On Sat, 30 Apr 2011 00:53:22 -0700 David Fifield <david () bamsoftware com>
I want to reopen discussion about forcing a script to run. I tried
this patch and it works as I expect. The problem I see is that there
are easy ways to accidentally and confusingly use it.
nmap --script-args force -d2 localhost -sC -F
This is going to run every default script against every open port:
I think that a global "force" option only makes sense if 1) you are
narrowly targeting a list of ports and 2) you are narrowly limiting
the set of scripts. Can we think of a way to make this work naturally
without strange cases like the above?
My first thought is that you usually only want one or a few scripts to
be forced. So what if we invent a new syntax that allows applying the
force script to one script only? I don't think this is a good syntax,
but it will illustrate what I mean:
nmap www.google.com -p80 --script force:firewalk
This is no more typing in the (expected) case when only one script is
used. It would be possible to run one script forced and one
non-forced, though I don't have a realistic use case for that.
I realize that I'm a couple months late to the party, but I'm trying to
catch up on lists again and wanted to comment. :)
Anyway, here's a use case that I think we should look at targeting: I'm
running Zenmap, and I discover a SMB server on the network. I want to run
smb-os-discovery. I do, and get the results. Then I decide to run
smb-enum-users. And maybe some others. Then I move to the FTP port and run
ftp-brute.nse, using the list of usernames I got from SMB. It gets a
password, and I run to run ftp-list-files or whatever.
With the current version of Nmap, I need to do a new scan every time. Even
if it's just the one port, it means I have to re-configure the scanner to
just scan 445 now. Additionally, the registry would need to be persisted for
this to work, but that's another problem.
It'd be really nice if there was an interactive script mode where I can try
the scripts one by one, and not have to re-run the full or partial scan for
Any thoughts about that?
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/