Launch a script before a scan

hi Folks,

Besides scripting everything using a CLI is it possible to run a bash script before launching a task ? I need to change some network configuration before some tasks, of course I could “hack my way” with crontab but I don’t really know how much time a scan last thus the next one should reset the network config ( tag vlan).

Many thanks!

This is possible technically, but not an easy task to pull off.

The only way I could do this is by creating a custom .nasl VT that executes the bash script on the target using an SSH execute command. Then creating a custom scan configuration for a new task as a credentialed scan. Then “daisy chaining” it to occur before the scan task you want it to precede using an alert. You can find instructions on the forum here on how to create a custom .nasl script and load it into Greenbone.

ok so I don’t think I made myself understandable/clear.
I have multiple tasks, each for a different VLAN.
Each VLAN requires to change the TAG id of one of the network card of the openvas server. I was thinking to add to the task something to run a script on the local server that will change the tag id then launch the scan. Some kind of “Pre-Task Script”

Currently the only possibility seems to be to use a HTTP GET alert:

and make that script which changes the TAG id available on a local HTTP endpoint.

so I would run an alert that will send the task name/id to another webserver so this webserver interprets it as a command to launch a script :expressionless: I can see so many flaws and security issues here

Actually no, there can be also a “Task run status changed to” condition of e.g. “New” or “Requested” which means that the Alert is run before the task is actually getting started. The picture below only shows the default of “Done” which can be changed accordingly:

yes sorry I modified my answer while you were replying. I get the concept but seems to me a huge security issue and as a non developper (willingly!) I can see how this will fail in many ways. While launching a local script reduces many problem.

Full understandable, but other “out of the box” possibilities seems to be not available AFAICT.

one solution would be to launch those scans from crontab in a script taking care of the network configuration first but no way to make

openvas --scan-start=UUID

to work. I got no error but it never launch the job :-(.

For reference, the above has now a follow up on the question how to launch a scan from command line here: