Unspecific.com

nasl-wrapper.pl

Nessus scripts on your own terms

If you want information about new releases mailed to you,
or have any suggestions, please contact me.
Latest Version is: 0.2

Description

Written by: MadHat at Unspecific.com
This is a simple script that scans a range of hosts with NASL scripts used by Nessus.

"Why?" you might ask...
NASL is a great tool for creating vulnerability assesments, but I don't like having to run nessusd all the time. I also don't care of any of the GUIs. Recently I wanted to scan hosts for the MS ASN.1 vulnerability, but nothing else. I found it dificult to scan a large network for this one vulnerability. When using just nasl (windows_asn1_vuln_ntlm.nasl), which will scan a large network on it's own, it is slow and does a poor job of reporting. Specifcially when scanning it will say success, but not tell the IP that is vulnerable. So with this and using my nmap-wrapper as a guide, I through this together to scan "large" networks for a specific vulnerability.

An example of the time difference. Running nasl with a simple script (yahoo_msg_running.nasl) on a callss C took almost 10 minutes while my wrapper took less than one minute.

$ time sudo nasl -t10.0.0.0/24 /usr/local/lib/nessus/plugins/yahoo_msg_running.nasl
Success
Success
...
Success
Success

real    9m51.984s
user    0m0.070s
sys     0m0.020s

$ time sudo ./nasl-wrapper.pl -l10.0.0.0/24 -t yahoo_msg_running.nasl
10.0.0.22 is Vulnerable
10.0.0.20 is Vulnerable
...
10.0.0.167 is Vulnerable
10.0.0.197 is Vulnerable

real    0m59.954s
user    0m1.100s
sys     0m1.020s

Features

Fast
Simple

BUGS

Send your bugs to Bugs at Unspecific.com

None at this time

Requirements

perl (>5.6 prefered)
Nessus

Download

nasl-wrapper.pl - v0.2

ToDo

Multiple scans at once
More output options (like including a description from the nals file).
Better control, such as non-standard port

Output

$ sudo ./nasl-wrapper.pl -l10.0.0.0/24 -t yahoo_msg_running.nasl
10.0.0.22 is Vulnerable
10.0.0.20 is Vulnerable
10.0.0.19 is Vulnerable


With Verbose Output
$ sudo ./nasl-wrapper.pl -v -l10.0.0.0/24 -t yahoo_msg_running.nasl
Password:
scanning 10.0.0.0/24
10.0.0.22 (machine22.unspecific.com) Vulnerable to Check for a Yahoo Messenger Instance
10.0.0.20 (machine20.unspecific.com) Vulnerable to Check for a Yahoo Messenger Instance
...
10.0.0.146 (machine146.unspecific.com) Vulnerable to Check for a Yahoo Messenger Instance
10.0.0.167 (machine167.unspecific.com) Vulnerable to Check for a Yahoo Messenger Instance
10.0.0.197 (machine197.unspecific.com) Vulnerable to Check for a Yahoo Messenger Instance

--
Scan Finished.
Scan of 256 ip(s) took 61 seconds

Usage (output from ./nasl-wrapper.pl -h)


$ ./nasl-wrapper.pl

 : nasl-wrapper v0.2 - MadHat (at) Unspecific.com
 : http://www.unspecific.com/

./nasl-wrapper.pl [ -hv ] -i <filename> |  -l <host_list> -t <nasl_script> \
         [ -n <num_children> [-e <nasl_exec>
         options:
  -h   help (this stuff)
  -v   verbose - will add details
  -l   network list in comma delimited form: a.b.c.d/M,e.f.g.h/x.y.z.M
  -i   input file containing network list, one network per line
  -n   max number of children to fork
  -t   This is the nasl script to run on each host.
  -e   Location of the nasl executable

Change Log

0.2
- Added -v to allow for Verbose ouput of nasl name and DNS name
- added more robustness and better checks for nessus/nasl and the nasl scripts
0.1
- Created the damn thing