 else if (wx > 0)
2340 {
2341 errno = 0;
2342 wx = recv (fd, &b, 1, MSG_DONTWAIT);
2343 if (wx == 0 || (wx < 0 && errno == EPIPE))
2344 {
2345 /*
2346 * If the service quickly closes the connection
2347 * when we send garbage but not when we don't send
2348 * anything, it is not wrapped
2349 */
2350 flag = 1;
2351 }
2352 }
2353 else
2354 {
2355 /*
2356 * Timeout - one last
2357 * check
2358 */
2359 errno = 0;
2360 if (send (fd, "Z", 1, MSG_DONTWAIT) < 0)
2361 {
2362 perror ("send");
2363 if (errno == EPIPE)
2364 flag = 1;
2365 }
2366 }
2367 close_stream_connection (nfd);
2368 if (flag)
2369 {
2370 if (diff_tv2 <= 2 * diff_tv + 1)
2371 {
2372 mark_wrapped_svc (desc, port, diff_tv2 / 1000);
2373 unindentified_service = 0;
2374 }
2375 }
2376 }
2377 }
2378
2379 if (unindentified_service && port != 139 && port != 135
2380 && port != 445)
2381 /*
2382 * port 139 can't be marked as
2383 * 'unknown'
2384 */
2385 {
2386 unknown[num_unknown++] = port;
2387 /*
2388 * find_service_3digits will run
2389 * after us
2390 */
2391 if (!three_digits)
2392 mark_unknown_svc (desc, port, banner, trp);
2393 }
2394 g_free (banner);
2395 }
2396 }
2397 h = h->next;
2398 }
2399 g_free (http_get);
2400
2401 return (0);
2402}
2403
2404#define MAX_SONS 128
2405
2406static pid_t sons[MAX_SONS];
2407
2408static void
2409sigterm (int s)
2410{
2411 int i;
2412
2413 (void) s;
2414 for (i = 0; i < MAX_SONS; i++)
2415 {
2416 if (sons[i] != 0)
2417 kill (sons[i], SIGTERM);
2418 }
2419 _exit (0);
2420}
2421
2422static void
2423sigchld (int s)
2424{
2425 int i;
2426
2427 (void) s;
2428 for (i = 0; i < MAX_SONS; i++)
2429 {
2430 waitpid (sons[i], NULL, WNOHANG);
2431 }
2432}
2433
2434tree_cell *
2435plugin_run_find_service (lex_ctxt *lexic)
2436{
2437 struct script_infos *desc = lexic->script_infos;
2438
2439 oid = lexic->oid;
2440
2441 kb_t kb = plug_get_kb (desc);
2442 struct kb_item *kbitem, *kbitem_tmp;
2443
2444 GSList *sons_args[MAX_SONS];
2445 int num_ports = 0;
2446 char *num_sons_s;
2447 int num_sons = 6;
2448 int port_per_son;
2449 int i;
2450 int test_ssl = 1;
2451 char *key = get_plugin_preference (oid, KEY_FILE, -1);
2452 char *cert = get_plugin_preference (oid, CERT_FILE, -1);
2453 char *pempass = get_plugin_preference (oid, PEM_PASS, -1);
2454 char *cafile = get_plugin_preference (oid, CA_FILE, -1);
2455 char *test_ssl_s = get_plugin_preference (oid, TEST_SSL_PREF, -1);
2456
2457 if (key && key[0] != '\0')
2458 key = (char *) get_plugin_preference_fname (desc, key);
2459 else
2460 key = NULL;
2461
2462 if (cert && cert[0] != '\0')
2463 cert = (char *) get_plugin_preference_fname (desc, cert);
2464 else
2465 cert = NULL;
2466
2467 if (cafile && cafile[0] != '\0')
2468 cafile = (char *) get_plugin_preference_fname (desc, cafile);
2469 else
2470 cafile = NULL;
2471
2472 if (test_ssl_s != NULL)
2473 {
2474 if (strcmp (test_ssl_s, "None") == 0)
2475 test_ssl = 0;
2476 }
2477 g_free (test_ssl_s);
2478 if (key || cert)
2479 {
2480 if (!key)
2481 key = cert;
2482 if (!cert)
2483 cert = key;
2484 plug_set_ssl_cert (desc, cert);
2485 plug_set_ssl_key (desc, key);
2486 }
2487 if (pempass != NULL)
2488 plug_set_ssl_pem_password (desc, pempass);
2489 if (cafile != NULL)
2490 plug_set_ssl_CA_file (desc, cafile);
2491
2492 signal (SIGTERM, sigterm);
2493 signal (SIGCHLD, sigchld);
2494 num_sons_s = get_plugin_preference (oid, NUM_CHILDREN, -1);
2495 if (num_sons_s != NULL)
2496 num_sons = atoi (num_sons_s);
2497 g_free (num_sons_s);
2498
2499 if (num_sons <= 0)
2500 num_sons = 6;
2501
2502 if (num_sons > MAX_SONS)
2503 num_sons = MAX_SONS;
2504
2505 for (i = 0; i < num_sons; i++)
2506 {
2507 sons[i] = 0;
2508 sons_args[i] = NULL;
2509 }
2510
2511 if (kb == NULL)
2512 return NULL; // TODO: in old days returned "1". Still relevant?
2513
2514 kbitem = kb_item_get_pattern (kb, "Ports/tcp/*");
2515
2516 /* count the number of open TCP ports */
2517 kbitem_tmp = kbitem;
2518 while (kbitem_tmp != NULL)
2519 {
2520 num_ports++;
2521 kbitem_tmp = kbitem_tmp->next;
2522 }
2523
2524 port_per_son = num_ports / num_sons;
2525
2526 /* The next two loops distribute the ports across a number of 'sons'.
2527 */
2528
2529 kbitem_tmp = kbitem;
2530
2531 for (i = 0; i < num_sons; i = i + 1)
2532 {
2533 int j;
2534
2535 if (kbitem_tmp != NULL)
2536 {
2537 for (j = 0; j < port_per_son && kbitem_tmp != NULL;)
2538 {
2539 sons_args[i] =
2540 g_slist_prepend (sons_args[i], g_strdup (kbitem_tmp->name));
2541 j++;
2542 kbitem_tmp = kbitem_tmp->next;
2543 }
2544 }
2545 else
2546 break;
2547 }
2548
2549 for (i = 0; (i < num_ports % num_sons) && kbitem_tmp != NULL;)
2550 {
2551 sons_args[i] =
2552 g_slist_prepend (sons_args[i], g_strdup (kbitem_tmp->name));
2553 i++;
2554 kbitem_tmp = kbitem_tmp->next;
2555 }
2556
2557 kb_item_free (kbitem);
2558
2559 for (i = 0; i < num_sons; i++)
2560 if (sons_args[i] == NULL)
2561 break;
2562
2563 num_sons = i;
2564
2565 for (i = 0; i < num_sons; i++)
2566 {
2567 usleep (5000);
2568 if (sons_args[i] != NULL)
2569 {
2570 sons[i] = fork ();
2571 if (sons[i] == 0)
2572 {
2573 kb_lnk_reset (kb);
2574 kb_lnk_reset (get_main_kb ());
2575 mqtt_reset ();
2576 nvticache_reset ();
2577
2578 signal (SIGTERM, _exit);
2579 plugin_do_run (desc, sons_args[i], test_ssl);
2580 _exit (0);
2581 }
2582 else
2583 {
2584 if (sons[i] < 0)
2585 sons[i] = 0; /* Fork failed */
2586 }
2587 g_slist_free_full (sons_args[i], g_free);
2588 }
2589 }
2590
2591 for (;;)
2592 {
2593 int flag = 0;
2594
2595 for (i = 0; i < num_sons; i++)
2596 {
2597 if (sons[i] != 0)
2598 {
2599 while (waitpid (sons[i], NULL, WNOHANG) && errno == EINTR)
2600 ;
2601
2602 if (kill (sons[i], 0) >= 0)
2603 flag++;
2604 }
2605 }
2606
2607 if (flag == 0)
2608 break;
2609 usleep (100000);
2610 }
2611
2612 return NULL;
2613}
get_main_kb
kb_t get_main_kb(void)
gets the main_kb. @description returns the previously set main_kb; when asserts are enabled it will a...
Definition kb_cache.c:41
kb_cache.h
Header file to cache main_kb.
mark_giop_server
static void mark_giop_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:639
TLS_FATAL_ALERT
#define TLS_FATAL_ALERT
Definition nasl_builtin_find_service.c:43
mark_mysql
static void mark_mysql(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:403
mark_nagiosd_server
static void mark_nagiosd_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:913
plugin_run_find_service
tree_cell * plugin_run_find_service(lex_ctxt *lexic)
Definition nasl_builtin_find_service.c:2435
sigchld
static void sigchld(int s)
Definition nasl_builtin_find_service.c:2423
mark_time_server
static void mark_time_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:602
mark_ofa_express_server
static void mark_ofa_express_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:968
mark_cvslockserver
static void mark_cvslockserver(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:426
mark_shoutcast_server
static void mark_shoutcast_server(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:836
mark_adsgone
static void mark_adsgone(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:854
mark_smppd_server
static void mark_smppd_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:985
mark_sub7_server
static void mark_sub7_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:1022
mark_eggdrop_server
static void mark_eggdrop_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:478
DIFFTV1000
#define DIFFTV1000(t1, t2)
plugin_do_run
static int plugin_do_run(struct script_infos *desc, GSList *h, int test_ssl)
Definition nasl_builtin_find_service.c:1542
mark_avotus_mm_server
static void mark_avotus_mm_server(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:1412
oid
const char * oid
Definition nasl_builtin_find_service.c:51
mark_wild_shell
static void mark_wild_shell(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:441
KEY_FILE
#define KEY_FILE
Definition nasl_builtin_find_service.c:31
WRAP_TIMEOUT_PREF
#define WRAP_TIMEOUT_PREF
Definition nasl_builtin_find_service.c:36
mark_fssniffer
static void mark_fssniffer(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:1097
mark_teamspeak2_server
static void mark_teamspeak2_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:930
mark_mldonkey
static void mark_mldonkey(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:168
mark_locked_adsubtract_server
static void mark_locked_adsubtract_server(struct script_infos *desc, int port, unsigned char *buffer, int trp)
Definition nasl_builtin_find_service.c:190
MAX_SONS
#define MAX_SONS
Definition nasl_builtin_find_service.c:2404
mark_http_proxy
static void mark_http_proxy(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:314
mark_cvsupserver
static void mark_cvsupserver(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:419
mark_listserv_server
static void mark_listserv_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:1084
mark_smtp_server
static void mark_smtp_server(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:224
mark_ncacn_http_server
static void mark_ncacn_http_server(struct script_infos *desc, int port, char *buffer)
Definition nasl_builtin_find_service.c:117
mark_msdtc_server
static void mark_msdtc_server(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:728
mark_pnsclient
static void mark_pnsclient(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:1362
mark_nntp_server
static void mark_nntp_server(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:144
mark_lyskom_server
static void mark_lyskom_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:578
mark_gnocatan_server
static void mark_gnocatan_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:1320
mark_chargen_server
static void mark_chargen_server(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:103
regex_match
static int regex_match(char *string, char *pattern)
Compares string with the regular expression. Null characters in buffer are replaced by 'x'.
Definition nasl_builtin_find_service.c:88
mark_LISa_server
static void mark_LISa_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:710
mark_upsmon_server
static void mark_upsmon_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:1003
mark_ftp_server
static void mark_ftp_server(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:269
register_service
static void register_service(struct script_infos *desc, int port, const char *proto)
Definition nasl_builtin_find_service.c:54
TLS_PRIME_UNACCEPTABLE
#define TLS_PRIME_UNACCEPTABLE
Definition nasl_builtin_find_service.c:42
mark_interscan_viruswall
static void mark_interscan_viruswall(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:1267
NUM_CHILDREN
#define NUM_CHILDREN
Definition nasl_builtin_find_service.c:39
mark_websm_server
static void mark_websm_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:954
mark_spamd_server
static void mark_spamd_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:1039
mark_gopher_server
static void mark_gopher_server(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:204
mark_vnc_server
static void mark_vnc_server(struct script_infos *desc, int port, char *buffer)
Definition nasl_builtin_find_service.c:135
mark_fw1
static void mark_fw1(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:795
mark_unknown_svc
static void mark_unknown_svc(struct script_infos *desc, int port, const unsigned char *banner, int trp)
Definition nasl_builtin_find_service.c:1216
mark_direct_connect_hub
static void mark_direct_connect_hub(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:1438
mark_telnet_server
static void mark_telnet_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:452
mark_BitTorrent_server
static void mark_BitTorrent_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:681
mark_veritas_backup
static void mark_veritas_backup(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:1376
mark_socks_proxy
static void mark_socks_proxy(struct script_infos *desc, int port, int ver)
Definition nasl_builtin_find_service.c:1426
mark_imap_server
static void mark_imap_server(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:361
mark_dictd_server
static void mark_dictd_server(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:1349
MAX_SHIFT
#define MAX_SHIFT
Definition nasl_builtin_find_service.c:1465
mark_mon_server
static void mark_mon_server(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:783
PEM_PASS
#define PEM_PASS
Definition nasl_builtin_find_service.c:32
mark_linuxconf
static void mark_linuxconf(struct script_infos *desc, int port, unsigned char *buffer)
Definition nasl_builtin_find_service.c:499
mark_cvspserver
static void mark_cvspserver(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:411
mark_stonegate_auth_server
static void mark_stonegate_auth_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:1073
mark_tcpmux_server
static void mark_tcpmux_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:669
mark_postgresql
static void mark_postgresql(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:386
mark_exchg_routing_server
static void mark_exchg_routing_server(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:652
mark_whois_plus2_server
static void mark_whois_plus2_server(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:761
mark_sphinxql
static void mark_sphinxql(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:394
mark_lpd_server
static void mark_lpd_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:565
mark_rsync
static void mark_rsync(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:434
mark_auth_server
static void mark_auth_server(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:375
mark_swat_server
static void mark_swat_server(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:156
mark_dameware_server
static void mark_dameware_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:1063
mark_ph_server
static void mark_ph_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:591
TEST_SSL_PREF
#define TEST_SSL_PREF
Definition nasl_builtin_find_service.c:37
mark_gnome14_server
static void mark_gnome14_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:465
ABS
#define ABS(x)
mark_vtun_server
static void mark_vtun_server(struct script_infos *desc, int port, unsigned char *banner, int trp)
Definition nasl_builtin_find_service.c:522
mark_quicktime_streaming_server
static void mark_quicktime_streaming_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:1051
mark_wrapped_svc
static void mark_wrapped_svc(struct script_infos *desc, int port, int delta)
Definition nasl_builtin_find_service.c:1125
mark_snpp_server
static void mark_snpp_server(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:249
mark_vqserver
static void mark_vqserver(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:162
mark_iss_realsecure
static void mark_iss_realsecure(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:1247
mark_smux_server
static void mark_smux_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:693
mark_ens_server
static void mark_ens_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:614
may_be_time
static int may_be_time(time_t *rtime)
Definition nasl_builtin_find_service.c:1469
mark_finger_server
static void mark_finger_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:509
mark_ppp_daemon
static void mark_ppp_daemon(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:1281
sigterm
static void sigterm(int s)
Definition nasl_builtin_find_service.c:2409
mark_ssh_server
static void mark_ssh_server(struct script_infos *desc, int port, char *buffer)
Definition nasl_builtin_find_service.c:304
mark_gnuserv
static void mark_gnuserv(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:1240
mark_psybnc
static void mark_psybnc(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:818
mark_acap_server
static void mark_acap_server(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:885
port_to_name
static const char * port_to_name(int port)
Definition nasl_builtin_find_service.c:1140
mark_rmserver
static void mark_rmserver(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:211
retry_stream_connection
static int retry_stream_connection(int test_ssl, struct script_infos *desc, int port, int timeout, int *trp)
Definition nasl_builtin_find_service.c:1484
mark_pop3pw_server
static void mark_pop3pw_server(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:735
mark_pop_server
static void mark_pop_server(struct script_infos *desc, int port, char *buffer)
Definition nasl_builtin_find_service.c:325
sons
static pid_t sons[MAX_SONS]
Definition nasl_builtin_find_service.c:2406
mark_netbus_server
static void mark_netbus_server(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:492
RW_TIMEOUT_PREF
#define RW_TIMEOUT_PREF
Definition nasl_builtin_find_service.c:35
mark_pblocald_server
static void mark_pblocald_server(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:1387
mark_citrix_server
static void mark_citrix_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:627
CA_FILE
#define CA_FILE
Definition nasl_builtin_find_service.c:33
mark_ircxpro_admin_server
static void mark_ircxpro_admin_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:1307
mark_echo_server
static void mark_echo_server(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:110
CNX_TIMEOUT_PREF
#define CNX_TIMEOUT_PREF
Definition nasl_builtin_find_service.c:34
mark_remote_nc_server
static void mark_remote_nc_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:1110
mark_http_server
static void mark_http_server(struct script_infos *desc, int port, unsigned char *buffer, int trp)
Definition nasl_builtin_find_service.c:177
CERT_FILE
#define CERT_FILE
Definition nasl_builtin_find_service.c:30
mark_jabber_server
static void mark_jabber_server(struct script_infos *desc, int port, int trp)
Definition nasl_builtin_find_service.c:1401
mark_vmware_auth
static void mark_vmware_auth(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:1254
mark_uucp_server
static void mark_uucp_server(struct script_infos *desc, int port, unsigned char *banner, int trp)
Definition nasl_builtin_find_service.c:548
DIFF_1970_1900
#define DIFF_1970_1900
Definition nasl_builtin_find_service.c:1466
mark_zebra_server
static void mark_zebra_server(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:1293
mark_pbmaster_server
static void mark_pbmaster_server(struct script_infos *desc, int port, char *buffer, int trp)
Definition nasl_builtin_find_service.c:1334
mark_mongodb
static void mark_mongodb(struct script_infos *desc, int port)
Definition nasl_builtin_find_service.c:1449
nasl_builtin_plugins.h
Header file for built-in plugins.
timeval
static struct timeval timeval(unsigned long val)
Definition nasl_builtin_synscan.c:94
http_get
tree_cell * http_get(lex_ctxt *lexic)
Definition nasl_http.c:181
nasl_lex_ctxt.h
lex_ctxt
struct struct_lex_ctxt lex_ctxt
len
uint8_t len
Definition nasl_packet_forgery.c:1
tree_cell
struct TC tree_cell
get_encaps_through
const char * get_encaps_through(openvas_encaps_t code)
Definition network.c:1766
openvas_get_socket_from_connection
int openvas_get_socket_from_connection(int fd)
Definition network.c:357
read_stream_connection_min
int read_stream_connection_min(int fd, void *buf0, int min_len, int max_len)
Definition network.c:1397
open_stream_connection_ext
int open_stream_connection_ext(struct script_infos *args, unsigned int port, int transport, int timeout, const char *priority, int flags)
Definition network.c:1046
read_stream_connection
int read_stream_connection(int fd, void *buf0, int len)
Definition network.c:1457
open_stream_tls_default_priorities
void open_stream_tls_default_priorities(const char *p, const int pflag)
Definition network.c:1168
write_stream_connection
int write_stream_connection(int fd, void *buf0, int n)
Definition network.c:1583
open_stream_connection
int open_stream_connection(struct script_infos *args, unsigned int port, int transport, int timeout)
Definition network.c:1175
get_encaps_name
const char * get_encaps_name(openvas_encaps_t code)
Definition network.c:1733
stream_set_timeout
int stream_set_timeout(int fd, int timeout)
Definition network.c:1216
close_stream_connection
int close_stream_connection(int fd)
Definition network.c:1705
network.h
Header file for module network.
OPENVAS_ENCAPS_TLScustom
@ OPENVAS_ENCAPS_TLScustom
Definition network.h:39
OPENVAS_ENCAPS_IP
@ OPENVAS_ENCAPS_IP
Definition network.h:31
INSECURE_DH_PRIME_BITS
#define INSECURE_DH_PRIME_BITS
Definition network.h:49
NO_PRIORITY_FLAGS
#define NO_PRIORITY_FLAGS
Definition network.h:48
IS_ENCAPS_SSL
#define IS_ENCAPS_SSL(x)
Definition network.h:43
post_alarm
void post_alarm(const char *oid, struct script_infos *desc, int port, const char *action, const char *uri)
Definition plugutils.c:774
plug_set_ssl_cert
void plug_set_ssl_cert(struct script_infos *args, char *cert)
Definition plugutils.c:1420
plug_set_ssl_CA_file
void plug_set_ssl_CA_file(struct script_infos *args, char *key)
Definition plugutils.c:1442
plug_set_port_transport
void plug_set_port_transport(struct script_infos *args, int port, int tr)
Definition plugutils.c:1383
plug_replace_key
void plug_replace_key(struct script_infos *args, char *name, int type, void *value)
Definition plugutils.c:1145
plug_get_host_fqdn
char * plug_get_host_fqdn(struct script_infos *args)
Definition plugutils.c:291
get_plugin_preference
char * get_plugin_preference(const char *oid, const char *name, int pref_id)
Get the a plugins preference.
Definition plugutils.c:837
plug_set_ssl_key
void plug_set_ssl_key(struct script_infos *args, char *key)
Definition plugutils.c:1426
plug_set_key
void plug_set_key(struct script_infos *args, char *name, int type, const void *value)
Definition plugutils.c:1060
plug_get_key
void * plug_get_key(struct script_infos *args, char *name, int *type, size_t *len, int single)
Get values from a kb under the given key name.
Definition plugutils.c:1231
get_plugin_preference_fname
const char * get_plugin_preference_fname(struct script_infos *desc, const char *filename)
Get the file name of a plugins preference that is of type "file".
Definition plugutils.c:925
plug_set_ssl_pem_password
void plug_set_ssl_pem_password(struct script_infos *args, char *key)
Definition plugutils.c:1432
post_log
void post_log(const char *oid, struct script_infos *desc, int port, const char *action)
Post a log message about a tcp port.
Definition plugutils.c:794
plug_get_kb
kb_t plug_get_kb(struct script_infos *args)
Definition plugutils.c:1157
plugutils.h
Header file for module plugutils.
ARG_STRING
#define ARG_STRING
Definition plugutils.h:19
ARG_INT
#define ARG_INT
Definition plugutils.h:20
script_infos
Definition scanneraux.h:29
struct_lex_ctxt::script_infos
struct script_infos * script_infos
Definition nasl_lex_ctxt.h:33
struct_lex_ctxt::oid
const char * oid
Definition nasl_lex_ctxt.h:34