Basic NASL SyntaxTopDevelopers Guide for Network Vulnerability TestsBasic Structure of NASL Scripts

Basic Structure of NASL Scripts

All NASL scripts have to contain a set of information about themselves by which they can be clearly distinguished from other plugins and referenced by other tools like the client. This information is contained in the description or register section which is mandatory for all NASL scripts and is usually right at the beginning of any NASL script.

A basic NASL script might start like this:

#
# This is an example NASL script.
#

if(description)
{
 script_oid("1.3.6.1.4.1.25623.1.0.12345")
 script_version ("1.2");
 script_name("Foo Bar 2.5 vulnerability");

 desc = "
   This plugin checks for the vulnerability in the Foo Bar 2.5 server
   component as described in CVE 2009-4321.

   Risk factor : None";

 script_description(desc);

 script_summary("Check for vulnerability in Foo Bar 2.5");

 script_copyright("This script is under GNU GPL v2+");

 ...

 exit(0);
}

...

The plugin description has to be contained in the if (description) block so the OpenVAS server can retrieve it. The first time the server encounters a new plugin, it will be called with the global variable description set to TRUE. The information provided by the plugin will be cached in the .desc subdirectory in the plugins directory. When the script is called during a scan, it will be called with description set to FALSE.

For a complete list of NASL commands that can be used in the script description, please refer to the section * of the NASL API documentation.


Basic NASL SyntaxTopDevelopers Guide for Network Vulnerability TestsBasic Structure of NASL Scripts