1.11. Predefined Global Variables This section lists global variables that are predefined and are commonly used when writing NASL plug-ins. | Note that NASL does not forbid you from changing the value of these variables, so be careful not to do so accidentally. For example, trUE should always evaluate to a nonzero value, while FALSE should always evaluate to 0. |
|
1.11.1. TRUE and FALSE The variable trUE evaluates to 1. The variable FALSE evaluates to 0. 1.11.2. NULL This variable signifies an undefined value. If an integer variable is tested (example: i == NULL) with NULL, first it will be compared with 0. If a string variable is tested (example: str == NULL) with NULL, it will be compared with the empty string "". 1.11.3. Script Categories Every NASL plug-in needs to specify a single category it belongs to by invoking script_category(). For example, a plug-in whose main purpose is to test a denial-of-service vulnerability should invoke script_category( ) as follows: script_category(ACT_DENIAL); You can invoke the script_category( ) function with any of the following categories as the parameter:
- ACT_ATTACK
-
This category is used by plug-ins to specify that their purpose is to launch a vulnerability scan on a target host.
- ACT_DENIAL
-
This category is reserved for plug-ins which perform denial-of-service vulnerability checks against services running on remote hosts.
- ACT_DESTRUCTIVE_ATTACK
-
This category is used by plug-ins that attempt to scan for vulnerabilities that might destroy data on a remote host if the attempt succeeds.
- ACT_GATHER_INFO
-
This category is for plug-ins whose purpose is to gather information about a target host. For example, a plug-in that connects to port 21 of a remote host to obtain its FTP banner will be defined under this category.
- ACT_INIT
-
This category contains plug-ins that merely set global variables (KB items) that are used by other plug-ins.
- ACT_KILL_HIST
-
This category is used to define plug-ins that might crash a vulnerable remote host or make it unstable.
- ACT_MIXED_ATTACK
-
This category contains plug-ins which, if successful, might cause the vulnerable remote host or its services to become unstable or crash.
- ACT_SCANNER
-
This category contains plug-ins that perform scans such as pinging or port scanning.
- ACT_SETTINGS
-
This category contains plug-ins that set global variables (KB items). These plug-ins are invoked by Nessus only when the target host is deemed to be alive. 1.11.4. Network Encapsulation The open_sock_tcp() function accepts an optional parameter called transport which you can set to indicate a specific transport layer, which is set to ENCAPS_IP to signify a pure TCP socket. The following lists other types of Nessus transports you can use:
- ENCAPS_SSLv23
-
SSL v23 connection. This allows v2 and v3 servers to specify and use their preferred version.
- ENCAPS_SSLv2
-
Old SSL version.
- ENCAPS_SSLv3
-
Latest SSL version.
- ENCAPS_TLSv1
-
TLS version 1.0. The get_port_transport( ) function takes in a socket number as an argument, and returns its encapsulation, which contains one of the constants specified in the preceding list. |