On Dec 15, 2005, at 9:46, Isac Balder wrote:
In short I don't beleive Dave King was asking for
specifics of the code or the algorithims Tenable is
using to increase perfomance. Let's face it the 6
bullets on the release announcement would hardly
classify as change documentation.
You're correct. George is not involved in the developement process
either -- he replied with his point of view of a plugin writer and
does not necessarily knows of all the NASL3-specific changes, since
we all want to write as many NASL2 compatible plugins as possible.
Here's a slightly more detailed list. Still very high level, though :
NASL :
- The NASL syntax and behavior is roughly the same as for Nessus 2.x,
except for the following:
+ It is now legal to have 'arrays of arrays'. Ie: foo[1] =
make_list(1,2,3); works
+ It is now legal to write to strings (foo = "str"; foo[1] = "X";
display(foo); )
+ Some functions to extend the language have been added but are
not documented yet (on the top of my head) :
- socket_ready() returns TRUE if a socket can be written to
- socket_pending() returns TRUE if data is pending on the socket
- prompt() has been re-introduced (this allows you to write
interactive nasl scripts)
- fill_list(length:N, value:X) creates an array of N elements all
set to value X.
+ A new packet forgery API (specific to Nessus3) will be released
as .inc files soon
+ Support for multiple public keys for signed scripts (so users
can sign their own scripts). Just add your RSA public keys (.pem
files) in /opt/nessus/var/nessus/
- 'nasl -k <kb>' loads a KB in memory before executing a script
- 'nasl -W' executes a script but displays compilation warnings
(think 'gcc -Wall')
- 'nasl -V' shows a script ID, name, version,etc... in an easily
parseable way
- 'nasl -VV' does the same as above but also shows the script
description
- 'nasl -T' has been removed due to the change of interpreter. There
will be a real debugger in a future revision of Nessus (at worse
Nessus 3.2.0, but maybe in a 3.0.x release) -- it's just not ready
for prime time yet.
nessusd :
- shared sockets are more robust and more efficient
- internal process communication is more robust and more efficient
- new architecture to execute plugins - instead of running one plugin
per process, only one process is spawned per host
- Plugins are pre-processed and stored in a libdb for a faster
startup of nessusd
- nessusd reduces max_hosts if the CPU is too loaded (throttle_scan =
no in nessusd.conf if you want to disable this behavior)
- nessusd fetches new plugins by itself every 24 hours if it is
registered (auto-update = no in nessusd.conf to disable this behavior).
- nessusd can load '.nasl' files, but also '.nasl3' (nasl3 specific
scripts) and '.nbin' (nasl3 binaries) '.inc3' are also valid
- 'nessusd -R' forces the re-processing of all the plugins (generates
a new database)
- killall -HUP2 nessusd dumps the state of the various NASL plugins
on disk (in var/log/nessus/)
I'd also like to point out that there is a Nessus 3.0 manual in
http://www.nessus.org/documentation/ which may cover items I've missed.
-- Renaud
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
