OpenVAS custom database - Is it possible to Customise or add to the OpenVAS database to add my own threats?


#1

Hi,

Purely for my testing I would like to amend or add to the the existing OpenVAS database or feed to add my own threats for vulnerability scanning taken from web scrapers or other sites. So that Open VAS could perform tests

Can I ask how I can add my own custom threats to the OpenVAS scanner and how I would go about structuring this.

This is purely used in a lab environment for my testing.

Thanks a lot


#2

If you copy the nasl file into the directory “private” in the main plugin directory, your files will not get deleted by the feed update routine.

It is probably easiest for you to disable signature checking to allow the scanner to execute your nasl files.
That is of course not exactly the best security practice.

Finally, take care the OIDs of your personal scripts do not clash with our feed content:

Please be aware that our content may change any day, ie scripts are renamed, re-arranged or other NASL code changes happen. We take care of consistency for the feed content as a whole.


#3

Thanks all. Is there any relevant documentation for OpenVas that I can refer to for this particular request and the general architecture.


#4

I am afraid there is not good documentation about it. Initially we tried to support this.

The main reason why we do not invest time into this is that this concept did not lead to a business model providing sustainable financing of the tremendous development efforts.

Concentrating on a consistent and QA’ed Feed where we can freely change anything without considering needs of uncoordinated third-party integrations is what helps us (and helps the community) so much. In 2018 we cleaned up and improved virtually all of the VTs, re-arrange API etc. It improved performance and results. We have a comprehensive automated QA system to ensure consistency of GSF and of the reduced GCF.


#5

Thanks for taking the time to respond and explain Jan. That makes complete sense.