Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE][patch] Load script-args from a file
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 23 Dec 2011 11:39:40 -0600

On 09/21/2011 11:01 AM, Daniel Miller wrote:
On 06/18/2011 04:42 PM, Fyodor wrote:
On Wed, Jun 15, 2011 at 10:12:02PM -0500, Daniel Miller wrote:
Here's a patch to let users specify a file from which to load
script-args. Example:

$ cat ~/.nmap/myargs
smbdomain=WORKGROUP,
smbpassword=MyPa$$,

$ nmap --script smb-* --script-args file=myargs target.example.com

Simply put, it checks for a script-arg of "file", parses the contents
of the file the same way we currently parse the argument to --script-args,
combines it with any arguments on the command line, then goes about
business as usual. Any arguments on the command line supersede ones in the file. The file can be an absolute path, or a path relative to Nmap's usual
search path (NMAPDIR, etc.)
Thanks Dan.  That does sound like it might be useful.  It would be
interesting to hear other people's take on this (e.g. who here is
likely to use this)?  From a UI perspective, I think it would be
better to add a separate Nmap option (e.g. --script-args-file) rather
than to make the "file" script argument name be magic.  That would be
consistent with the way we offer both --exclude and --excludefile
rather than providing a syntax to --exclude that causes it to load a
file.

Cheers,
Fyodor

List,

Dredging up an old thread, I've modified the patch to use the --script-args-file syntax. It will take either an absolute file path, or a path relative to Nmap's search path (~/.nmap/:$NMAP_DIR:/usr/whatever/nmap/), and load arguments out of that file just as they would be specified on the command line. The only difference is that arguments may be separated with newlines, not just commas. The example in my initial email now looks like this:
$ cat ~/.nmap/myargs
smbdomain=WORKGROUP
smbpassword=MyPa$$

$ nmap --script smb-* --script-args-file myargs target.example.com

Dan

P.S. Some of the options are listed twice, once with hyphens, and again with underscores. I thought I understood this was to be more flexible in what was allowed, but I noticed the options parsing often only compares with the hyphenated version. Should we strip some of these out, or does it really not matter?
List,

I submitted this patch in September, and there seemed to be interest in June, but it never was accepted. I'm resubmitting with the addition of some documentation on the --script-args-file option. Additionally, I found that the --script-help option was incorrectly nested under the --script-args option, which can be seen as an extra level of indentation for that option in the Nmap man page. This patch should fix that issue as well.

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]