sussen-tests
Got the sussen-test-tester working again. I’ve simplified the interface:
$ ./sussen-test-tester.exe Usage: sussen-test-tester /target:<host> /test:<filename> /port:<num>
In terms of the sussen-tests, I’ve made some changes to the way those are handled. We are going to use the Open Source Vulnerability Database (OSVDB) for the information about the vulerabilties. Each test corresponds to an OSVDB ID and when the sussen-server is perparing a report it looks up the vulnerability information in the OSVDB.
This allows us to concentrate on writing tests and to leverage the work that has already gone into documenting the vulnerabilties in the OSVDB. No sense duplicating effort if there is no reason to. Currently there are 5,621 stable entries in the database.
We plan to have different ways to access the OSVDB information. Basically over the Internet via XML-RPC or locally using an XML Export or database. The OSVDB is exported every day at 1:00am Eastern Standard Time and you can download it from their site.
Here is the code for what a security test now looks like:
using System; using System.Collections; using Sussen.Interfaces; using Sussen.STF; public class Sst20040001 : ITest { private const int osvdb_id = 2652; private string session; private IServer server; public void Initialize () { // setup code here } public void Dispose () { // do any necessary cleanup } public void Start (string target) { ArrayList ports = server.KB.GetPorts (target, "http"); foreach (int port in ports) { UriBuilder ub = new UriBuilder ("http",target, port, "/index.php?do=ext&page=http://xxxxxxxxxxxxxxx"); HttpResource httpRes = new HttpResource (ub.Uri); httpRes.Get (); if (httpRes.Contains ("http://xxxxxxxxxxxxxxx")) { server.Mark (session, osvdb_id, target, port); } } } // Don't touch/delete these methods public int ID { get { return osvdb_id; } } public string SessionID { get { return session; } set { session = value; } } public IServer Server { get { return server; } set { server = value; } } }