mailing list archives
Re: Script force
From: Djalal Harouni <tixxdz () opendz org>
Date: Thu, 1 Dec 2011 23:47:44 +0100
On Tue, Nov 29, 2011 at 03:11:32PM -0800, David Fifield wrote:
I've tested the patch and found it to do what it's supposed to when
listing script names by themselves. I also found some funny interaction
with the "and", "or", and "not" operators. Specifically, these operators
always change force to false, because they do not see the second return
value of the m function. But additionally, it's not clear what the
correct interaction even is.
I've updated the patch, the attached version supports all the following
Here are some test cases I tried:
script name dport runs?
http-title -p22 no
+http-title -p22 yes
http-title,http-title -p22 no
http-title,+http-title -p22 no
+http-title,http-title -p22 no
+http-title,+http-title -p22 yes
http-title or http-title -p22 no
http-title or +http-title -p22 no
+http-title or http-title -p22 no
+http-title or +http-title -p22 no
All of them are supported.
Also, even supposing that the "or" would retain the force value, what
should happen in cases like this?
http-title or +http-*
This is also supported, http-title will be loaded normally and all the
other scripts will be forced as suggested by Martin.
"http-title or +http-*":
Fetchfile found /mnt/opensource/code/nmap/nmap-trunk/scripts/http-robtex-reverse-ip.nse
NSE: Script http-robtex-reverse-ip.nse was selected by name and forced to run.
Fetchfile found /mnt/opensource/code/nmap/nmap-trunk/scripts/http-title.nse
NSE: Script http-title.nse was selected by name.
Fetchfile found /mnt/opensource/code/nmap/nmap-trunk/scripts/http-trace.nse
NSE: Script http-trace.nse was selected by name and forced to run.
Should http-title be forced in this case? It seems like it would not be,
because "or" will short-circuit before reading "+http-*".
The attached patch takes another path, it will save all the forced
patterns in a special map, later we just check this table to see if the
current pattern is present or not, if it is then we force the script.
This way we avoid complex operations like: check if the script was
previously loaded and if it was forced or not: "http-title,+http-title".
The selection operation of "http-title or +http-*" will be:
1) check the forced flag:
forced_rules["http-*"] = true
2) check the rules and load scripts:
"http-title or +http-*" will short-circiut only for http-title, then
we check 'forced_rules["http-title"] == nil' => do not force.
For other scripts 'forced_rules["http-*"] = true' the force flag will
Note: the pattern (e.g. "http-*") is checked first then it is cleaned
(escaped) to match script names.
3) Only a one instance of scripts is loaded, so http-title will not be
I also tried
+(default or vuln)
I didn't really expect it to work. This was the output:
NSE: failed to initialize the script engine:
[string "rule"]:1: attempt to call a boolean value
We can also support this but it will need more regexp checks, perhaps we
should just let users specify "+default or +vuln" as suggested by
I'll try to have a look at this error.
I'm starting to think that it shouldn't be allowed to mix + with boolean
operators. In other words, only allow one script name or category name
between commas when a + is present. Otherwise show an error message.
Does this sound possible to implement? Do you have any other ideas?
I think that we can support the boolean operators, but I'm not sure,
perhaps I've missed some use cases, more tests are welcome.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/