Tag Archives: NASL

OpenVAS Knowledge Base become smaller

At 23 January Jan Oliver Wagner, leader of OpenVAS project and Greenbone CEO, sent an email with a subject “Attic Cleanup”. In this message, he mentioned, that some NASL plugins will be excluded from the public NVT / Greenbone Community Feed (GCF) soon.

On the one hand it seems logical. These old plugins are not often used, but can slow down the scanner. But in fact there will be less plugins in public NVT feed. And the the commercial Greenbone Security Feed (GSF) will not change. Not good. 😉

“However, we will keep those NVTs in the Greenbone Security Feed (GSF) for the reasons of policy and of service level agreement.”

I took the archives downloaded within a few months after the letter and analyzed which plugins were added and removed:

  • tar -xf community-nvt-feed-current.tar -C 230118/
  • tar -jxf community-nvt-feed-current-2.tar.bz2 –directory 150218/
  • tar -jxf community-nvt-feed-current-3.tar.bz2 –directory 230318/

OpenVAS Plugins Deleted from community feed

The overall amount of plugins changed from 57502 to current 53383.

Continue reading

Exploitability attributes of Nessus plugins: good, bad and Vulners

Exploitability is one of the most important criteria for prioritizing vulnerabilities. Let’s see how good is the exploit-related data of Tenable Nessus NASL plugins and whether we can do it better.

Nessus exploitability

What are the attributes related to exploits? To understand this, I parsed all nasl plugins and got the following results.

Continue reading

Vulners NASL Plugin Feeds for OpenVAS 9

As I already wrote earlier, you can easily add third party nasl plugins to OpenVAS. So, my friends from Vulners.com realised generation of NASL plugins for OpenVAS using own security content. I’ve tested it for scanning CentOS 7 host. And it works =)

Vulners OpenVAS vulnerabilities

Let’s see the whole process.

Continue reading

Great OpenVAS news: delay in plugin feed will be dropped, new GVM-Tools for remote management released

Jan Oliver Wagner, CEO of Greenbone and OpenVAS Community leader sent recently several messages to community email list with the great news.

First of all, Greenbone decided to drop two weeks delay in a free plugin feed, that was implemented in June 2017 and made some OpenVAS users pretty nervous.

I wrote about it in “GSM Community Edition and lagging OpenVAS Plugin Feed“. The good thing is that, it has increased interest in NASL scripting among OpenVAS users. I also made some steps in this way in “Adding third party nasl plugins to OpenVAS“. I don’t now why Greenbone finally decided to drop this delay, but I am very glad for this decision. Wise move!

The feed will stay delayed until September 4th, 2017. To demonstrate the current state I used some data from Vulners.com collections. Let’s see the nasl vulnerability detection plugins for CentOS in Nessus and OpenVAS. I know that Windows would be much more clear, but Microsoft released latest MS17-023 bulletin in March, so now there is no much difference there.

CentOS Nessus Openvas 2 week delay

As you can see, no OpenVAS plugins since 2017-08-16, literally two weeks. And I hope this will change very soon.

Don’t forget that NVT will be called now GCF (Greenbone Community Feed) and some advanced enterprise-level checks will be now released only in paid feed.

Another good news is the recent release of open source GVM-Tools for controlling OpenVAS remotelly. It will replace old console client openvas-cli (omp). Let’s try to download and install it on Debian host with installed OpenVAS (see “Installing OpenVAS 9 from the sources“).

Continue reading

Adding third party nasl plugins to OpenVAS

If you want to develop nasl plugins for OpenVAS, you might be interested how to import them in scanner. So, I was also interested.

First of all, I decided to copy one of existing nasl scripts. I chose script that successfully detected vulnerability on a target host. Thus, in the case of importing error, I would know for sure that it’s not because of syntax errors in script, but, for example, because non-existing plugin signature.

I scanned target CentOS host, chose and copied script file, changed id of the script (oid) and script title, rebuilt database. Then I rescanned target host.

CESA edited

As you can see, new script is also in results. Pretty straightforward.

CESA edited description

Now, let’s review the actual commands.

Continue reading