Nessus Attack Scripting Language

Last updated December 07, 2021

The Nessus Attack Scripting Language, usually referred to as NASL, is a scripting language that is used by vulnerability scanners like Nessus and OpenVAS. With NASL specific attacks can be automated, based on known vulnerabilities.

Tens of thousands of plugins have been written in NASL for Nessus and OpenVAS.^[1] Files that are written in this language usually get the file extension .nasl. For the exploitation of a zero day attack it is possible for an end user of Nessus or OpenVAS to write custom code in NASL which is executed by these vulnerability scanners.

In earlier versions of Nessus, a binary called nasl or nasl.exe was provided that could interpret NASL code to perform vulnerability scans. In later versions of Nessus, this should be done via an API that is provided by this software.

An example of executing a NASL plugin 'myzeroday.nasl' on Windows, a command such as the following could be invoked:

nasl.exe -t 127.0.0.1 "C:\temp\myzeroday.nasl"

An equivalent example of a Linux or UNIX command could look like this:

nasl -t 127.0.0.1 /tmp/myzeroday.nasl

If the plugin, in this example myzeroday.nasl, is placed in the same directory where other NASL plugins are located, it can also be included in standard scans by Nessus or OpenVAS, via the Web GUI or an API.

Many of the specifications of the formal language are similar to those of the programming language C and the scripting language Perl and those of other languages. Control flow such as the for loop, the if and if-else statements are part of the language and comments are preceded by a hash.

An example of "Hello World" in NASL is:^[2]

display("Hello World\n");

In the release notes of Nessus 6.10.0 of 1/31/2017, a new NASL compiler for faster plugins was mentioned.^[3]

Related Research Articles

Liberty BASIC (LB) is a commercial computer programming language and integrated development environment (IDE). It has an interpreter, developed in Smalltalk, which recognizes its own dialect of the BASIC programming language. It runs on 16- and 32-bit Windows and OS/2.

The Microsoft Windows Script Host (WSH) is an automation technology for Microsoft Windows operating systems that provides scripting abilities comparable to batch files, but with a wider range of supported features. This tool was first provided on Windows 95 after Build 950a on the installation discs as an optional installation configurable and installable by means of the Control Panel, and then a standard component of Windows 98 and subsequent and Windows NT 4.0 Build 1381 and by means of Service Pack 4. The WSH is also a means of automation for Internet Explorer via the installed WSH engines from IE Version 3.0 onwards; at this time VBScript became means of automation for Microsoft Outlook 97. The WSH is also an optional install provided with a VBScript and JScript engine for Windows CE 3.0 and following and some third-party engines including Rexx and other forms of Basic are also available.

Nullsoft Scriptable Install System (NSIS) is a script-driven installer authoring tool for Microsoft Windows backed by Nullsoft, the creators of Winamp. NSIS is released under a combination of free software licenses, primarily the zlib license. It has become a widely used alternative to commercial proprietary products like InstallShield, with users including Amazon.com, Dropbox, Google, Ubisoft, FL Studio, BitTorrent, and McAfee.

DIGITAL Command Language (DCL) is the standard command language adopted by most of the operating systems that were sold by the former Digital Equipment Corporation. DCL had its roots in IAS, TOPS-20, and RT-11 and was implemented as a standard across most of Digital's operating systems, notably RSX-11 and RSTS/E, but took its most powerful form in VAX/VMS. DCL continues to be developed by VSI as part of OpenVMS.

In some programming languages, eval, short for the English evaluate, is a function which evaluates a string as though it were an expression and returns a result; in others, it executes multiple lines of code as though they had been included instead of the line including the eval. The input to eval is not necessarily a string; it may be structured representation of code, such as an abstract syntax tree, or of special type such as code. The analog for a statement is exec, which executes a string as if it were a statement; in some languages, such as Python, both are present, while in other languages only one of either eval or exec is.

Nessus is a proprietary vulnerability scanner developed by Tenable, Inc.

AutoHotkey is a free and open-source custom scripting language for Microsoft Windows, initially aimed at providing easy keyboard shortcuts or hotkeys, fast macro-creation and software automation that allows users of most levels of computer skill to automate repetitive tasks in any Windows application. User interfaces can easily be extended or modified by AutoHotkey. The AutoHotkey installation includes its own extensive help file, and web-based documentation is also available.

Application security includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security issues within applications. It encompasses the whole application life cycle from requirements analysis, design, implementation, verification as well as maintenance.

Dynamic-link library (DLL) is Microsoft's implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems. These libraries usually have the file extension DLL, OCX, or DRV . The file formats for DLLs are the same as for Windows EXE files – that is, Portable Executable (PE) for 32-bit and 64-bit Windows, and New Executable (NE) for 16-bit Windows. As with EXEs, DLLs can contain code, data, and resources, in any combination.

OpenVAS is the scanner component of Greenbone Vulnerability Manager (GVM), a software framework of several services and tools offering vulnerability scanning and vulnerability management.

Metasploit Project Computer security testing tool

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.

Google Web Toolkit, or GWT Web Toolkit, is an open-source set of tools that allows web developers to create and maintain JavaScript front-end applications in Java. Other than a few native libraries, everything is Java source that can be built on any supported platform with the included GWT Ant build files. It is licensed under the Apache License 2.0.

A dynamic application security testing (DAST) tool is a program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. It performs a black-box test. Unlike static application security testing tools, DAST tools do not have access to the source code and therefore detect vulnerabilities by actually performing attacks.

A batch file is a script file in DOS, OS/2 and Microsoft Windows. It consists of a series of commands to be executed by the command-line interpreter, stored in a plain text file. A batch file may contain any command the interpreter accepts interactively and use constructs that enable conditional branching and looping within the batch file, such as IF, FOR, and GOTO labels. The term "batch" is from batch processing, meaning "non-interactive execution", though a batch file may not process a batch of multiple data.

Network enumeration is a computing activity in which usernames and info on groups, shares, and services of networked computers are retrieved. It should not be confused with network mapping, which only retrieves information about which servers are connected to a specific network and what operating system runs on them.

Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It leverages external open source programs, such as FindBugs, PMD, JLint, JavaScript Lint, PHPLint, Cppcheck, ClamAV, Pixy, and RATS to scan specific file types, and also contains many custom scanners developed for Yasca. It is a command-line tool that generates reports in HTML, CSV, XML, MySQL, SQLite, and other formats. It is listed as an inactive project at the well-known OWASP security project, and also in a government software security tools review at the U.S Department of Homeland Security web site.

Google Closure Tools is a set of tools to help developers build rich web applications with JavaScript. It was developed by Google for use in their web applications such as Gmail, Google Docs and Google Maps.

Hollywood is a commercially distributed programming language developed by Andreas Falkenhahn which mainly focuses on the creation of multimedia-oriented applications. Hollywood is available for AmigaOS, MorphOS, WarpOS, AROS, Windows, macOS, Linux, Android, and iOS. Hollywood has an inbuilt cross compiler that can automatically save executables for all platforms supported by the software. The generated executables are completely stand-alone and do not have any external dependencies, so they can also be started from a USB flash drive. An optional add-on also allows users to compile projects into APK files.

Dart is a programming language designed for client development, such as for the web and mobile apps. It is developed by Google and can also be used to build server and desktop applications.

Deno (software) Secure Javascript and Typescript runtime

Deno is a runtime for JavaScript and TypeScript that is based on the V8 JavaScript engine and the Rust programming language. It was created by Ryan Dahl, original creator of Node.js, and is focused on productivity.

References

↑ "Fast comparison of Nessus and OpenVAS knowledge bases". 27 November 2016.
↑ Network Security Tools, by Justin Clarke, Nitesh Dhanjani, O'Reilly Media, Inc., April 2005, ISBN 9780596007942
↑ https://docs.tenable.com/releasenotes/nessus/nessus50.htm Nessus 6.10.0 Release Notes - 1/31/2017, New NASL compiler for faster plugins

Sources

Information on NASL
Nessus Network Auditing, 2nd Edition by Russ Rogers, Publisher: Syngress Release Date: October 2011 ISBN 9780080558653 Chapter 11 NASL
Using the 'nasl' Nessus Command Line Tool
NASL API Documentation
Basic Structure of NASL Scripts
Adding third party nasl plugins to OpenVAS by Alexander V. Leonov Information Security Automation
FreeBSD Manual Pages, Manual Reference Pages - OPENVAS-NASL (1)
Nessus, Snort, and Ethereal Power Tools, by Noam Rathaus, Gilbert Ramirez, Jay Beale, Brian Caswell, Publisher: Syngress 2005 ISBN 9780080489421 Chapter 1. The Inner Workings of NASL (Nessus Attack Scripting Language)

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Fast comparison of Nessus and OpenVAS knowledge bases". 27 November 2016.

[2] Network Security Tools, by Justin Clarke, Nitesh Dhanjani, O'Reilly Media, Inc., April 2005, ISBN 9780596007942

[3] ttps://docs.tenable.com/releasenotes/nessus/nessus50.htm Nessus 6.10.0 Release Notes - 1/31/2017, New NASL compiler for faster plugins

[1]

[2]

[3]