Understanding testing of nasl scripts


I want to know the best way to understand how the nasl scripts are running and how to debug them. The only best way is to run openvas-scan each time we modify a nasl script? is that correct?

How to migrate and test custom Nessus scripts?


you can either do a “Full Scan” via OpenVAS/GVM by using e.g. the GSA WebGUI or you can use the command line tool openvas-nasl to run a script.

The first one is outside of the scope of this category and you could create a new thread in the https://community.greenbone.net/c/gse category to get some possible insights on how the scanner is doing scans and how to start such a “Full Scan” within OpenVAS/GVM.

For the latter a few examples below (see the openvas-nasl --help output for a description of each parameter):

openvas-nasl -X -B -d -i /var/lib/openvas/plugins -t <target> nginx_detect.nasl

-> This tries to “detect” a running nginx web server on the default http port (in this case 80) defined within the .nasl file

openvas-nasl -X -B -d -i /var/lib/openvas/plugins -t <target> --kb="Services/www=443" --kb="Transports/TCP/443=2" nginx_detect.nasl

-> This “overwrites” the default http port within the .nasl file, sets it to 443 and also tells the scanner to make a SSL/TLS connection to the target host.

On both calls you can append an additional VT which should be started after the first has finished like e.g.:

openvas-nasl -X -B -d -i /var/lib/openvas/plugins -t <target> nginx_detect.nasl 2017/gb_nginx_infor_disc_vuln.nasl


  1. openvas-nasl currently doesn’t evaluate any of the script_dependencies, script_require_keys or similar within your .nasl files. Thus if e.g. 1.nasl is setting the following:

    set_kb_item(name:"product/detected", value:TRUE);

    but 2.nasl is has a typo in the script_mandatory_keys like:


    openvas-nasl will happily run the 2.nasl where it won’t be started with a “Full scan”.

  2. To use openvas-nasl on the command line you need to add (for most cases) the following to your openvassd.conf file (see the config_file directive of the output from a openvassd -s call):

    unscanned_closed = no


I have added the following to the configuration - unscanned_closed = no and tried to run b.nasl using openvas-nasl.
I can see the log of b.nasl when I run a scan in web GUI. for example which OS it is.
but I cannot see the same result when I run b.nasl using openvas-nasl. When a single b.nasl is executed, how are the nasl scripts it depends on are linked? or is anything wrong in the way I execute using openvas-nasl. I used the same command you showed me as example:
“openvas-nasl -X -B -d -i /var/lib/openvas/plugins -t IP-ADDRESS b.nasl”



as pointed out previously there is no dependency and/or “port” management when using openvas-nasl.

You need to make sure that you call all required dependencies of “b.nasl” by adding them in front of the “b.nasl” in your openvas-nasl call.

Depending what “b.nasl” and/or its dependencies are doing / how the code looks like similar is also valid for ports used by those as shown in the examples as well.


Thank you again. This means that there is a long chain of scripts that are connected to one another. Like a.nasl depends on b.nasl and c.nasl. b.nasl in-turn depends on d.nasl and e.nasl.So, I need to mention all the scripts before a.nasl. Is this correct?


Yes, in most cases this is correct. There might be scripts (like e.g. the mentioned nginx_detect.nasl) where this not fully applies and you can only call the script itself without its previous dependency but this is only valid from case to case and not generally.


Thanks a lot for the response. It surely is of great help.


A post was split to a new topic: How to migrate custom Nessus scripts?