script cooperation

[jah <jah () zadkiel plus com>]

Difficult question really - usually when I think of something I'd like
nmap to do, I read a little and discover "oh, it does that already!".

One thing that I can think of is greater co-operation between scripts -
as has already been mentioned (and I'm conveniently ignoring how this
might be implemented and any associated challenges and just throwing it
out there).

I have a partially-written http spider script and I thought about
implementing it as a library.  One of the uses for this might be to
determine which scripts are going to run and which urls they're going to
request and then to perform those requests on behalf of the scripts
before storing them in the registry.
We have a few scripts (sql-injection, html-title and html-auth) which
request the same pages and if scripts were able to cooperate beyond
runlevels then a single script/library could remove any such redundancy
by making pages the right pages available to the scripts that want
them.  This isn't a huge deal at the moment, but as the number of script
grows, this could be a real timesaver which might also reduce the amount
of noise the target hears.
It would be cool if the spider was able to let scripts know when their
pages had been retrieved so that they could do their processing whilst
the spider is waiting on sockets (this part is actually achievable
already with sleep() and the registry) so, for example, the three
aforementioned scripts could pretty much finish in the same time as it
would have taken to execute one of them.
If a script decides it needs more requests it could hand them off to
spider and so on until all scripts had finished.

jah


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org