{"id":48,"date":"2007-02-04T11:25:35","date_gmt":"2007-02-04T14:25:35","guid":{"rendered":"http:\/\/talsoft.com.ar\/weblog\/?p=48"},"modified":"2007-02-04T11:25:35","modified_gmt":"2007-02-04T14:25:35","slug":"scripts-nasl-para-nessus","status":"publish","type":"post","link":"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/","title":{"rendered":"Scripts NASL para Nessus"},"content":{"rendered":"<p><a href=\"http:\/\/www.nessus.org\/\">Nessus<\/a> es una herramienta muy \u00c3\u00batil, y a estas alturas nada nuevo descubrimos citando sus bondades.<\/p>\n<p><img decoding=\"async\" alt=\"nessus\" src=\"http:\/\/www.nessus.org\/images\/logo.jpg\" \/><\/p>\n<p>Quiz\u00c3\u00a1s haya una parte menos explotada y bastante menos conocida en Nessus, y esa no es otra que el <em>scripting<\/em> NASL. Las siglas NASL responden a <em>Nessus Attack Scripting Language<\/em>, es un lenguage script especialmente pensado para Nessus, y cuyo objetivo no es otro que poder lanzar funcionalidades del esc\u00c3\u00a1ner a trav\u00c3\u00a9s de programas externos que definamos para tales efectos.<\/p>\n<p>Tal y como podemos leer <a href=\"http:\/\/www.virtualblueness.net\/nasl.html\">en las m\u00c3\u00baltiples gu\u00c3\u00adas de referencia<\/a> que hay, NASL no es un lenguage de script poderoso. Est\u00c3\u00a1 limitado por la definici\u00c3\u00b3n del mismo, e incluso, se reconocen errores en su formulaci\u00c3\u00b3n. Yo me sumo a los que han realizado las gu\u00c3\u00adas y a los responsables de NASL: el que sepa programar scripts con otros lenguages consolidados, como Perl, Python o cualquier cosa que se le parezca, que los utilice. A buen seguro, NASL les sabr\u00c3\u00a1 a poco.<\/p>\n<p>NASL quiz\u00c3\u00a1s est\u00c3\u00a9 mas indicado para personas con conocimientos de programaci\u00c3\u00b3n m\u00c3\u00a1s limitados, y que por supuesto, empleen Nessus para sus escaneos de seguridad habituales.<\/p>\n<p>Un ejemplo b\u00c3\u00a1sico de NASL podr\u00c3\u00ada ser el siguiente:<\/p>\n<blockquote><p>start = prompt(\u00e2\u20ac\u009dPrimer puerto del rango \u00e2\u20ac\u0153);<br \/>\nend = prompt(\u00e2\u20ac\u009dUltimo puerto del rango \u00e2\u20ac\u0153);<\/p>\n<p>for(i=start;i {<br \/>\nsoc = open_sock_tcp(i);<br \/>\nif(soc) {<br \/>\ndisplay(&#8220;El puerto &#8220;, i, &#8221; esta abierto\\n&#8221;);<br \/>\nclose(soc);<br \/>\n}<br \/>\n}<\/p><\/blockquote>\n<p>Este programa enumerar\u00c3\u00a1, para el rango definido, todos los puertos TCP que existan en dicho intervalo que se encuentren abiertos, y para ello, se apoyar\u00c3\u00a1 en la funci\u00c3\u00b3n de apertura de socket <em>open_sock_tcp()<\/em>. Esto, como todo en esta vida, se puede complicar hasta la extenuaci\u00c3\u00b3n, y ser\u00c3\u00a1 la experiencia y habilidades del <em>pen tester<\/em> las que determinen el grado de utilidad que NASL le puede proporcionar a sus trabajos. Obviamente, si el <em>pen tester<\/em> tiene que hacer una revisi\u00c3\u00b3n puntual de un sistema cada 3 meses, en el que hay un listado de puertos t\u00c3\u00adpicos y t\u00c3\u00b3picos permitidos por los cortafuegos, quiz\u00c3\u00a1s le sea m\u00c3\u00a1s \u00c3\u00batil lanzar los escaneos a mano que generar un script. Tampoco parece sensato generar un script para estudiar el comportamiento de un router ADSL. Yo veo m\u00c3\u00a1s utilidad en trabajos peri\u00c3\u00b3dicos, o incluso para elaborar sondas automatizadas de control que queramos lanzar contra nuestra infraestructura v\u00c3\u00ada un <em>cron<\/em> o similar.<\/p>\n<p>Para todos los interesados en iniciarse en NASL, quiz\u00c3\u00a1s os sea grata la lectura de <a href=\"http:\/\/www.infosecwriters.com\/texts.php?op=display&#038;id=534\">Writing NASL scripts<\/a>, un <em>paper <\/em>introductorio que trata como eje principal la posibilidad de lanzar scripts Nessus empleando este lenguage, describiendo su funcionalidad b\u00c3\u00a1sica. Tambi\u00c3\u00a9n os puede interesar este art\u00c3\u00adculo, en el que se cuenta de modo introductorio <a href=\"http:\/\/www.oreillynet.com\/pub\/a\/security\/2004\/06\/03\/nessus_plugins.html\">c\u00c3\u00b3mo escribir un plugin de Nessus empleando NASL.<\/a><\/p>\n<blockquote \/><p>Y los que no sep\u00c3\u00a1is qu\u00c3\u00a9 es y hace Nessus, <a href=\"http:\/\/www.nessus.org\/download\/\">probad a baj\u00c3\u00a1roslo<\/a> y jugad con \u00c3\u00a9l. Con este tipo de herramientas, realizar un esc\u00c3\u00a1ner inicial de vulnerabilidades es de lo m\u00c3\u00a1s f\u00c3\u00a1cil.<\/p>\n<p>Fuente: <a href=\"http:\/\/www.sahw.com\/wp\/\">http:\/\/www.sahw.com\/wp\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nessus es una herramienta muy \u00c3\u00batil, y a estas alturas nada nuevo descubrimos citando sus bondades. Quiz\u00c3\u00a1s haya una parte menos explotada y bastante menos conocida en Nessus, y esa no es otra que el scripting NASL. Las siglas NASL responden a Nessus Attack Scripting Language, es un lenguage script especialmente pensado para Nessus, y [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[3,1],"tags":[],"class_list":["post-48","post","type-post","status-publish","format-standard","hentry","category-articulos","category-profesional"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TalSoft - Seguridad Inform\u00e1tica Empresarial - Scripts NASL para Nessus<\/title>\n<meta name=\"description\" content=\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leandro Ferrari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/\"},\"author\":{\"name\":\"Leandro Ferrari\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\"},\"headline\":\"Scripts NASL para Nessus\",\"datePublished\":\"2007-02-04T14:25:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/\"},\"wordCount\":517,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/www.nessus.org\/images\/logo.jpg\",\"articleSection\":[\"Art\u00c3\u00adculos\",\"Profesional\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/\",\"name\":\"TalSoft - Seguridad Inform\u00e1tica Empresarial - Scripts NASL para Nessus\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/www.nessus.org\/images\/logo.jpg\",\"datePublished\":\"2007-02-04T14:25:35+00:00\",\"description\":\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\",\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/#primaryimage\",\"url\":\"http:\/\/www.nessus.org\/images\/logo.jpg\",\"contentUrl\":\"http:\/\/www.nessus.org\/images\/logo.jpg\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"name\":\"TalSoft TS - Services IT Security\",\"description\":\"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.\",\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\",\"name\":\"Talsoft TS\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"contentUrl\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"width\":270,\"height\":125,\"caption\":\"Talsoft TS\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/talsoftsrl\",\"https:\/\/x.com\/talsoft\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\",\"name\":\"Leandro Ferrari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"caption\":\"Leandro Ferrari\"},\"sameAs\":[\"http:\/\/www.talsoft.com.ar\",\"https:\/\/www.facebook.com\/talsoftsrl\/\",\"https:\/\/x.com\/avatar_leandro\"],\"url\":\"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Scripts NASL para Nessus","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/","twitter_misc":{"Written by":"Leandro Ferrari","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/#article","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/"},"author":{"name":"Leandro Ferrari","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8"},"headline":"Scripts NASL para Nessus","datePublished":"2007-02-04T14:25:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/"},"wordCount":517,"commentCount":0,"publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/#primaryimage"},"thumbnailUrl":"http:\/\/www.nessus.org\/images\/logo.jpg","articleSection":["Art\u00c3\u00adculos","Profesional"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/","url":"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/","name":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Scripts NASL para Nessus","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/#primaryimage"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/#primaryimage"},"thumbnailUrl":"http:\/\/www.nessus.org\/images\/logo.jpg","datePublished":"2007-02-04T14:25:35+00:00","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/scripts-nasl-para-nessus\/#primaryimage","url":"http:\/\/www.nessus.org\/images\/logo.jpg","contentUrl":"http:\/\/www.nessus.org\/images\/logo.jpg"},{"@type":"WebSite","@id":"https:\/\/www.talsoft-security.com\/site\/#website","url":"https:\/\/www.talsoft-security.com\/site\/","name":"TalSoft TS - Services IT Security","description":"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.","publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.talsoft-security.com\/site\/#organization","name":"Talsoft TS","url":"https:\/\/www.talsoft-security.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","contentUrl":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","width":270,"height":125,"caption":"Talsoft TS"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/talsoftsrl","https:\/\/x.com\/talsoft"]},{"@type":"Person","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8","name":"Leandro Ferrari","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","caption":"Leandro Ferrari"},"sameAs":["http:\/\/www.talsoft.com.ar","https:\/\/www.facebook.com\/talsoftsrl\/","https:\/\/x.com\/avatar_leandro"],"url":"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/"}]}},"_links":{"self":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/48","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/comments?post=48"}],"version-history":[{"count":0,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/48\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/media?parent=48"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/categories?post=48"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/tags?post=48"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}