Home page logo

nmap-dev logo Nmap Development mailing list archives

RE: Question on NSE script output
From: "Sina Bahram" <sbahram () nc rr com>
Date: Sat, 6 Jun 2009 00:03:35 -0400

Unless if I did it wrong, you can't actually do this:

                return host.ip .. " Anonymous FTP login allowed"
Let me preface with, I'm a programmer, but not a LUA one.

Here's what I've discovered.

If you are printing something, then unless if you have parentheses around
it, you can't inline concat a string.  Even if you assign it to a local
variable first, then pass the variable to the print.  Probably because it
does expansion at that point, just like lisp or something.

Since we're returning a string, not printing it ... I'm not sure if the
print that eventually gets called has parentheses around it; thus, when I
tried to do the line of code above, almost exactly what you wrote as your
suggestion in your email, I got the same error as if I had done a print with
a string being concatted without parentheses around it.

Does this make sense?

What I eventually did was just modified the script to only return host.ip,
then could grep on the anon keyword, since that's prefaced before the

Anyways, I got the stuff to work, so no worries, but I am interested in
fixing this weirdness, if I can?

Take care,

-----Original Message-----
From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org]
On Behalf Of David Fifield
Sent: Friday, June 05, 2009 11:58 PM
To: Sina Bahram
Cc: 'nmap-dev'
Subject: Re: Question on NSE script output

On Thu, Jun 04, 2009 at 10:19:39PM -0400, Sina Bahram wrote:
I have a question about NSE output in nmap.

I want to discover all ftp servers on a decent sized network which allow
anonymous login.  Wonderful for me that there exists an NSE script to do
exactly this, but how do I get only those ip's?

I was thinking of just inserting a print to stderr of the ip and a yes/no
flag into the script then being able to grep on this?  Is it possible to
print to STDERR in our NSE infrastructure?

I don't know of a way to print to stderr, but you can include the IP
address in the normal script output:
        if(isAnon) then
                return host.ip .. " Anonymous FTP login allowed"

I'm sure there's a much prettier way, and since I tend to despise hacks
no good reason, I look forward to hearing about a way of just getting the
ftp servers which allow anonymous login, somehow?

I can't grep the regular nmap output as the context crosses multiple
and it becomes an awk script, if I really want to do it right, and I'd
the data quick.

Without any script changes, you could get the list pretty quick with
egrep '(^Interesting ports |ftp-anon)' scan.log | grep -B 1 ftp-anon

Script output is a difficult case because it is mostly free-form text
that may be short or may be many lines.

David Fifield

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]