NASL 3.0 Documentation

Renaud Deraison deraison at nessus.org
Thu Dec 15 10:42:03 EST 2005 

On Dec 15, 2005, at 9:46, Isac Balder wrote:
>
> In short I don't beleive Dave King was asking for
> specifics of the code or the algorithims Tenable is
> using to increase perfomance.  Let's face it the 6
> bullets on the release announcement would hardly
> classify as change documentation.

You're correct. George is not involved in the developement process  
either -- he replied with his point of view of a plugin writer and  
does not necessarily knows of all the NASL3-specific changes, since  
we all want to write as many NASL2 compatible plugins as possible.

Here's a slightly more detailed list. Still very high level, though :

NASL :

- The NASL syntax and behavior is roughly the same as for Nessus 2.x,  
except for the following:

   + It is now legal to have 'arrays of arrays'. Ie: foo[1] =  
make_list(1,2,3); works
   + It is now legal to write to strings (foo = "str"; foo[1] = "X";  
display(foo); )
   + Some functions to extend the language have been added but are  
not documented yet (on the top of my head) :
	- socket_ready() returns TRUE if a socket can be written to
	- socket_pending() returns TRUE if data is pending on the socket
	- prompt() has been re-introduced (this allows you to write  
interactive nasl scripts)
	- fill_list(length:N, value:X) creates an array of N elements all  
set to value X.
   + A new packet forgery API (specific to Nessus3) will be released  
as .inc files soon
   + Support for multiple public keys for signed scripts (so users  
can sign their own scripts). Just add your RSA public keys (.pem  
files) in /opt/nessus/var/nessus/

- 'nasl -k <kb>' loads a KB in memory before executing a script
- 'nasl -W' executes a script but displays compilation warnings  
(think 'gcc -Wall')
- 'nasl -V' shows a script ID, name, version,etc... in an easily  
parseable way
- 'nasl -VV' does the same as above but also shows the script  
description

- 'nasl -T' has been removed due to the change of interpreter. There  
will be a real debugger in a future revision of Nessus (at worse  
Nessus 3.2.0, but maybe in a 3.0.x release) -- it's just not ready  
for prime time yet.




nessusd :

- shared sockets are more robust and more efficient
- internal process communication is more robust and more efficient
- new architecture to execute plugins - instead of running one plugin  
per process, only one process is spawned per host
- Plugins are pre-processed and stored in a libdb for a faster  
startup of nessusd
- nessusd reduces max_hosts if the CPU is too loaded (throttle_scan =  
no in nessusd.conf if you want to disable this behavior)
- nessusd fetches new plugins by itself every 24 hours if it is  
registered (auto-update = no in nessusd.conf to disable this behavior).
- nessusd can load '.nasl' files, but also '.nasl3' (nasl3 specific  
scripts) and '.nbin' (nasl3 binaries) '.inc3' are also valid

- 'nessusd -R' forces the re-processing of all the plugins (generates  
a new database)
- killall -HUP2 nessusd dumps the state of the various NASL plugins  
on disk (in var/log/nessus/)



I'd also like to point out that there is a Nessus 3.0 manual in  
http://www.nessus.org/documentation/ which may cover items I've missed.


					-- Renaud

More information about the Nessus mailing list