Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add alternative for supporting snmp during scans #594

Merged
merged 8 commits into from
Sep 8, 2020
Merged

Add alternative for supporting snmp during scans #594

merged 8 commits into from
Sep 8, 2020

Conversation

jjnicola
Copy link
Member

@jjnicola jjnicola commented Sep 4, 2020
edited
Loading

What:
Add alternative nasl function to perform snmp scan, spawning a new process and using the binary snmpget

** Why **
In case libsnmp is not present, but the binary, still have support for snmp scans

How:
running this nasl script with openvas-nasl against a target with a running snmp agent is a way to test the new functions. To test
the functions, be sure you don't have the libsnmp-dev installed or remove the add_definition of "HAVE_NETSNMP" in nasl/CMakeLists.txt.

openvas-nasl -X -d -D -i <path-to-script> snmp_test.nasl -t <ip-with-running-and_configured-snmp-server>


include("misc_func.inc");
include("dump.inc");


oid = '.1.3.6.1.2.1.1.1.0';

## uncomment this line to test the error handling
#oid = '.1.3.6.1.2.1.1.1.0.3.3.3.3';
protocol = 'udp';
port = 161;
community = 'public';

display("version 1");
ret = snmpv1_get( port:port, oid:oid, protocol:protocol, community:community );
display (ret, "\n");

display("version 2c");
ret = snmpv2c_get( port:port, oid:oid, protocol:protocol, community:community );
display (ret, "\n");

user = "some user";
pass = "password_ultra_xxl";

display("version 3");
ret = snmpv3_get(port:port, protocol:"udp", username:user, oid:oid,
                  authpass:pass, authproto:"md5", privpass:pass,
                  privproto:"des");

display (ret, "\n");

Checklist:

@jjnicola jjnicola changed the title Snmp Add alternative for supporting snmp during scans Sep 4, 2020
@jjnicola jjnicola marked this pull request as ready for review September 7, 2020 10:04
@jjnicola
Spawn process to call snmpget for version v1 and v2c.
3f3e74a 
Add snmp support through a spawn process calling snmpget
@jjnicola
Handle errors written in the stderr fd
29ba314 
As we spawn the process asyncronously, we don't know the exit status of the process
Therefore we need to check for errors in the output.
We assume that if there is no errors, we have an output.
@jjnicola
Parse error output
1a9935f
@jjnicola
Remove new line char from result
1d0e9a5 
And fix format.
@jjnicola
Add support for snmp v3 through snmpget binary
4eccbf8
@jjnicola
Update install documentation
be45420
@jjnicola
Update changelog
6e1c3c7
ArnoStiefvater
ArnoStiefvater requested changes Sep 8, 2020
View reviewed changes
nasl/nasl_snmp.c Outdated
/* As we spawn the process asyncronously, we don't know the exit
status of the process. Therefore we need to check for errors in
the output.
We assume that if there is no erros, we have an output.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
We assume that if there is no erros, we have an output.
We assume a valid output if there are no errors.

nasl/nasl_snmp.c
#define SNMP_VERSION_2c 1

static void
parse_snmp_error (char **result)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function documentation missing.

nasl/nasl_snmp.c
}

static int
check_spwan_output (int fd, char **result)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function documentation missing.

@ArnoStiefvater ArnoStiefvater merged commit d8ddd63 into greenbone:openvas-20.08 Sep 8, 2020
@jjnicola jjnicola deleted the snmp branch September 8, 2020 09:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ArnoStiefvater ArnoStiefvater ArnoStiefvater approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jjnicola @ArnoStiefvater