Using AlienVault NVT Feed with Nessus 4 on Mac
Posted: March 21st, 2010 | Author: xanda | Filed under: IT Related | Tags: alienvault, macos, nessus, nvt, openvast, snow leopard | 6 Comments »Here is my simple howto and modified AlienVault NVT sync script to be use with Nessus 4 on Mac OS
First thing first, you need to have Nessus and MacPorts installed
Then install the md5sha1sum package
sudo port install md5sha1sum |
Use the following modified script and let it automagically fetch the NVT feed for you
#!/bin/bash # # OpenVAS # Description: Synchronize with with NVT feed. # This shell script synchronizes the local set of # OpenVAS Network Vulerability Tests (NVTs) and # associated includefiles with a given upstream # feed of updated or new files. # # Authors: # Lukas Grunwald <l.grunwald@dn-systems.de> # Jan-Oliver Wagner <jan-oliver.wagner@intevation.de> # xanda <adnanDOTshukorATgmailDOTcom> # # Copyright DN-Systems Enterprise Internet Solutions GmbH 2007 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2, # as published by the Free Software Foundation # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. # # Slight modifications, 2008/07 AlienVault VRT - code@alienvault.com # Slight modifications, 2008/08 Vlatko Kosturjak Kost <kostATlinuxDOThr> # Slight modifications, 2010/03 xanda - adnanDOTshukorATgmailDOTcom SCANNER=$1 if [ "x$SCANNER" = "x" ] then echo "Usage: $0 nessus" exit fi if [ ! $SCANNER = "nessus" ] then echo "Usage: $0 nessus" exit fi # Plugin dir if [ "x$NVT_DIR" = "x" ]; then # Plugin dir if [ $SCANNER = "nessus" ]; then NVT_DIR="/Library/Nessus/run/lib/nessus/plugins" fi fi # The URL of the plugin feed FEED=rsync://feed.alienvault.com:/nvt-feed findcmd() { CMD=$1 SRCH=/usr/bin:/usr/ucb:/usr/sbin:/sw/bin:/sbin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin SAVEIFS=$IFS IFS=: set $SRCH IFS=$SAVEIFS for dir do [ -x $dir/$CMD ] && { echo $dir/$CMD return } done } chk_system_tools(){ echo "Searching for required system tools ..." RSYNC=`findcmd rsync` MD5SUM=`findcmd md5sum` if [ -z "$RSYNC" ]; then echo "Error: RSYNC not found"; exit -1 fi if [ -z "$MD5SUM" ]; then echo "Error: MD5SUM not found"; exit -1 fi } sync_nvts (){ echo "Synchonizing NVTs via RSYNC ..." mkdir -p "$NVT_DIR" eval "rsync -av --progress \"$FEED\" \"$NVT_DIR\"" echo "Synchronization successful." } echo "AlienVault NVT Feed Sync" echo " " echo "Configured Scanner: $SCANNER" echo "Configured NVT Feed: $FEED" echo "Synchronized into: $NVT_DIR" echo " " echo " " chk_system_tools sync_nvts echo " " echo " " echo "Please restart your scanner daemon" |
chmod +x alienvault-nvt-feed.sh |
Make sure you stop the Nessus server first before run the script!
sudo ./alienvault-nvt-feed.sh nessus |
Enjoy! 😉
Does it work together with Nessus Feed or it overwrites them?
perfectly work together..
Is it also work with old Nessus?
@d4rKn19t
check the nessus plugins directory, if is different, change it
In the above script, the directory is:
NVT_DIR=”/Library/Nessus/run/lib/nessus/plugins”
mantooopppppp
ok go!