1.4. The NASL Interpreter

Use the NASL interpreter, nasl, to run and test NASL scripts via the command line. Invoke it with the -v flag to see what version is installed on your system:

[notroot]$ nasl -v
nasl 2.0.10

Copyright (C) 1999 - 2003 Renaud Deraison <deraison@cvs.nessus.org>
Copyright (C) 2002 - 2003 Michel Arboi <arboi@noos.fr>

See the license for details

A vanilla Nessus installation comes packaged with NASL scripts that act as plug-ins for the Nessus scanner. The Nessus server executes these scripts to test for vulnerabilities, and you can find the scripts in the /usr/local/lib/ness/plugins/ directory. You can execute these scripts directly by invoking them with nasl. For example, the finger.nasl script checks to see if fingerd is enabled on a remote host. Finger is a service that listens on port 79 by default, and you can use it to query information about users. To run this script against a host with the IP address of 192.168.1.1 using the NASL interpreter, execute the following:

 [notroot]$ nasl -t 192.168.1.1 finger.nasl
** WARNING : packet forgery will not work
** as NASL is not running as root

The 'finger' service provides useful information to attackers, since it allows 
them to gain usernames, check if a machine is being used, and so on... 
Here is the output we obtained for 'root' : 

Login: root                             Name: System Administrator
Directory: /var/root                    Shell: /bin/sh
On since Wed  5 May 08:51 (CDT) on ttyp2 from 127.0.0.1:0.0
No Mail.
No Plan.

Solution : comment out the 'finger' line in /etc/inetd.conf
Risk factor : Low
[6533] plug_set_key:send(0)['1 finger/active=1;
'](0 out of 19): Socket operation on non-socket

The preceding output is from the finger.nasl script, which was able to use the finger server running on host 192.168.1.1 to find out information about the root user.