Team LiB
Previous Section Next Section

1.6. Datatypes and Variables

NASL allows for the assignment of values to variables that can be manipulated by a NASL script. Unlike a strongly typed language such as C, NASL does not require you to predefine a variable's type. In NASL, the variable type is determined automatically when a variable is assigned a specific value. NASL recognizes two valid datatypes: scalars and arrays. A scalar can be a number or a string, while an array is a collection of scalars.

1.6.1. Numbers

NASL allows variables to hold integer valuesfor example, the number 11. It is also possible to assign numeric values to variables using a hexadecimal representation. You write hexadecimal numbers in NASL using a leading "0x" prefix. For example, the hexadecimal number 0x1b holds the value 27 when represented as an integer in base-10 notation. Type the following script into a file:

display ("The value of h is ",h,"\n");

Now run it using the NASL interpreter to see the output:

[notroot]$ nasl hex.nasl
The value of h is 27

It is also possible to input numerical values in octal notation form, which uses base- 8 notation by placing a leading "0" prefix. For example, the x and y are equivalent in the following example:

x=014; #octal
y=12; #decimal

1.6.2. Strings

A string is a collection of characters. abcdefg, Hello World, and Boeing 747 are all examples of strings. Consider the following NASL script:

mystring="Hello. I am a string!\n";

The \n at the end of mystring is an escape character and is equivalent to a newline character. Table 1-1 lists common escape characters applicable to NASL.

Table 1-1. Escape characters

Escape character



Single quote.


Double quote.




Line feed.




Horizontal tab.


ASCII equivalent. For example, \x7A will be converted to z.


Vertical tab.

Note that a string inside double quotes (") is left as is. Therefore, if you define a string using double quotes, escape sequences will not be translated. Also note that the display( ) function calls the string( ) function before displaying data on the console, and it is the string( ) function that converts the escape sequences. That is why our escape sequences are translated in the preceding examples even though we define them using double quotes.

1.6.3. Arrays and Hashes

An array is a collection of numbers or strings that can be indexed using a numeric subscript. Consider the following NASL script:

display("The value of the first item is ",myarray[0]," \n");
display("The value of the second item is ",myarray[1]," \n");

The script displays the following when executed:

The value of the first item is 1
The value of the second item is two

Notice that the array subscripts begin at 0, and that is why the first element is obtained using the [0] subscript.

Like arrays, hashes are also collections of numbers or strings. However, elements in hashes have a key value associated with them that can be used to obtain the element. You can use the make_array( ) function call to define a hash. Because every element must have an associated key value, the function call requires an even number of arguments. The following is a definition of a hash that contains port numbers for the Telnet protocol (port 23) and HTTP (port 80):


Now, myports['telnet'] gives you the value of 23, while myports['http'] evaluates to 80.

1.6.4. Local and Global Variables

Variables exist only within the blocks in which they are defined. A block is a collection of statements enclosed by special statements such as loops and function calls. For example, if you define a variable within a particular function call, it will not exist when the function call returns. At times, it is necessary to define variables that should exist globally; in such cases you should use global_var to define them:

global_var myglobalvariable;

Variables are local by default. You can also use local_var to state this explicitly.

    Team LiB
    Previous Section Next Section