Re: Script force

[Duarte Silva <duarte.silva () serializing me>]

Hi Martin,

nice work! Just a cosmetic suggestion, try to make sure (in the next patches) 
that the identation is uniform. What I mean is, if the original file uses 
spaces, make sure you don't add tab characters (in some editor it gets weird) 

Didn't test it, but overall, by just looking at the code, it seems you covered 
all the bases.

Regards,
Duarte Silva

On Wednesday 16 November 2011 08:56:49 Martin Holst Swende wrote:
> On 11/16/2011 09:37 AM, Martin Holst Swende wrote:
> > On 11/16/2011 02:01 AM, Djalal Harouni wrote:
> > > Martin,
> > >
> > > On Tue, Nov 15, 2011 at 03:24:12PM +0100, Martin Holst Swende wrote:
> > > > Hi,
> > > >
> > > > Due to some interest shown off-list, I have made a new patch to enable
> > > > the feature to force a script to run, the patch is basically the same
> > > > as earlier but since the svn-version of nse_main has changed, so does
> > > > the patch.
> > > >
> > > > Usage :
> > > > nmap -p2424 target.com --script ms-sql-config --script-args force
> > > >
> > > > The primary usecase people seem to have is that they e.g. do a
> > > > configuration review of a lot of ms-sql servers, say you have a list of
> > > > 20 servers where the database is located on an uncomon port. They don't
> > > > want to have to do -sV --version-all just to run a script, since they
> > > > already know what's on the port.
> > > >
> > > > Attached is the svn diff and the complete nse_main.lua file.
> > > >
> > > > Regards,
> > > > Martin Holst Swende
> > > >
> > > > Index: nse_main.lua
> > > > ===================================================================
> > > > --- nse_main.lua  (revision 27093)
> > > > +++ nse_main.lua  (working copy)
> > > > @@ -344,13 +344,19 @@
> > > >
> > > >      -- This thread allows us to load the script's globals in the
> > > >      -- same Lua thread the action and rule functions will execute in.
> > > >      local co = create(main);
> > > >
> > > > +    -- If the script-argument "force" is used, we will ignore the
> > > > portrule and run it even +    -- if the portrule says no. This is
> > > > useful if a service is known by the user, but runs at a +    --
> > > > uncommon port which may not be identified by service discovery or
> > > > takes very long +    -- time to discover due to the amount of probes
> > > > that needs to be sent. +    local force =
> > > > stdnse.get_script_args("force")
> > > > +
> > >
> > > You can also do:
> > > local force = stdnse.get_script_args(self.short_basename..".force")
> > >
> > > This way you can select which scripts to run "script_name.force" or
> > > force them all when "force" is specified.
> > >
> > > But this is not a clean solution since you will specify the script name
> > > twice. A better one would be to do it in the --script switch, perhaps
> > > with a one char (e.g: '#', --script='ms-sql-*#' to force ms-sql*
> > > scripts) or anything else ...  (making sure to escape those chars!)
> > >
> > > Perhaps then you will get an approval :)
> > >
> > > Thanks.
> >
> > I really like that idea!
> > I implemented it, using the @ - character. Usage :
> > ./nmap --script @smb-brute,http-* -p80 www.google.com -d3
> > //This would force smb-brute, but run the http-* as normal.
> >
> > ./nmap --script @http-title,smb-brute -p80 www.google.com
> > //Forces http-title, but not smb-brute
> >
> > Force does not work for categories now ("@http-*"), but I can add it on
> > if this suggestion gets approval. Svndiff attached.
>
> Why wait. Here's another version, the following syntax works also:
> /nmap --script @smb-* -p80 www.google.com
>
> Diff attached.
> Regards,
> /Martin

Attachment: smime.p7s
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/