How to migrate and test custom Nessus scripts?


#1

I have several custom nasl scripts that I have used with Nessus and they work well. Management has decided to stop using Nessus and switch over to OpenVAS. I would like to bring the scripts over and install them into OpenVAS. In my ideal world, I would like to first validate the scripts and I believe that I can use the parse option of openvas-nasl command to do so. I would also like to create an option were I name these scripts, perhaps “custom” and then run a scan only using the custom scripts.

I have attempted to create a directory under the …/plugins directory with the scripts copied over and then openvasmd --rebuild but that does not seem to add any scripts from the custom directory.

Can you point me in the right direction on how I SHOULD be installing these scripts?


Understanding testing of nasl scripts
#2

Hi,

while VTs in OpenVAS/GVM still have the .nasl file ending there is absolutely no guarantee that you can use OpenVAS/GVM as a drop in replacement for Nessus and just run the script “as is”. While basic NASL functionality might be still compatible both projects drifted away from each other quite fast and don’t have that much in common anymore.

To keep the focus on the migration (which might require some work from your side) i have split your question from the original thread.

As a first step you could have a look at the template.nasl attached at VT Development to see how .nasl files are build up in OpenVAS/GVM. Additionally a search for some existing .nasl files doing similar than yours on your local plugins folder (described in the linked thread as well) might provide some more insights as well.

Once the “scripts” are ready for OpenVAS/GVM you could:

  1. have a look at the example command line calls provided in Understanding testing of nasl scripts and ask specific questions once they are showing up during your tests

  2. crate a new thread on how to “install” scripts and choose them for a scan in https://community.greenbone.net/c/gse


#3

Forgot to mention that you can do a “basic” lint check via openvas-nasl-lint to see if the code base is valid with a call similar to the following (replace the plugins path with one valid for your setup):

openvas-nasl-lint -i /var/lib/openvas/plugins yourscript.nasl

Note: lint will not check the validity of e.g. dependencies, a correct OID or similar but it should give you a basic starting point if the script is ready for further testing.