How to test a single .nasl via the command line

GVM versions

gsa: 8.0.1
gvm: 8.0.1
openvas-scanner: 6.0.1
gvm-libs: 10.0.1

Environment

Operating system: Arch Linux
Kernel: 5.2.14-arch2-1-ARCH
Installation method / source: pacman

##################################################################################

Dear all,

In the past it was possible to run a binary called openvas-nasl in order to test a specific .nasl file.

I am not quite sure whether this program is being released or not anymore.

I have an installation of this binary in one of my machines and I am running the following script:

[demo@test] openvas-nasl -t 127.0.0.1 -i /var/lib/openvas/plugins/ /var/lib/openvas/plugins/pre2008/anti_nessus.nasl -X -T out.log -d

The script ends silently. All files seem to be in place. Log file out.log is not easily readable (at least, to me).

Is there any command-line replacement or alternative for versions 6.0.1, 7.0.1 or 20.8.0?

Thank you in advance for your answers.

Kind regards,

P.D.: I am aware the version I’m using is a bit old.

I am also aware of gvm-tools and example scripts like this one.

However, I am not really sure if this is the best solution for my question.

Any advice? Thank you.

Regards.

Hello,

first off: openvas-nasl is still updated and maintained regularly, so you won’t need to do without it in newer installations.

But maybe we can get your current installation to do what you want it to do.
The openvas-nasl command-line tool doesn’t automatically resolve dependencies, which has several implications:

  • No port scan is done if not enabled explicitly, so if the “unscanned_closed” option is not explicitly set to “no”, all ports will be assumed closed.
  • Tests that check for a specific KB key at the start won’t run unless the script that sets that KB key is explicitly mentioned in the openvas-nasl command-line call

For the former behavior, there are several possible fixes:

  1. Set a KB manually that defines the port as open (--kb="Ports/tcp/80=1" for Port 80)
  2. Set the unscanned_closed option to “no” - this will at least enable the tests to scan the default ports when using openvas-nasl

For good measure, I also almost always add find_service.nasl in my calls when scanning HTTP, just to be sure. It may or may not always be necessary, but maybe it helps in this case.

So, what I recommend you do is:

  • Call openvas -s and see where your configuration file resides.
  • Open that configuration file with write permissions and add the line “unscanned_closed = no”.
  • Make your call this: openvas-nasl -t 127.0.0.1 -i /var/lib/openvas/plugins/ /var/lib/openvas/plugins/find_service.nasl /var/lib/openvas/plugins/pre2008/anti_nessus.nasl -X -T out.log -d --kb="Ports/tcp/80=1"

While I cannot guarantee that this will work with old version, it is highly likely that it will.

Kind regards,

6 Likes

Hello @_jp,

I have followed the 3 steps you mentioned at the bottom of your post.

For some reason, the following command does not output anything (maybe missing KBs, or maybe something else, I don’t know).

[demo@test] openvas-nasl -t 127.0.0.1 -i /var/lib/openvas/plugins/ /var/lib/openvas/plugins/find_service.nasl /var/lib/openvas/plugins/pre2008/anti_nessus.nasl -X -T out.log -d --kb="Ports/tcp/80=1"

UPDATE: The previous command has worked successfully when using a non-local IP.

However, in order to perform some basic validation, I have tested a NVT (mysql_version.nasl) which I have already confirmed it exists in my testing machine.

So when I run your command with this NVT:

[demo@test] openvas-nasl -t 127.0.0.1 -i /var/lib/openvas/plugins/ /var/lib/openvas/plugins/find_service.nasl /var/lib/openvas/plugins/mysql_version.nasl -X -T out.log -d --kb="Ports/tcp/80=1"
lib  misc-Message: 21:27:05.010: set key mariadb/version/3306 -> 10.4.8
lib  misc-Message: 21:27:05.011: set key OpenDatabase/found -> 1
lib  misc-Message: 21:27:05.011: set key mysql_mariadb/full_banner/3306 -> 5.5.5-10.4.8-MariaDB

lib  misc-Message: 21:27:05.012: set key MariaDB/installed -> 1
lib  misc-Message: 21:27:05.013: set key MySQL_MariaDB/installed -> 1
lib  misc-Message: 21:27:05.014: replace key Known/tcp/3306 -> mysql
lib  misc-Message: 21:27:05.015: set key Services/mysql -> 3306
lib  misc-Message: 21:27:05.020: set key get_app/cpe:/a:mariadb:mariadb -> #-#cpe:/a:mariadb:mariadb:10.4.8#-#3306/tcp#-#3306#-#tcp
lib  misc-Message: 21:27:05.020: set key get_app/ports/cpe:/a:mariadb:mariadb -> 3306
lib  misc-Message: 21:27:05.021: set key get_app/protocols/cpe:/a:mariadb:mariadb -> tcp
Detected MariaDB

Version:       10.4.8
Location:      3306/tcp
CPE:           cpe:/a:mariadb:mariadb:10.4.8

Concluded from version/product identification result:
5.5.5-10.4.8-MariaDB

This result concurs with my previous OpenVAS execution.

The block

Detected MariaDB

Version:       10.4.8
Location:      3306/tcp
CPE:           cpe:/a:mariadb:mariadb:10.4.8

Concluded from version/product identification result:
5.5.5-10.4.8-MariaDB

is the exact value shown in the OpenVAS report

Thank you very much @_jp for your help.

4 Likes