Hello,
first off: openvas-nasl is still updated and maintained regularly, so you won’t need to do without it in newer installations.
But maybe we can get your current installation to do what you want it to do.
The openvas-nasl command-line tool doesn’t automatically resolve dependencies, which has several implications:
- No port scan is done if not enabled explicitly, so if the “unscanned_closed” option is not explicitly set to “no”, all ports will be assumed closed.
- Tests that check for a specific KB key at the start won’t run unless the script that sets that KB key is explicitly mentioned in the openvas-nasl command-line call
For the former behavior, there are several possible fixes:
- Set a KB manually that defines the port as open (
--kb="Ports/tcp/80=1"for Port 80) - Set the unscanned_closed option to “no” - this will at least enable the tests to scan the default ports when using openvas-nasl
For good measure, I also almost always add find_service.nasl in my calls when scanning HTTP, just to be sure. It may or may not always be necessary, but maybe it helps in this case.
So, what I recommend you do is:
- Call
openvas -sand see where your configuration file resides. - Open that configuration file with write permissions and add the line “unscanned_closed = no”.
- Make your call this:
openvas-nasl -t 127.0.0.1 -i /var/lib/openvas/plugins/ /var/lib/openvas/plugins/find_service.nasl /var/lib/openvas/plugins/pre2008/anti_nessus.nasl -X -T out.log -d --kb="Ports/tcp/80=1"
While I cannot guarantee that this will work with old version, it is highly likely that it will.
Kind regards,