Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Possible NSE SCRIPT_NAME content issue
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Sun, 8 May 2011 20:27:42 +0300

I have not said this before, but I'll bring it up now. I think using
SCRIPT_NAME for parameters is a bad idea. The rationale for using it
is so you do not need to change the parameter name when you change the
script name. I am not sure this is an important use case.

The reason why I don't like it, is that when you use that pattern you
stop thinking about the most practical name for the parameter. For
example it might make sense to use http.password for all http scripts,
but if you were using this pattern when writing http-info.nse, you
would end up with http-info.password without ever thinking about it.

On Sun, May 8, 2011 at 8:13 PM, Gorjan Petrovski <mogi57 () gmail com> wrote:
Hello,

I've ran across a possible issue. When I run "nmap --script <script>
<target>" and <script> is a file in the current directory which hasn't
been added to the script database, for ex. "nmap --script test
<target>" and the script name is "test.nse", the SCRIPT_NAME variable
is filled with "test.nse". Should it not strip the .nse extension, so
as to get correct arguments passed from --script-args and collected
with stdnse.get_script_args( SCRIPT_NAME .. <script_argument>) ?

Cheers,
Gorjan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]