NSE Questions

[Alan Jones <alan () ajsquared us>]

I have not actively followed the NSE development and related
discussions, but as I started seeing the possibilities I was getting
more excited.  In looking at the Nmap-nse-man file and the mailing list
I  had questions I hope are not to basic.  Don't be offended as I am
sure there may be others with the same question.  If the questions are
good maybe there could be some additional documentation around in those
areas added or enhanced?

The questions were kind of a brain dump so sorry if things got long, but
hopefully they not to confusing.

I see one can run multiple scrips if the are under the directory
/nse-scripts/, can I assume it will run scrips under the sub and sub sub
directories under the /nse-scripts/ directory?

I already see the NSE scripts growing quickly.  Fyodor will you or could
you provide a separate download zip file of the NSE scripts on a more
frequent basis then Nmap updates?  Then while an Nmap update is still
being worked out people could get current set of all offered scripts.
Of course doing this might mean the directory structure of scrips should
be changed.  Maybe /nse-scripts/default/  and /nse-scripts/custom/  so
that when one unzips all current offered scrips it would not over wright
anything in the /custom/ folder?

> From my reading it sounds like one could do a standard NMAP scan plus
all or a set of NSE scripts, is this correct?
some thing like:
nmap -sC -v -v -v -A -sV -version-all -O -oX  <some hopefully small IP
range>

I did not see any mention of XML output. Can the script output along
with other output be sent to an XML file?
Are there or should there be standards around tag types and outputs for
XML consistency?

Does the output include a list of what scrips were used in scanning?
Nmap tells you what parameters are used when scanning, but just
reporting that scripting was turned on does not tell you what scrips
were used and what they scanned for.  Example does it report basically
we ran the following scrips  "Kibuv Test", "MSWindows Shell", "Skype
v2", etc... pulling from the script's ID line.  If the system does not
report what scrips one ran and the output and the script does not flag
that something is happening like "Skype v2 server detected" as a
response then  one would not know something was checked for.  This is
especially important for sharing with a team member on an internal
scan/audit so others know what you checked for ... or did not check for.

I am confused around the --script-updatedb option.  Can one specify
--script-updatedb as part of the normal nmap script scan option just in
case there were new/changed scripts or do you have to update the DB then
to a scan (2 steps)?  Depending on timing I would think most people
would like to
just update the db every time they change things much.

Fyodor, not NSE related, but when when it is time to start collecting
fingerprints for the the new OS Database will you post updates as a
separate download and not just hold off till the next Nmap update?  This
could also help prevent people from sending you so many copies of the
same fingerprint.


thanks for all the information



Alan





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org