Closed lucachr closed 4 years ago
Do you have a xml snip of the os line in question?
Thank you for your fast reply! Here is the snippet:
<ReportHost name="x.x.x.x"><HostProperties>
...
<tag name="operating-system">Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows 8
Microsoft Windows Server 2012 R2
Microsoft Windows 10
Microsoft Windows Server 2016
Microsoft Windows Server 2019</tag>
<tag name="system-type">general-purpose</tag>
<tag name="cpe-0">cpe:/o:microsoft:windows_2003_server</tag>
<tag name="cpe-1">cpe:/o:microsoft:windows_vista</tag>
<tag name="cpe-2">cpe:/o:microsoft:windows_server_2008</tag>
<tag name="cpe-3">cpe:/o:microsoft:windows_7</tag>
<tag name="cpe-4">cpe:/o:microsoft:windows_server_2008:r2 -> Microsoft Windows Server 2008 R2</tag>
<tag name="cpe-5">cpe:/o:microsoft:windows_server_2012</tag>
<tag name="cpe-6">cpe:/o:microsoft:windows_8</tag>
<tag name="cpe-7">cpe:/o:microsoft:windows_server_2012:r2</tag>
<tag name="cpe-8">cpe:/o:microsoft:windows_10</tag>
<tag name="cpe-9">cpe:/o:microsoft:windows_server_2016</tag>
<tag name="cpe-10">cpe:/o:microsoft:windows</tag>
<tag name="patch-summary-total-cves">15</tag>
<tag name="os">windows</tag>
<tag name="cpe">cpe:/o:microsoft:windows</tag>
...
</HostProperties>
...
<ReportItem port="0" svc_name="general" protocol="tcp" severity="0" pluginID="11936" pluginName="OS Identification" pluginFamily="General">
<agent>all</agent>
<description>Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.</description>
<fname>os_fingerprint.nasl</fname>
<plugin_modification_date>2019/01/10</plugin_modification_date>
<plugin_name>OS Identification</plugin_name>
<plugin_publication_date>2003/12/09</plugin_publication_date>
<plugin_type>combined</plugin_type>
<risk_factor>None</risk_factor>
<script_version>2.48</script_version>
<solution>n/a</solution>
<synopsis>It is possible to guess the remote operating system.</synopsis>
<plugin_output>
Remote operating system : Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows 8
Microsoft Windows Server 2012 R2
Microsoft Windows 10
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Confidence level : 70
Method : HTTP
The remote host is running one of these operating systems :
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows 8
Microsoft Windows Server 2012 R2
Microsoft Windows 10
Microsoft Windows Server 2016
Microsoft Windows Server 2019</plugin_output>
</ReportItem>
...
<ReportItem port="0" svc_name="general" protocol="tcp" severity="0" pluginID="45590" pluginName="Common Platform Enumeration (CPE)" pluginFamily="General">
<agent>all</agent>
<description>By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.</description>
<fname>cpe.nbin</fname>
<plugin_modification_date>2017/06/06</plugin_modification_date>
<plugin_name>Common Platform Enumeration (CPE)</plugin_name>
<plugin_publication_date>2010/04/21</plugin_publication_date>
<plugin_type>combined</plugin_type>
<risk_factor>None</risk_factor>
<script_version>$Revision: 1.81$</script_version>
<see_also>http://cpe.mitre.org/
https://nvd.nist.gov/products/cpe</see_also>
<solution>n/a</solution>
<synopsis>It was possible to enumerate CPE names that matched on the remote system.</synopsis>
<plugin_output>
The remote operating system matched the following CPE's :
cpe:/o:microsoft:windows_2003_server
cpe:/o:microsoft:windows_vista
cpe:/o:microsoft:windows_server_2008
cpe:/o:microsoft:windows_7
cpe:/o:microsoft:windows_server_2008:r2 -> Microsoft Windows Server 2008 R2
cpe:/o:microsoft:windows_server_2012
cpe:/o:microsoft:windows_8
cpe:/o:microsoft:windows_server_2012:r2
cpe:/o:microsoft:windows_10
cpe:/o:microsoft:windows_server_2016
cpe:/o:microsoft:windows
</plugin_output>
</ReportItem>
...
</ReportHost>
I pushed a fix on the dev branch. Not sure when Ill push a new gem atm.
The latest versions of Nessus returns more than a single OS name when the tool is unsure about which one is installed on the tested host. Sometimes, the length of the string returned is longer than the 255 characters default limit set by ActiveRecord and an error is returned by Risu during the parsing of the Nessus file.