NASLNessus Attack Scripting Language文档格式.docx
- 文档编号:13644511
- 上传时间:2022-10-12
- 格式:DOCX
- 页数:26
- 大小:32.55KB
NASLNessus Attack Scripting Language文档格式.docx
《NASLNessus Attack Scripting Language文档格式.docx》由会员分享,可在线阅读,更多相关《NASLNessus Attack Scripting Language文档格式.docx(26页珍藏版)》请在冰豆网上搜索。
thesetests.Ourjobistoteachyouhowtowritethemostcomplexpentests.
ThesoftwarecomesfreefortheLinuxoperatingsystemwhereasforWindows,thereisacostattachedtoit.Maybe,becausethecorporateworldusessoftwareonlywhenitispaidfor!
!
WefirstcreateadirectoryC:
\naslandsetthepathvariabletoC:
\programfiles\tenable\newt.Thisiswherethenaslinterpreternasl.exehasbeeninstalled.Wethenwriteourfirstnaslprograma.nasl.
a.nasl
display("
hi"
"
\n"
);
Torunthenaslinterpreter,thecommandis
naslc:
\nasl\a.nasl
Thisresultsinanoutputasin
hi
NASLisascriptinglanguagethereforeitissimpleandveryeasytouse.UnlikeC/C++ithasfewerrulesthataprogrammerhastogoby.Weassumethatyouhaveusedsomelanguageinthepast,neednotbeaprogramminglanguage,JavaScriptwouldalsodo.Likeeverylanguage,naslhasitsownsetofin-builtfunctions.Therichnessofalanguageandtheeaseofuseisthenumberoffunctionsitoffers.Afunctionisawordwithopenandclosebrackets.
Intheabovecode,thedisplayfunctionisusedtodisplaysometextonthescreen.Wecanspecifymultiplestrings,whicharetextbutwithindoubleinvertedcommas.A\nsignifiesanewline.Wehavesuppliedtwoparametersorvaluestothedisplayfunction.ThedisplayfunctionfunctionsinthesamemannerastheprintfinC.Also,alotofnasllooksandfeelslikeC.Insteadonseeinghionceweseeittwice.Forsomereason,thedisplayfunctiondisplaysthingstwice.
)
parseerror,unexpected$,expecting'
;
'
Parseerroratornearline2
Everylanguagehasarulethatdenotesendoflineorfullstop.Somelanguagespermittheuseofentertoindicateend,whileotherslikeCuseasemicolon.Innaslwehavetouseasemicolonaftertheclosedbracketsofthefunction.Inabsenceofthesemicolonlikeintheearlierexample,anerroristhrown.Theuseofsemicolondenotesalogicalend.
1
i=20;
Valueofiis"
i,"
i=i+10;
i++;
i="
VijayMukhi"
Output
Valueofiis20
Valueofiis30
Valueofiis31
ValueofiisVijayMukhi
Everylanguageallowstheuseofvariables.InNASL,thereisnoneedtocreateavariable,itcansimplybeused.Thus,wehavecreatedavariableiandsetitto20.Thedisplayfunctiondisplaysitsvalue.Dobearinmindthatanythingindoubleinvertedcomma,includingvariablenamesarenotevaluatedbynasl.The+operatorincreasesitsvalueby10followedbytheuseof++toincreasethevalueofthevariableby1.Finallywedotheunthinkable,wesetthevalueofvariableitoastring.Wegetnocomplaintsfromnaslatall.Thusinnaslwedonotdeclareordefineavariable,wesimplyuseit.Thedatatypeofavariablecanchangemidwaythoughourprogram.Naslhandlesalltheinternalhousekeeping.
i=open_sock_tcp(79);
Thevalueofiis"
Thevalueofiis0
Letsstartdoingsomethingreallyusefulwithnasl,i.ewriteaportscannerandsimultaneouslylearnnasl.NASLhasazillionnetworkingfunctions.Thefunctionopen_sock_tcpopensasocketornetworkconnectiononacertainportthatissuppliedasaparameter.AswehavenotspecifiedanyIPaddress,thisfunctioncheckswhetherthereisaserviceorserverrunningonport79onourmachine.Aswehavenosuchserverrunning,itresultsin0.
i=open_sock_tcp(80);
Thevalueofiis1
Anhttporwwwserverlistensonport80andthereforetheuseofthisportnoshows1astheanswer.Wehavetwomachinesonournetwork,theoneweworkonisgivenaIPaddressof70.0.0.10andtheother70.0.0.2.Wenowrunnaslas
Nasl–t70.0.0.2c:
The–toptionisusedtospecifythenameofahostthatwillreceivethepackets.Ourcoderemainsthesamebut
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- NASL Nessus Attack Scripting Language
![提示](https://static.bdocx.com/images/bang_tan.gif)