3 Replies Latest reply: Jun 16, 2017 5:05 PM by iggy19 RSS

Custom sts_detect.nasl script

iggy19 Novice



I am still relatively new to Tenable and NASL scripts, so please go easy... but has anyone ever tried to modify the plugin ID 42822 sts_detect.nasl to produce the information when it doesn't have STS, rather than exiting on failure?


The portion of the script is as follows:


if (!sts) exit(0, "The web server on port "+port+" does not implement STS.");



  rep = strcat('\nThe STS header line is :\n\n', chomp(sts), '\n');

  security_note(port: port, extra: rep);

  set_kb_item(name:"www/"+port+"/STS", value:TRUE);



Instead of exiting, I would like the scanner to produce the results indicating the DNS doesn't contain STS.


I tried modifying it, but I am still unfamiliar with the variables in the else.


Thanks in advance.