Custom NASL targeting only localhost

Hello everyone,

I have a question regarding a few NASL functions that are limited to use the target/host IP/FQDN only during their execution.

I am trying to develop a NASL VT that will run a few tests on the localhost.
However functions like open_sock_tcp() and http_req() can only target the target/host, or at least I cannot find a way to change that. I would like to mention that I want this script to run against localhost regardless the actual target/host that has been configured.

Is there anything I could do to use the aforementioned functions with IP:

Thank you for your help in advance.

The scanner in general (e.g. via open_sock_tcp or any functions like http_send_recv()) currently only support connecting/targeting the target/host and not arbitrary systems which are not the target itself.

A possible workaround might be to call external tools like curl or nc via the scanner function pcred() (Check the feed for some examples and note that this function was called a “dangerous” one in some older OpenVAS documentation).


My current approach uses pcred() function, but I wanted to ask you in case there was a workaround.

Thank you very much for your help :slightly_smiling_face:

1 Like