Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: NSE console script help
From: Patrick Donnelly <batrick () batbytes com>
Date: Tue, 18 Jan 2011 14:56:15 -0500

On Tue, Jan 18, 2011 at 2:27 PM, Martin Holst Swende <martin () swende se> wrote:
To make it even more useful, as I see it, would be if I was able to
say:"nmap foobar.com --script=!default --script-args=help", i.e,
"tell me about the scripts that I have the option to run here, but which
for some reason are not default". Perhaps this can
already be done?

I want to emphasize (because I think you may be confused) that there
are two conditions that a script must satisfy before being able to run
against this "foobar.com".

First, the script must match the category or filename (or directory)
given via the --script option. For you, if you want all the
non-default scripts, you can do this using the boolean operators via
"not default", or specifically "nmap foobar.com --script 'not default'
--script-args=help".

Second, the script must actually satisfy the rule against the host[:port].

In your example, I find a lot of opportunity for confusion. Many
scripts have the "option" to run against foobar.com but only those
that first match "not default" will be able to. Perhaps what you want
is, more formally, "which scripts that are not in the default category
would run against this host if I did a real scan". That is quite
doable.

However, I don't think this is necessarily something that needs to be
in Nmap proper. One of the initial reasons for the rewrite of NSE core
was so that a user could in fact change how NSE runs (as you have done
in previous work). I like to think we encourage script writers to
change NSE to ease debugging work (or even add features). To me, this
falls under "debugging" and isn't necessarily needed. There are
instances where we have added debugging features that were in high
demand (stack traces come to mind). Maybe this is also worthwhile to
add as well.

-- 
- Patrick Donnelly
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault