Add: PoC for alive test.

It only support icmpv4 For testing, compile with nasl-builtin-raw-ip feature and run `sudo target/debug/scannerctl alivetest --icmp -t 192.168.0.1,192.168.0.2,192.168.0.3 --timeout 5000 --verbose`
greenbone · Jan 17, 2025 · 29593d9 · 29593d9
1 parent 5c1828b
commit 29593d9
Show file tree

Hide file tree

Showing 16 changed files with 602 additions and 5 deletions.
diff --git a/rust/Cargo.lock b/rust/Cargo.lock
diff --git a/rust/Cargo.toml b/rust/Cargo.toml
@@ -83,7 +83,7 @@ x509-certificate = "0.23.1"
 x509-parser = "0.16.0"
 
 rayon = { version = "1.8.0", optional = true }
-pcap = { version = "1.0.0", optional = true }
+pcap = { version = "1.0.0", optional = true, features = ["all-features", "capture-stream"] }
 pnet_base = { version = "0.33.0", optional = true }
 pnet = { version = "0.33.0", optional = true }
 pnet_macros = { version = "0.33.0", optional = true }
@@ -99,6 +99,7 @@ nasl-c-lib = { path = "crates/nasl-c-lib", optional = true }
 openssl = { version = "0.10.66", features = ["vendored"] }
 blowfish = "0.9.1"
 rc4 = "0.1.0"
+pcap-sys = "0.1.3"
 
 [workspace]
 resolver = "2"

diff --git a/rust/src/alive_test/README.md b/rust/src/alive_test/README.md
@@ -0,0 +1,7 @@
+# Alive Test 
+
+This is the rust library implementation of Boreas from https://github.com/greenbone/gvm-libs/ and https://github.com/greenbone/boreas/
+
+Alive Test is a library to scan for alive hosts as well as a command line tool integrated in scannerctl, which replaces the former Boreas library and command line tool written in C.
+
+It supports IPv4 and IPv6 address ranges and allows to exclude certain addresses from a range. The alive ping tests support ICMP, TCP-ACK, TCP-SYN and ARP and any combination. For TCP ping an individual port list can be applied.
diff --git a/rust/src/alive_test/README.md~ b/rust/src/alive_test/README.md~
@@ -0,0 +1,32 @@
+# Notus Scanner
+
+This is the rust library implementation of the Notus Scanner originating from https://github.com/greenbone/notus-scanner
+
+Notus Scanner detects vulnerable products in a system environment. The scanning 
+method is to evaluate internal system information. It does this very fast and
+even detects currently inactive products because it does not need to interact
+with each of the products.
+
+To report about vulnerabilities, Notus Scanner receives collected system
+information on the one hand and accesses the vulnerability information from the
+notus feed on the other. Both input elements are in table form: the system
+information is specific to each environment and the vulnerability information is
+specific to each system type.
+
+Notus Scanner integrates into the Greenbone Vulnerability Management framework
+which allows to let it scan entire networks within a single task. Any
+vulnerability test in the format of `.notus` files inside the Greenbone Feed
+will be considered and automatically matched with the scanned environments.
+
+A system environment can be the operating system of a host. But it could also be
+containers like Docker or virtual machines. Neither of these need to be actively
+running for scanning.
+
+The Notus Scanner is implemented as a Rust library and published under an Open Source
+license. Greenbone Networks maintains and extends it since it is embedded in the
+Greenbone Professional Edition as well as in the Greenbone Cloud Services.
+
+Greenbone also keeps the vulnerability information up-to-date via the feed on a
+daily basis. The `.notus` format specification is open and part of the
+documentation. To get the required notus files use the greenbone feed sync
+https://github.com/greenbone/greenbone-feed-sync