Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Script force
From: Duarte Silva <duarte.silva () serializing me>
Date: Wed, 16 Nov 2011 09:51:19 +0000

Hi Martin,

nice work! Just a cosmetic suggestion, try to make sure (in the next patches) 
that the identation is uniform. What I mean is, if the original file uses 
spaces, make sure you don't add tab characters (in some editor it gets weird) 

Didn't test it, but overall, by just looking at the code, it seems you covered 
all the bases.

Duarte Silva

On Wednesday 16 November 2011 08:56:49 Martin Holst Swende wrote:
On 11/16/2011 09:37 AM, Martin Holst Swende wrote:
On 11/16/2011 02:01 AM, Djalal Harouni wrote:

On Tue, Nov 15, 2011 at 03:24:12PM +0100, Martin Holst Swende wrote:

Due to some interest shown off-list, I have made a new patch to enable
the feature to force a script to run, the patch is basically the same
as earlier but since the svn-version of nse_main has changed, so does
the patch.

Usage :
nmap -p2424 target.com --script ms-sql-config --script-args force

The primary usecase people seem to have is that they e.g. do a
configuration review of a lot of ms-sql servers, say you have a list of
20 servers where the database is located on an uncomon port. They don't
want to have to do -sV --version-all just to run a script, since they
already know what's on the port.

Attached is the svn diff and the complete nse_main.lua file.

Martin Holst Swende

Index: nse_main.lua
--- nse_main.lua  (revision 27093)
+++ nse_main.lua  (working copy)
@@ -344,13 +344,19 @@

     -- This thread allows us to load the script's globals in the
     -- same Lua thread the action and rule functions will execute in.
     local co = create(main);

+    -- If the script-argument "force" is used, we will ignore the
portrule and run it even +    -- if the portrule says no. This is
useful if a service is known by the user, but runs at a +    --
uncommon port which may not be identified by service discovery or
takes very long +    -- time to discover due to the amount of probes
that needs to be sent. +    local force =

You can also do:
local force = stdnse.get_script_args(self.short_basename..".force")

This way you can select which scripts to run "script_name.force" or
force them all when "force" is specified.

But this is not a clean solution since you will specify the script name
twice. A better one would be to do it in the --script switch, perhaps
with a one char (e.g: '#', --script='ms-sql-*#' to force ms-sql*
scripts) or anything else ...  (making sure to escape those chars!)

Perhaps then you will get an approval :)


I really like that idea!
I implemented it, using the @ - character. Usage :
./nmap --script @smb-brute,http-* -p80 www.google.com -d3
//This would force smb-brute, but run the http-* as normal.

./nmap --script @http-title,smb-brute -p80 www.google.com
//Forces http-title, but not smb-brute

Force does not work for categories now ("@http-*"), but I can add it on
if this suggestion gets approval. Svndiff attached.

Why wait. Here's another version, the following syntax works also:
/nmap --script @smb-* -p80 www.google.com

Diff attached.

Attachment: smime.p7s

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]