Network Security Tools by Nitesh Dhanjani, Justin Clarke

The previous topics addressed the NASL API, and you have seen how to use NASL to write scripts to check for specific vulnerabilities. This section shows you how to write a simple plug-in from scratch, and how to install the plug-in.

For the purposes of this exercise, let’s assume the plug-in aims to discover the following vulnerability: a home-grown web application is known to serve a file, /src/passwd.inc , when the web browser requests it via a URL such as http://host/src/passwd.inc. Let’s also assume the passwd.inc file contains usernames and passwords. To check for our vulnerability, we simply need to call is_cgi_installed() to test for the presence of /src/passwd.inc. Here is the appropriate NASL script to do so:

if (description) { script_id(99999); script_version ("$Revision: 1.2 $"); script_name(english:"Checks for /src/passwd.inc"); desc["english"]="/src/passwd.inc is usually installed by XYZ web application and contains username and password information in clear text. Solution: Configure your web browser to not serve .inc files. Risk factor: High"; script_description(english:desc["english"]); script_summary(english:"Checks for the existence of /src/passwd.inc"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (c)2004 Nitesh Dhanjani"); script_family(english:"CGI abuses"); script_require_ports("Services/www",80); exit(0); } include ("http_func.inc"); port=get_http_port(default:80); if(is_cgi_installed(item:"/src/passwd.inc",port:port)) ...