I want to know the best way to understand how the nasl scripts are running and how to debug them. The only best way is to run openvas-scan each time we modify a nasl script? is that correct?
Hi,
you can either do a “Full Scan” via OpenVAS/GVM by using e.g. the GSA WebGUI or you can use the command line tool openvas-nasl
to run a script.
The first one is outside of the scope of this category and you could create a new thread in the https://community.greenbone.net/c/gse category to get some possible insights on how the scanner is doing scans and how to start such a “Full Scan” within OpenVAS/GVM.
For the latter a few examples below (see the openvas-nasl --help
output for a description of each parameter):
openvas-nasl -X -B -d -i /var/lib/openvas/plugins -t <target> nginx_detect.nasl
-> This tries to “detect” a running nginx web server on the default http port (in this case 80) defined within the .nasl file
openvas-nasl -X -B -d -i /var/lib/openvas/plugins -t <target> --kb="Services/www=443" --kb="Transports/TCP/443=2" nginx_detect.nasl
-> This “overwrites” the default http port within the .nasl file, sets it to 443 and also tells the scanner to make a SSL/TLS connection to the target host.
On both calls you can append an additional VT which should be started after the first has finished like e.g.:
openvas-nasl -X -B -d -i /var/lib/openvas/plugins -t <target> nginx_detect.nasl 2017/gb_nginx_infor_disc_vuln.nasl
NOTE/Important:
-
openvas-nasl
currently doesn’t evaluate any of thescript_dependencies
,script_require_keys
or similar within your .nasl files. Thus if e.g. 1.nasl is setting the following:set_kb_item(name:"product/detected", value:TRUE);
but 2.nasl is has a typo in the
script_mandatory_keys
like:script_mandatory_keys("product/detectd");
openvas-nasl
will happily run the 2.nasl where it won’t be started with a “Full scan”. -
To use
openvas-nasl
on the command line you need to add (for most cases) the following to youropenvassd.conf
file (see theconfig_file
directive of the output from aopenvassd -s
call):unscanned_closed = no
I have added the following to the configuration - unscanned_closed = no and tried to run b.nasl using openvas-nasl.
I can see the log of b.nasl when I run a scan in web GUI. for example which OS it is.
but I cannot see the same result when I run b.nasl using openvas-nasl. When a single b.nasl is executed, how are the nasl scripts it depends on are linked? or is anything wrong in the way I execute using openvas-nasl. I used the same command you showed me as example:
“openvas-nasl -X -B -d -i /var/lib/openvas/plugins -t IP-ADDRESS b.nasl”
Hi,
as pointed out previously there is no dependency and/or “port” management when using openvas-nasl.
You need to make sure that you call all required dependencies of “b.nasl” by adding them in front of the “b.nasl” in your openvas-nasl call.
Depending what “b.nasl” and/or its dependencies are doing / how the code looks like similar is also valid for ports used by those as shown in the examples as well.
Thank you again. This means that there is a long chain of scripts that are connected to one another. Like a.nasl depends on b.nasl and c.nasl. b.nasl in-turn depends on d.nasl and e.nasl.So, I need to mention all the scripts before a.nasl. Is this correct?
Yes, in most cases this is correct. There might be scripts (like e.g. the mentioned nginx_detect.nasl
) where this not fully applies and you can only call the script itself without its previous dependency but this is only valid from case to case and not generally.
Thanks a lot for the response. It surely is of great help.