mailing list archives
Re: Script force
From: Martin Holst Swende <martin () swende se>
Date: Wed, 16 Nov 2011 09:37:38 +0100
On 11/16/2011 02:01 AM, Djalal Harouni wrote:
On Tue, Nov 15, 2011 at 03:24:12PM +0100, Martin Holst Swende wrote:
Due to some interest shown off-list, I have made a new patch to enable
the feature to force a script to run, the patch is basically the same as
earlier but since the svn-version of nse_main has changed, so does the
nmap -p2424 target.com --script ms-sql-config --script-args force
The primary usecase people seem to have is that they e.g. do a
configuration review of a lot of ms-sql servers, say you have a list of
20 servers where the database is located on an uncomon port. They don't
want to have to do -sV --version-all just to run a script, since they
already know what's on the port.
Attached is the svn diff and the complete nse_main.lua file.
Martin Holst Swende
--- nse_main.lua (revision 27093)
+++ nse_main.lua (working copy)
@@ -344,13 +344,19 @@
-- This thread allows us to load the script's globals in the
-- same Lua thread the action and rule functions will execute in.
local co = create(main);
+ -- If the script-argument "force" is used, we will ignore the portrule and run it even
+ -- if the portrule says no. This is useful if a service is known by the user, but runs at a
+ -- uncommon port which may not be identified by service discovery or takes very long
+ -- time to discover due to the amount of probes that needs to be sent.
+ local force = stdnse.get_script_args("force")
You can also do:
local force = stdnse.get_script_args(self.short_basename..".force")
This way you can select which scripts to run "script_name.force" or
force them all when "force" is specified.
But this is not a clean solution since you will specify the script name
twice. A better one would be to do it in the --script switch, perhaps
with a one char (e.g: '#', --script='ms-sql-*#' to force ms-sql* scripts)
or anything else ... (making sure to escape those chars!)
Perhaps then you will get an approval :)
I really like that idea!
I implemented it, using the @ - character. Usage :
./nmap --script @smb-brute,http-* -p80 www.google.com -d3
//This would force smb-brute, but run the http-* as normal.
./nmap --script @http-title,smb-brute -p80 www.google.com
//Forces http-title, but not smb-brute
Force does not work for categories now ("@http-*"), but I can add it on
if this suggestion gets approval. Svndiff attached.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/