| One of the most attractive attributes of Nessus is the simplicity of creating custom extensions (or
plugins) to be run with the Nessus engine.This benefit is gained via the specialized language
NASL (Nessus Attack Scripting Language). NASL supplies the infrastructure to write networkbased
scripts without the need to implement the underlying protocols. As NASL does not need
to compile, plugins can be run at once, and development is fast. After understanding these benefits,
it should be an easy decision to write your next network-based script using NASL.
NASL, as the name implies, is a scripting language specifically designed to run using the Nessus
engine.The language is designed to provide the developer with all the tools he/she needs to
write a network-based script, supporting as many network protocols as required.
Every NASL is intended to be run as a test.Thus, its first part will always describe what the
test is and what a positive result means. In most cases, the test is being done for a specific vulnerability,
and a successful test means that the target (host/service) is vulnerable.The second part of
the script runs NASL commands to provide a success/fail result.The script can also use the
Nessus registry (the knowledge base) to provide more information on the target. |
