Code Automation for Vulnerability Scanner

Wu, Ching-Chang

06 July 2003

With enormous vulnerability discovered and Internet prevailing in the word, users confront with the more dangerous environment. As a result, the users have to understand the system risk necessarily. The vulnerability scanner provides the functionality that could check if the system is vulnerable. Nessus is a vulnerability scanner. It provides the customization capability that users could defined the security check. It develops a attack language called NASL. By use of NASL, users could write the security check by themselves. But before writing the security check, the users must know the architecture of Nessus and study how to write the security check by NASL. Different vulnerabilities have different the detection approach and communications method. If users don't know about above knowledge, they couldn¡¦t write the security check. In this research, we develop a automatic mechanism of generating code for the Nessus scanner and produce a security check. And we also provide two approaches to produce the security check. The one is the modularization. It takes part of function codes into a module, and combines the modules into a security check. The other one is package. The users can't involve the attack code and just only fill in some of parameters to produce the security check. This research proposes the design above and actually implements a system to generate attack codes. It attempts to decrease the needs of knowledge to users about security check, reduce the error rates by human typos, and enhance the efficiency and correctness for writing the security check

Vulnerability Scanner

Code Automation

Attack Language

Network Security