FERRET CORE


The Ferret core was developed to be platform-independent and
simple. The following details the different steps executed by the
Ferret core.

1. It interprets the command line options and reads the
configuration file.

2. It determines information about the system Ferret is running
on, such as the operating system name and version. This
information is helpful in later stages in filtering out the
plug-ins that should remain active for a particular host. For
example, a plug-in developed specifically for the Linux system
should not be executed on a Solaris machine.

3. It determines what plug-ins are available in the system from
the directory defined in the configuration file (or on the command
line).

4. It queries each plug-in for information about what
vulnerability it checks, what level of privilege this
vulnerability could gain, on which operating system this
vulnerability should be checked for, and what keywords are
applicable to this plug-in. This information is stored in a hash
table for easy reference later.

5. It builds a hash table of the keywords, based on individual
keywords, in order to simplify the running of the plug-ins.

6. It uses the keywords to determine which plug-ins to run. If
no keyword is provided, then a default keyword of all is
used to run all the plug-ins.

7. It runs the chosen plug-ins in sequence.

8. It divides plug-ins, based on the results obtained, into two
categories: those that have found vulnerabilities, and those that
have not.

9. It pipes out the results, based on the mode selected by the
user, through the corresponding output plug-ins in the desired
format.