Chapter 1. Writing Plug-ins for Nessus
Software
vulnerabilities are being discovered
and announced more quickly than ever before. Every time a security
advisory goes public, organizations that use the affected software
must rush to install vendor-issued patches before their networks are
compromised. The ease of finding exploits on the Internet today has
enabled a casual user with few skills to launch attacks and
compromise the networks of major corporations. It is therefore vital
for anyone with hosts connected to the Internet to perform routine
audits to detect unpatched remote vulnerabilities. Network security
assessment tools such as Nessus
can automatically detect such vulnerabilities.
Nessus is a free and open source vulnerability scanner distributed
under the GNU General Public License (GPL). The
Nessus Attack
Scripting Language (NASL) has been specifically designed to make it
easy for people to write their own vulnerability checks. An
organization might want to quickly scan for a vulnerability that is
known to exist in a custom or third-party application, and that
organization can use NASL to do exactly that. Provided you have had
some exposure to programming, this chapter will teach you NASL from
scratch and show you how to write your own plug-ins for Nessus.
|