1.11. Predefined Global Variables
This section lists global variables that
are predefined and are commonly used when writing NASL plug-ins.
Note that NASL does not forbid you from changing the value of these
variables, so be careful not to do so accidentally. For example,
trUE should always evaluate to a nonzero value,
while FALSE should always evaluate to
1.11.1. TRUE and FALSE
The variable trUE evaluates to 1. The
variable FALSE evaluates to 0.
This variable signifies an undefined value. If
an integer variable is tested (example: i
== NULL) with
NULL, first it will be compared with
0. If a string variable is tested (example:
str == NULL) with NULL, it will
be compared with the
1.11.3. Script Categories
NASL plug-in needs to specify a single
category it belongs to by invoking script_category(). For example, a plug-in whose main purpose is to test a
denial-of-service vulnerability should invoke
script_category( ) as
You can invoke the script_category(
) function with any of the following
categories as the parameter:
This category is used by plug-ins to specify that their purpose is to
launch a vulnerability scan on a target host.
This category is reserved for plug-ins which perform
denial-of-service vulnerability checks against services running on
This category is used by plug-ins that attempt to scan for
vulnerabilities that might destroy data on a remote host if the
This category is for plug-ins whose purpose is to gather information
about a target host. For example, a plug-in that connects to port 21
of a remote host to obtain its FTP banner will be defined under this
This category contains plug-ins that merely set global variables (KB
items) that are used by other plug-ins.
This category is used to define plug-ins that might crash a
vulnerable remote host or make it unstable.
This category contains plug-ins which, if successful, might cause the
vulnerable remote host or its services to become unstable or crash.
This category contains plug-ins that perform scans such as pinging or
This category contains plug-ins that set global variables (KB items).
These plug-ins are invoked by Nessus only when the target host is
deemed to be alive.
1.11.4. Network Encapsulation
function accepts an optional parameter
called transport which you can set to indicate a
specific transport layer, which is set to
ENCAPS_IP to signify a pure TCP socket. The
following lists other types of Nessus transports you can use:
SSL v23 connection. This allows v2 and v3 servers to specify and use
their preferred version.
Old SSL version.
Latest SSL version.
TLS version 1.0.
The get_port_transport( ) function takes in a
socket number as an argument, and returns its encapsulation, which
contains one of the constants specified in the preceding list.