Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Thoughts on script documentation
From: David Fifield <david () bamsoftware com>
Date: Wed, 12 Jan 2011 19:21:27 -0800

On Fri, Dec 10, 2010 at 01:14:49PM +0100, Martin Holst Swende wrote:
On 12/08/2010 10:06 PM, David Fifield wrote:
What if Nmap just came with a script that did the equivalent of

rsync -r rsync://nmap.org/scripts/ /usr/share/nmap/scripts/
rsync -r rsync://nmap.org/nselib/ /usr/share/nmap/nselib/

This is pretty much what openvas-nvt-sync does. It also can download a
.tar.bz2 file if rsync isn't installed.

http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-scanner/tools/openvas-nvt-sync.in?rev=8017&root=openvas&view=markup

Maybe rsync would be easy to get to Windows users. This also wouldn't
solve the problem of version dependencies. 
That would be great!
It could be good to add some possibility to detect and warn a user if
there are *known* compatibility issues. E.g, issuing GET
http://nmap.org/scriptupdate?version=<installed_version> before the
rsync takes place. If scriptupdate detects that version is blacklisted
as "incompatible" with the current head, it could return an appropriate
status code and message : "Some of the scripts you are about to fetch
are marked as incompatible with your version of nmap. ".

Well, that's the rub. It's easy to set up some rsync service, but much
harder to build (and especially maintain) some list of compatibilities.
And not only on Nmap maintainers. New script writers (if they wanted to
be thorough) would have to test their scripts against previous versions
and see when they stop working.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault