Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: Finalized NSE Documentation System

Re: Finalized NSE Documentation System

From: Patrick Donnelly <batrick.donnelly_at_gmail.com>
Date: Tue, 8 Jul 2008 07:50:48 -0600

On Thu, Jul 3, 2008 at 2:45 AM, Fyodor <fyodor_at_insecure.org> wrote:
> On Fri, Jun 27, 2008 at 10:25:30PM -0600, Patrick Donnelly wrote:
>> The current version of NSEDoc can be seen in my branch at
>> nmap-exp/patrick/nsedoc/src
>
> I took a look and have a few comments:
>
> o I like that it has a template directory. I assume this will make it
> easy for me to add the Nmap.Org headers and footers to each page?

Yes. It's simple to modify the templates for the documents. Adding
headers and footers should be as easy as pasting the html.

> o I noted previously that the scripts documentation had a .nse
> extension rather than .html. It looks like you've fixed that, but
> src/docs/index.html still tries to reference them with their old
> names. The same is true of the index on the left column of script
> documentation. The NSE libraries don't have this problem. They
> show as .lua on the sidebar (to clarify what they are documenting),
> but the actual link points to the documentation .html file.

This has been fixed.

> o It is good that you have 5 example scripts using the documentation,
> but it would be nice to document them more completely so they serve as
> shining examples of the system. For example, none of them have a
> description of more than 2 lines.

I left some scripts the way they were to show a more "default" look to
the file. The scripts I did document further were either simple to
begin with or did things I don't fully understand. I'm hoping the
community begins contributing detailed descriptions for the default
scripts.

> o The Nmap pages are HTML, not XHTML. The concern is whether then
> Nmap page headers and footers will work with this. I think they
> might work just fine, since this is using very simple XHTML which
> might be compatable with normal HTML. Can you try adding the
> nmap.org header and footers? If you save the html from nmap.org, I
> think it will be easy to figure out where the content goes.

Sure.

> o None of the current scripts show NSE arguments as far as I can tell.
> It would be nice to see an example of a script which takes
> arguments. Documenting the NSE arguments is one of the most
> important features IMHO, as we don't really have anywhere else to
> document them. I'm not sure what to do about arguments which are
> dealt with by libraries loaded by a script. If the scripts can
> point to the libraries they use, and those libraries document the
> options they take, that may be enough. For example, a script may
> use Kris' unpw library or Philip's upcoming SNMP library and, by
> virtue of that, accept NSE arguments specifying the password list or
> cummunity string to use.

I'll get a script in that demonstrates this. Getting the documentation
to link to modules (libraries) it uses is another item I will add. I
think having a link in the arguments section to the arguments of
libraries' the script uses will be useful.

> o The W3C XHTML verifier is great, but I don't think we need to
> include the button on every page. Especially if we end up sticking
> the code within html rather than xhtml.

I'll get that removed, it's an artifact of the old LuaDoc file template.

> o We need to get all the scripts and libraries documented somehow.
> Sine we are starting relatively early (fewer than four dozen scripts
> are available now), it won't be as hard as if we had waited until we
> had hundreds of scripts. For new scripts, we'll require that they
> already have documentation.

I can try to get several scripts going in terms of documentation, but
I feel I may not fully understand the techniques they are using.
Perhaps starting it out will be enough and others will contribute more
thorough descriptions as I mentioned earlier.

> o There is also the matter of documenting the new documentation system
> in scripting.xml.

I'll get this done also.

Cheers, 

-- 
-Patrick Donnelly
"One of the lessons of history is that nothing is often a good thing
to do and always a clever thing to say."
-Will Durant
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Jul 08 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos