Abstract
Most of the security vulnerabilities being discovered utilize the same attack vectors. These attack vectors can be rewritten in each Nessus Attack Scripting Language (NASL) or can be written once using an “include” file that is referenced in different NASLs. The “include” files provided with the Nessus environment give an interface to protocols—such as Server Message Block (SMB) and Remote Procedure Call (RPC)—are too complex to be written in a single NASL, or should not be written in more than one NASL file. The Nessus NASL language provides only the most basic needs for the tests written with it. This includes socket connectivity, string manipulation function, Nessus knowledge base accessibility, and so on. The Nessus daemon utilizes a database to store information that may be useful for one or more tests. This database is called the knowledge base. The knowledge base is a connected list-style database, where a father element has one or more child elements, which in turn may have additional child elements. The chapter explains how to create advanced tests that utilize advanced Nessus functions, such as the ones that allow the execution of processes on a remote host. The chapter also explains how to gather the results obtained by those processes.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
