3 Replies Latest reply: Jun 16, 2017 5:05 PM by iggy19 RSS

Custom sts_detect.nasl script

iggy19 Novice

Hello,

 

I am still relatively new to Tenable and NASL scripts, so please go easy... but has anyone ever tried to modify the plugin ID 42822 sts_detect.nasl to produce the information when it doesn't have STS, rather than exiting on failure?

 

The portion of the script is as follows:

 

if (!sts) exit(0, "The web server on port "+port+" does not implement STS.");

else

{

  rep = strcat('\nThe STS header line is :\n\n', chomp(sts), '\n');

  security_note(port: port, extra: rep);

  set_kb_item(name:"www/"+port+"/STS", value:TRUE);

}

 

Instead of exiting, I would like the scanner to produce the results indicating the DNS doesn't contain STS.

 

I tried modifying it, but I am still unfamiliar with the variables in the else.

 

Thanks in advance.