Home page logo

nmap-dev logo Nmap Development mailing list archives

Need a new solution for Zenmap script listing
From: David Fifield <david () bamsoftware com>
Date: Sun, 23 Jan 2011 23:29:42 -0800

Daniel Miller's bug report today (http://seclists.org/nmap-dev/2011/q1/235)
reminded me to re-check whether Zenmap's method of getting a list of
scripts is side effect–free. Unfortunately, since the advent of our
broadcast scripts it's not, and merely opening the profile editor causes
a scan of the local network with broadcast-dns-service-discovery,
broadcast-dropbox-listener, broadcast-ms-sql-discover,
broadcast-upnp-info, broadcast-wsdd-discover, and db2-discover.

What Zenmap does is first run "nmap -d2 --script=all" to get a list of
all available scripts, by looking for lines like

NSE: Loaded '/usr/local/share/nmap/scripts/afp-brute.nse'.
NSE: Loaded '/usr/local/share/nmap/scripts/afp-path-vuln.nse'.
NSE: Loaded '/usr/local/share/nmap/scripts/afp-serverinfo.nse'.

It used to be that providing no targets meant Nmap would not scan
anything, but that's not the case now. This same technique is used to
get a list of scripts that match a boolean expression; for example if
you edit a command with --script="http-* and safe", Zenmap will run
"nmap -d2 --script='http-* and safe'" in the background so it can update
the list of selected scripts. Obviously if someone enters something like
--script="broadcast" it will have the same problem.

I think that Martin Swende's idea for --script-help or however it ends
up being implemented is the best proposal so far that would make this
easy to fix.

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]