If anyone bothered to read this far, thank you!
Now for the third part of this plugin deep dive I am just going to touch on some random parts of plugin troubleshooting and analysis that might help a busy engineer or analyst when the pressure is on and you’re not sure what in the blazes that new fangled plugin update did to your scanner.
Plugin Code: What is it? Can I read it?
The code that is written for plugins is two fold, an open version that anyone with a Nessus scanner and some knowledge can in fact read and the second is proprietary. (Note: the latter of these two I will not touch on as it is proprietary and none of my business.)
If I can read it then where is it!? Indeed a good question, let’s walk through how to find it on your basic Nessus Professional scanner shall we?
So first you will need to access the operating system, most installations and the one I will be demonstrating will be on CentOS a Linux distribution. It is possible for it to be installed on other operating systems like any Windows OS from recent memory and other well known Linux distributions but once you get to the /Nessus/lib/Nessus section of your path shown below it should be the same general location.
SSH or login to the Host and run the command
cd /opt/Nessus/lib/Nessus/pluginsThen you should be able to list the files there with a simple #ls command.
This will produce a very large amount of files; all plugins.This instance and most will usually be arranged in alphabetical order and without their ID. (see below)
Now you can open one and take a look, let’s open one from the list.
(Note:you can use VIM, VI or any other text editor on the host. I will use Nano due to it’s ease of understanding.)
If you are unsure what nano is or how to use it, this may help :https://linuxize.com/post/how-to-use-nano-text-editor/
nano fedora_2018-a3e631b454.naslThis should allow us to see the code itself (see below)
That is a pretty simple and easy walk through. Few things to note here, .NASL is the file type and the only plugin type you can open in this way. The code here is a bit human readable and if I am not mistaken its own breed based off of C.
That’s all for now, stay safe!
