This is a general note on the concept of “Detection” and “Vulnerability”-VTs and that both should be split into two separate tasks.
As an example many years ago quite a lot Vulnerability-VTs for the very same product had done an own connection via SMB to a target host to gather the version of the product from the registry:
vuln1.nasl
-> SMB login/registry gathering for version of product1, report a Vulnerability if affected version 1.2.3 was detected.
vuln2.nasl
-> SMB login/registry gathering for version of product1, report a Vulnerability if affected version 3.2.1 was detected.
vuln3.nasl
-> SMB login/registry gathering for version of product1, report a Vulnerability if affected version 3.1.2 was detected.
As you might see this is causing e.g. three SMB connections for collecting the very same information and a bad example on how to use such “Product detection” within a vulnerability check.
Instead there should have been one single “Detection”-VT like e.g.:
detection.nasl
-> SMB login/registry gathering for version of product1, saving the info about the product like e.g. the existence of a product and its version (e.g. via set_kb_item
) within the internal Knowledge Base (KB).
vuln1.nasl
-> Getting the information from the internal KB (e.g. via get_kb_item
), report a Vulnerability if affected version 1.2.3 was found.
vuln2.nasl
-> Getting the information from the internal KB (e.g. via get_kb_item
), report a Vulnerability if affected version 3.2.1 was found.
vuln3.nasl
-> Getting the information from the internal KB (e.g. via get_kb_item
), report a Vulnerability if affected version 3.1.2 was found.
With this recommended concept you can see that we’re doing only one SMB connection (instead of three). Additional you could also set something like the following:
set_kb_item(name:"productname/detected", value:TRUE);
which could be added to the vuln*.nasl as something like:
script_mandatory_keys("productname/detected");
This helps to e.g. not launch the vuln*.nasl if the Product wasn’t detected and improves the performance of your tests.