mailing list archives
Need a new solution for Zenmap script listing
From: David Fifield <david () bamsoftware com>
Date: Sun, 23 Jan 2011 23:29:42 -0800
Daniel Miller's bug report today (http://seclists.org/nmap-dev/2011/q1/235)
reminded me to re-check whether Zenmap's method of getting a list of
scripts is side effect–free. Unfortunately, since the advent of our
broadcast scripts it's not, and merely opening the profile editor causes
a scan of the local network with broadcast-dns-service-discovery,
broadcast-upnp-info, broadcast-wsdd-discover, and db2-discover.
What Zenmap does is first run "nmap -d2 --script=all" to get a list of
all available scripts, by looking for lines like
NSE: Loaded '/usr/local/share/nmap/scripts/afp-brute.nse'.
NSE: Loaded '/usr/local/share/nmap/scripts/afp-path-vuln.nse'.
NSE: Loaded '/usr/local/share/nmap/scripts/afp-serverinfo.nse'.
It used to be that providing no targets meant Nmap would not scan
anything, but that's not the case now. This same technique is used to
get a list of scripts that match a boolean expression; for example if
you edit a command with --script="http-* and safe", Zenmap will run
"nmap -d2 --script='http-* and safe'" in the background so it can update
the list of selected scripts. Obviously if someone enters something like
--script="broadcast" it will have the same problem.
I think that Martin Swende's idea for --script-help or however it ends
up being implemented is the best proposal so far that would make this
easy to fix.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- Need a new solution for Zenmap script listing David Fifield (Jan 24)