1.11. Predefined Global Variables
This section lists global variables that
are predefined and are commonly used when writing NASL plug-ins.
Note that NASL does not forbid you from changing the value of these
variables, so be careful not to do so accidentally. For example,
trUE should always evaluate to a nonzero value,
while FALSE should always evaluate to
0.
1.11.1. TRUE and FALSE
The variable trUE evaluates to 1. The
variable FALSE evaluates to 0.
1.11.2. NULL
This variable signifies an undefined value. If
an integer variable is tested (example: i
== NULL) with
NULL, first it will be compared with
0. If a string variable is tested (example:
str == NULL) with NULL, it will
be compared with the
empty
string ".
1.11.3. Script Categories
Every
NASL plug-in needs to specify a single
category it belongs to by invoking script_category(). For example, a plug-in whose main purpose is to test a
denial-of-service vulnerability should invoke
script_category( ) as
follows:
script_category(ACT_DENIAL);
You can invoke the script_category(
) function with any of the following
categories as the parameter:
ACT_ATTACK
This category is used by plug-ins to specify that their purpose is to
launch a vulnerability scan on a target host.
ACT_DENIAL
This category is reserved for plug-ins which perform
denial-of-service vulnerability checks against services running on
remote hosts.
ACT_DESTRUCTIVE_ATTACK
This category is used by plug-ins that attempt to scan for
vulnerabilities that might destroy data on a remote host if the
attempt succeeds.
ACT_GATHER_INFO
This category is for plug-ins whose purpose is to gather information
about a target host. For example, a plug-in that connects to port 21
of a remote host to obtain its FTP banner will be defined under this
category.
ACT_INIT
This category contains plug-ins that merely set global variables (KB
items) that are used by other plug-ins.
ACT_KILL_HIST
This category is used to define plug-ins that might crash a
vulnerable remote host or make it unstable.
ACT_MIXED_ATTACK
This category contains plug-ins which, if successful, might cause the
vulnerable remote host or its services to become unstable or crash.
ACT_SCANNER
This category contains plug-ins that perform scans such as pinging or
port scanning.
ACT_SETTINGS
This category contains plug-ins that set global variables (KB items).
These plug-ins are invoked by Nessus only when the target host is
deemed to be alive.
1.11.4. Network Encapsulation
The open_sock_tcp()
function accepts an optional parameter
called transport which you can set to indicate a
specific transport layer, which is set to
ENCAPS_IP to signify a pure TCP socket. The
following lists other types of Nessus transports you can use:
ENCAPS_SSLv23
SSL v23 connection. This allows v2 and v3 servers to specify and use
their preferred version.
ENCAPS_SSLv2
Old SSL version.
ENCAPS_SSLv3
Latest SSL version.
ENCAPS_TLSv1
TLS version 1.0.
The get_port_transport( ) function takes in a
socket number as an argument, and returns its encapsulation, which
contains one of the constants specified in the preceding list.
|