Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Nmap Development: Re: [Bug]? Script Directories 4.23RC3 on MSWin32

Re: [Bug]? Script Directories 4.23RC3 on MSWin32

From: David Fifield <david_at_bamsoftware.com>
Date: Sat, 8 Dec 2007 23:38:58 -0700

On Fri, Dec 07, 2007 at 09:51:40PM +0000, jah wrote:
> I would like, in certain circumstances, to force nmap not to run scripts
> that it would otherwise run automatically (category "version") and I've
> been experimenting with 4.23RC3. Having re-read the docs on the
> subject, I decided that I'd start by pointing nmap at a directory
> containing zero scripts and found what I believe to be some odd things:
>
> Nmap won't parse any arguments found after a quote enclosed, absolute
> path, to a directory containing zero or more scripts, if a backslash is
> appended to the path:
>
> C:\>nmap --script "C:\Program Files\Nmap\scripts\" -sV --log-errors -p80
> 192.168.1.1 -R --script-trace
> Starting Nmap 4.23RC3 ( http://insecure.org ) at 2007-12-07 18:07 GMT
> Standard Time
> WARNING: No targets were specified, so 0 hosts scanned.
> Nmap done: 0 IP addresses (0 hosts up) scanned in 0.047 seconds

As Kris observed, this is because the backslash is escaping the closing
quote.

> So escaping the trailing slash should work:
>
> C:\>nmap --script "C:\Program Files\Nmap\scripts\\" -sV --log-errors
> -p80 192.168.1.1 -R --script-trace
> Starting Nmap 4.23RC3 ( http://insecure.org ) at 2007-12-07 18:07 GMT
> Standard Time
> SCRIPT ENGINE: No such category, file or directory: 'C:\Program
> Files\Nmap\scripts\'
> SCRIPT ENGINE: Aborting script scan.
> Interesting ports on 192.168.1.1:
> PORT STATE SERVICE VERSION
> 80/tcp open tcpwrapped
> MAC Address: XX:XX:XX:D5:5E:30 (XXXXXX)
> Service detection performed. Please report any incorrect results at
> http://insecure.org/nmap/submit/ .
> Nmap done: 1 IP address (1 host up) scanned in 5.562 seconds

I committed a fix for this. Here is what happens before and after the
fix.

nmap --script=/home/david/nmap/scripts/SSHv1-support.nse -d localhost
Before: SCRIPT ENGINE: No such category, file or directory: '/home/david/nmap/scripts/SSHv1-support.nse'
After: SCRIPT ENGINE: Will run /home/david/nmap/scripts/SSHv1-support.nse against 127.0.0.1:22

nmap --script=/home/david/nmap/scripts/SSHv1-support -d localhost
Before: SCRIPT ENGINE: No such category, file or directory: '/home/david/nmap/scripts/SSHv1-support'
After: SCRIPT ENGINE: Will run /home/david/nmap/scripts/SSHv1-support.nse against 127.0.0.1:22

nmap --script=/scripts/SSHv1-support.nse -d localhost
Before: SCRIPT ENGINE: Will run /usr/share/nmap//scripts/SSHv1-support.nse against 127.0.0.1:22
After: SCRIPT ENGINE: No such category, file or directory: '/scripts/SSHv1-support.nse'

nmap --script=/scripts/SSHv1-support -d localhost
Before: SCRIPT ENGINE: Will run /usr/share/nmap//scripts/SSHv1-support.nse against 127.0.0.1:22
After: SCRIPT ENGINE: No such category, file or directory: '/scripts/SSHv1-support'

nmap --script=/home/david/nmap/scripts -d localhost
Before: SCRIPT ENGINE: No such category, file or directory: '/home/david/nmap/scripts'
After: SCRIPT ENGINE: Will run /home/david/nmap/scripts/ripeQuery.nse against 127.0.0.1
        SCRIPT ENGINE: Will run /home/david/nmap/scripts/SSHv1-support.nse against 127.0.0.1:22

I also tested on Windows.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Dec 08 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]