| One of the most attractive attributes of Nessus is the simplicity of creating custom extensions (or plugins) to be run with the Nessus engine.This benefit is gained via the specialized language NASL (Nessus Attack Scripting Language). NASL supplies the infrastructure to write networkbased scripts without the need to implement the underlying protocols. As NASL does not need to compile, plugins can be run at once, and development is fast. After understanding these benefits, it should be an easy decision to write your next network-based script using NASL.
NASL, as the name implies, is a scripting language specifically designed to run using the Nessus engine.The language is designed to provide the developer with all the tools he/she needs to write a network-based script, supporting as many network protocols as required. Every NASL is intended to be run as a test.Thus, its first part will always describe what the test is and what a positive result means. In most cases, the test is being done for a specific vulnerability, and a successful test means that the target (host/service) is vulnerable.The second part of the script runs NASL commands to provide a success/fail result.The script can also use the Nessus registry (the knowledge base) to provide more information on the target. |