1.4. The NASL Interpreter
[notroot]$ nasl -v nasl 2.0.10 Copyright (C) 1999 - 2003 Renaud Deraison <email@example.com> Copyright (C) 2002 - 2003 Michel Arboi <firstname.lastname@example.org> See the license for details
A vanilla Nessus installation comes packaged with NASL scripts that act as plug-ins for the Nessus scanner. The Nessus server executes these scripts to test for vulnerabilities, and you can find the scripts in the /usr/local/lib/ness/plugins/ directory. You can execute these scripts directly by invoking them with nasl. For example, the finger.nasl script checks to see if fingerd is enabled on a remote host. Finger is a service that listens on port 79 by default, and you can use it to query information about users. To run this script against a host with the IP address of 192.168.1.1 using the NASL interpreter, execute the following:
[notroot]$ nasl -t 192.168.1.1 finger.nasl ** WARNING : packet forgery will not work ** as NASL is not running as root The 'finger' service provides useful information to attackers, since it allows them to gain usernames, check if a machine is being used, and so on... Here is the output we obtained for 'root' : Login: root Name: System Administrator Directory: /var/root Shell: /bin/sh On since Wed 5 May 08:51 (CDT) on ttyp2 from 127.0.0.1:0.0 No Mail. No Plan. Solution : comment out the 'finger' line in /etc/inetd.conf Risk factor : Low  plug_set_key:send(0)['1 finger/active=1; '](0 out of 19): Socket operation on non-socket
The preceding output is from the finger.nasl script, which was able to use the finger server running on host 192.168.1.1 to find out information about the root user.