Team LiB
Previous Section Next Section

1.11. Predefined Global Variables

This section lists global variables that are predefined and are commonly used when writing NASL plug-ins.

Note that NASL does not forbid you from changing the value of these variables, so be careful not to do so accidentally. For example, trUE should always evaluate to a nonzero value, while FALSE should always evaluate to 0.


1.11.1. TRUE and FALSE

The variable trUE evaluates to 1. The variable FALSE evaluates to 0.

1.11.2. NULL

This variable signifies an undefined value. If an integer variable is tested (example: i == NULL) with NULL, first it will be compared with 0. If a string variable is tested (example: str == NULL) with NULL, it will be compared with the empty string "".

1.11.3. Script Categories

Every NASL plug-in needs to specify a single category it belongs to by invoking script_category(). For example, a plug-in whose main purpose is to test a denial-of-service vulnerability should invoke script_category( ) as follows:

script_category(ACT_DENIAL);

You can invoke the script_category( ) function with any of the following categories as the parameter:


ACT_ATTACK

This category is used by plug-ins to specify that their purpose is to launch a vulnerability scan on a target host.


ACT_DENIAL

This category is reserved for plug-ins which perform denial-of-service vulnerability checks against services running on remote hosts.


ACT_DESTRUCTIVE_ATTACK

This category is used by plug-ins that attempt to scan for vulnerabilities that might destroy data on a remote host if the attempt succeeds.


ACT_GATHER_INFO

This category is for plug-ins whose purpose is to gather information about a target host. For example, a plug-in that connects to port 21 of a remote host to obtain its FTP banner will be defined under this category.


ACT_INIT

This category contains plug-ins that merely set global variables (KB items) that are used by other plug-ins.


ACT_KILL_HIST

This category is used to define plug-ins that might crash a vulnerable remote host or make it unstable.


ACT_MIXED_ATTACK

This category contains plug-ins which, if successful, might cause the vulnerable remote host or its services to become unstable or crash.


ACT_SCANNER

This category contains plug-ins that perform scans such as pinging or port scanning.


ACT_SETTINGS

This category contains plug-ins that set global variables (KB items). These plug-ins are invoked by Nessus only when the target host is deemed to be alive.

1.11.4. Network Encapsulation

The open_sock_tcp() function accepts an optional parameter called transport which you can set to indicate a specific transport layer, which is set to ENCAPS_IP to signify a pure TCP socket. The following lists other types of Nessus transports you can use:


ENCAPS_SSLv23

SSL v23 connection. This allows v2 and v3 servers to specify and use their preferred version.


ENCAPS_SSLv2

Old SSL version.


ENCAPS_SSLv3

Latest SSL version.


ENCAPS_TLSv1

TLS version 1.0.

The get_port_transport( ) function takes in a socket number as an argument, and returns its encapsulation, which contains one of the constants specified in the preceding list.

    Team LiB
    Previous Section Next Section