Nessus-IT»WEB13641738806QQ81595945NessusNessus:shanyou:RenaudDeraison(Nessus)nixe0n1.0.0pre2(1of77)2006/10/709:14:53Nessus-IT1.1.1.NASL?NASLNessusNASLNASLIPNASLFTPWEBNASL1.2.WhatNASLisnotNASLWEBPerlPythonNASL100NASL(2of77)2006/10/709:14:53Nessus-IT1.3.NessusPerlPythontclNASLNessus()PerlPerlNessusNet::RawIPNASL256M20nessusdNASL1.4.Nessus*NASLNessusNASL*NASLC(3of77)2006/10/709:14:53Nessus-IT*NASL*NASLM$Nessus1.5.NASLNessus1.6.NASLNASL:(structure)NASLNASLdebugnasl1.7.NASL(4of77)2006/10/709:14:53Nessus-ITDenisDucamp(denis@hsc.fr)Fyodor(fyodor@dhp.com)NoamRathaus(nomr@securiteam.com)2.NASLNASLCCC2.1.NASL#a=1;#leta=1(5of77)2006/10/709:14:53Nessus-IT#setbto2b=2;#setato1#a=1;a=#setato1#1;2.2.(include)C(IP)NASLC(include)NASLinclude(6of77)2006/10/709:14:53Nessus-IT2.3.NASLa=1204;b=0x0A;c=0b001010110110;d=123+0xFF;Cstring()NASL(\n)a=Hello\nI'mRenaud;#aHello\nI'mRenaud\na=string(Hello\nI'mRenaud);#bHello#I'mRenaud(7of77)2006/10/709:14:53Nessus-ITc=string(a);#cbstring()“”2.4./(Non-anonymousFunction)NASLCC10IPNASLNASLNASLforge_ip_packet()(8of77)2006/10/709:14:53Nessus-ITforge_ip_packet(ip_hl:5,ip_v:4,ip_p:IPPROTO_TCP);forge_in_packet(ip_p:IPPROTO_TCP,ip_v:4,ip_hl:5);(ip_len)(Anonymousfunction)send_packet(my_packet);send_packet(packet1,packet2,packet3);send_packet()send_packet(packet,use_pcap:FALSE);2.5.forwhile(9of77)2006/10/709:14:53Nessus-ITNASLforwhileCfor(instruct_start;condition;end_loop_instruction){###}for(instruction_start;condition;end_loop_instruction)fuction();Whilewhile(condition)(10of77)2006/10/709:14:53Nessus-IT{###}while(condition)function();#10for(i=1;i=10;i=i+1)display(i:,i,\n);(11of77)2006/10/709:14:53Nessus-IT#19for(j=1;j=10;j=j+1){if(j&1)display(j,isodd\n);elsedisplay(j,iseven\n);}#whilei=0;while(i10){i=i+1;(12of77)2006/10/709:14:53Nessus-IT}2.6.NASLfunctionmy_func(argument1,argment2,....)(non-anonymous)NASLfunctionfact(){if((n==0)(n==1))return(n);else(13of77)2006/10/709:14:53Nessus-ITreturn(n*fact(n:n-1));}display(b!is,fact(n:5),\n);(NASL)return()return()functionfunc(){return1;#CNASL}2.7.(14of77)2006/10/709:14:53Nessus-ITCNASL+-*/%NASLNASLC&NASLxforwhileNASLx10UDPxsend_packet(udp)x10;ABa=Nessus'b=IlikeNessus;(15of77)2006/10/709:14:53Nessus-ITif(ab){#display(aiscontainedin,b,\n);}3.3.1.TCPUDPNASLNASL3.1.1.NASLopen_sock_tcp()open_sock_udp()TCPUDP(anonymous)TCPUDP(16of77)2006/10/709:14:53Nessus-IT#80TCPsoc1=open_sock_tcp(80);#123UDPsoc2=open_sock_udp(123);0open_sock_udp()UDPopen_sock_tcp()0open_sock_tcp()TCPstart=prompt(Firstporttoscan?);#end=prompt(Lastporttoscan?);#for(i=start;iend;i=i+1)(17of77)2006/10/709:14:53Nessus-IT{soc=open_sock_tcp(i);if(soc){display(Port,i,isopen\n);close(soc);}}3.1.2.close()close()shutdown()3.1.3.(18of77)2006/10/709:14:53Nessus-ITrecn(socket:socketname,length:length[,timeout:timeout])socketnamelengthTCPUDP(timeout)recv_line(socket:socketname,length:length[,timeout:timeout])recv()(\n)TCPsend(socket:socket,data:data[,length:length])socketdatalengthlengthlengthNULL(recv()recv_line())5FALSE#banner(19of77)2006/10/709:14:53Nessus-ITsoc=open_sock_tcp(21);if(soc){data=recv_line(socket:soc,length:1024);if(data){display(TheremoteFTPbanneris:\n,data,\n);}else{display(TheremoteFTPserverseemstobetcp-wrapper\n);(20of77)2006/10/709:14:53Nessus-IT}close(soc);}3.1.4.NASLFTP(socket:soc,user:login,pass:pass)socFPloginpassTRUEFALSEftp_get_pasv_port(socket:soc)FTPPASVNASLFTPFALSE(21of77)2006/10/709:14:53Nessus-ITis_cgi_installed(name)WEBnameCGIWEBGETname(/)/cgi-bin/##(is_cgi_installed(/robots.txt)){display(Thefile/robots.txtispresent\n);(22of77)2006/10/70