I was wondering if it is possible to run a command like cat, w3m or any other Operating System (Linux) utility from inside a NASL script and use its output. Do you know any examples? I know you can use the tools that OpenVAS uses like nikto, etc because they are already builtin functions. But can you use other tools that are not part of OpenVAS directly?
Asked
Active
Viewed 434 times
5
schroeder
- 123,438
- 55
- 284
- 319
MacKinnon360
- 53
- 4
1 Answers
4
There is the NASL function pread which allows you to run external commands from within a NASL script. An example to run cat and get its output could be:
args = make_list( "cat", # The cmd which is called, needs to be in cmd as well
"/etc/passwd" );
ret = pread( cmd:"cat", # The command to run
argv:args, # The arguments list of above
cd:FALSE ); # This specifies if a `cd` to the directory of the `cmd`should be done
A "full" example with various code path (e.g. checking if the command exists before running it) can be found in e.g. nikto.nasl (http://plugins.openvas.org/nasl.php?oid=14260)
cfischer
- 302
- 1
- 9