Plug-in Descriptions
This
section covers NASL
functions that you can use to provide plug-in descriptions to the end
user. When Nessus runs a script, the value of the variable
description
is set to TRUE
.
When you run a script using the NASL interpreter,
description
is not defined. Therefore, the
functions presented in this section should be defined in an
if (description)
block. Here is an example:
if (description) { script_id(99999); script_version ("$Revision: 1.2 $"); script_name(english:"Checks for /src/passwd.inc"); desc["english"]="/src/passwd.inc is usually installed by XYZ web application and contains username and password information in clear text. Solution: Configure your web-browser to not serve .inc files. Risk factor: High"; script_description(english:desc["english"]); script_summary(english:"Checks for the existence of /src/passwd.inc"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (c)2004 Nitesh Dhanjani"); script_family(english:"CGI abuses"); script_require_ports("Services/www",80); exit(0); }
The script_id( )
function sets a unique ID for the
plug-in. Every plug-in’s value must be unique. In
this case, we use a high number, 99999
, to ensure
a distinct value. The script_version( )
function sets the version number of
the plug-in. It is a good idea to update this number to reflect the
latest version of the plug-in. The script_description()
function sets the description of the plug-in. The Nessus client shows this description ...
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.