Besides the vast number of scripts that are publicly available to use within Nessus, the Knowledge Base is the most advanced feature included within the product. NASL has an extremely easy-to-understand-and-utilize API for network communication and sockets, in addition to a best-of-breed Knowledge Base implementation that allows scripts to share, store, and re-use data from other scripts during execution. Upgrading from NASLvl to NASL2 realized multiple enhancements, most notably features and overall execution speed. NASL2 is also an object-oriented language where users have the ability to implement classes and all the other features that come with object-oriented programming (OOP). Similar to every other scripting language, NASL is an interpreted language, meaning every character counts when parsing. While Nessus utilizes Networked Messaging Application Protocol (NMAP) to invoke most of its host-identification and port-scanning capabilities, it pulls from a global development community to launch the plethora of scripts that can identify ranges of vulnerabilities including windows hot-fixes, UNIX services, Web services, network device identification, and wireless access point mapping. The NASL, similar to and spawned from Network Associates, Inc.’s (NAI’s) Custom Audit Scripting Language (CASL), was designed to power the vulnerability assessment backend of the freeware Nessus project ( Nessus project, started in 1998 by Renaud Déraison, was and still remains the most dominant freeware solution to vulnerability assessment and management. ![]() Foster, Mike Price, in Sockets, Shellcode, Porting, & Coding, 2005 Summary
0 Comments
Leave a Reply. |