nasl (1) - Linux Manuals

nasl: Nessus Attack Scripting Language


nasl - Nessus Attack Scripting Language


nasl <[-vh] [-T tracefile] [-s] [-t target] [-sX] > files...


nasl executes a set of NASL scripts against a given target host. It can also be used to determine if a NASL script has any syntax errors by running it in parse (-p) or lint (-L) mode.


-T tracefile
Makes nasl write verbosely what the script does in the file tracefile , ala 'set -x' under sh

-t target
Apply the NASL script to target which may be a single host (, a whole subnet ( or several subnets (,

Sets the return value of safe_checks() to 1. (See the nessusd manual to know what the safe checks are)

Only run the description part of the script.
Lint the script (run extended checks).

Run the script in authenticated mode. For more information see the nasl reference manual

Show help
Show the version of NASL.


NASL comes from a private project called 'pkt_forge', which was written in late 1998 by Renaud Deraison and which was an interactive shell to forge and send raw IP packets (this pre-dates Perl's Net::RawIP by a couple of weeks). It was then extended to do a wide range of network-related operations and integrated into Nessus as 'NASL'.

The parser was completely hand-written and a pain to work with. In Mid-2002, Michel Arboi wrote a bison parser for NASL, and he and Renaud Deraison re-wrote NASL from scratch. Although the "new" NASL was nearly working as early as August 2002, Michel's lazyness made us wait for early 2003 to have it working completely.


Most of the engine is (C) 2003 Michel Arboi, most of the built-in functions are (C) 2003 Renaud Deraison


The NASL2 reference manual,, nessus(1), nessusd(8).