Nmap Development mailing list archives
Re: [Bug]? Script Directories 4.23RC3 on MSWin32
From: jah <jah () zadkiel plus com>
Date: Sun, 09 Dec 2007 15:31:19 +0000
David Fifield wrote:
On Fri, Dec 07, 2007 at 09:51:40PM +0000, jah wrote:I would like, in certain circumstances, to force nmap not to run scripts that it would otherwise run automatically (category "version") and I've been experimenting with 4.23RC3. Having re-read the docs on the subject, I decided that I'd start by pointing nmap at a directory containing zero scripts and found what I believe to be some odd things: Nmap won't parse any arguments found after a quote enclosed, absolute path, to a directory containing zero or more scripts, if a backslash is appended to the path: C:\>nmap --script "C:\Program Files\Nmap\scripts\" -sV --log-errors -p80 192.168.1.1 -R --script-trace Starting Nmap 4.23RC3 ( http://insecure.org ) at 2007-12-07 18:07 GMT Standard Time WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.047 secondsAs Kris observed, this is because the backslash is escaping the closing quote.
Agreed, perhaps this weirdness with the windows command interpreter
ought to be referenced in the docs. Or maybe have nmap split any
arguments that contain a quote (") in them and so avoid:
--script="C:\none\" -sV
SCRIPT ENGINE: No such category, file or directory: 'C:\none" -sV'
So escaping the trailing slash should work: C:\>nmap --script "C:\Program Files\Nmap\scripts\\" -sV --log-errors -p80 192.168.1.1 -R --script-trace Starting Nmap 4.23RC3 ( http://insecure.org ) at 2007-12-07 18:07 GMT Standard Time SCRIPT ENGINE: No such category, file or directory: 'C:\Program Files\Nmap\scripts\' SCRIPT ENGINE: Aborting script scan. Interesting ports on 192.168.1.1: PORT STATE SERVICE VERSION 80/tcp open tcpwrapped MAC Address: XX:XX:XX:D5:5E:30 (XXXXXX) Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ . Nmap done: 1 IP address (1 host up) scanned in 5.562 secondsI committed a fix for this. Here is what happens before and after the fix. nmap --script=/home/david/nmap/scripts/SSHv1-support.nse -d localhost Before: SCRIPT ENGINE: No such category, file or directory: '/home/david/nmap/scripts/SSHv1-support.nse' After: SCRIPT ENGINE: Will run /home/david/nmap/scripts/SSHv1-support.nse against 127.0.0.1:22 nmap --script=/home/david/nmap/scripts/SSHv1-support -d localhost Before: SCRIPT ENGINE: No such category, file or directory: '/home/david/nmap/scripts/SSHv1-support' After: SCRIPT ENGINE: Will run /home/david/nmap/scripts/SSHv1-support.nse against 127.0.0.1:22 nmap --script=/scripts/SSHv1-support.nse -d localhost Before: SCRIPT ENGINE: Will run /usr/share/nmap//scripts/SSHv1-support.nse against 127.0.0.1:22 After: SCRIPT ENGINE: No such category, file or directory: '/scripts/SSHv1-support.nse' nmap --script=/scripts/SSHv1-support -d localhost Before: SCRIPT ENGINE: Will run /usr/share/nmap//scripts/SSHv1-support.nse against 127.0.0.1:22 After: SCRIPT ENGINE: No such category, file or directory: '/scripts/SSHv1-support' nmap --script=/home/david/nmap/scripts -d localhost Before: SCRIPT ENGINE: No such category, file or directory: '/home/david/nmap/scripts' After: SCRIPT ENGINE: Will run /home/david/nmap/scripts/ripeQuery.nse against 127.0.0.1 SCRIPT ENGINE: Will run /home/david/nmap/scripts/SSHv1-support.nse against 127.0.0.1:22 I also tested on Windows. David Fifield
Great stuff, it seems well fixed!
There is a slight difference between your examples above and in windows
when a leading slash is used for a relative path:
nmap 192.168.1.1 -sSV -p80 --script \myscripts -d
SCRIPT ENGINE: Will run C:\Program
Files\Nmap\\myscripts\skype_v2-version.nse against 192.168.1.1:80
This, at both the command prompt and in zenmap.
Difficult to know whether this should happen or not given cmd.exe behaviour:
C:\nmap-4.49RC6>cd \myscripts
The system cannot find the path specified.
C:\nmap-4.49RC6>cd /myscripts
C:\nmap-4.49RC6\myscripts>
Bizarre.
The only other question remaining is that given that nmap will use
scripts from it's default script dir in addition to scripts at any
supplied paths, should it fail to do any script scanning if the supplied
path is in some way incorrect? Or should it indeed not even use it's
default scripts if alternative ones are supplied?
One for the future!
jah
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Current thread:
- [Bug]? Script Directories 4.23RC3 on MSWin32 jah (Dec 07)
- Re: [Bug]? Script Directories 4.23RC3 on MSWin32 Kris Katterjohn (Dec 07)
- Re: [Bug]? Script Directories 4.23RC3 on MSWin32 jah (Dec 07)
- Re: [Bug]? Script Directories 4.23RC3 on MSWin32 David Fifield (Dec 08)
- Re: [Bug]? Script Directories 4.23RC3 on MSWin32 jah (Dec 09)
- Re: [Bug]? Script Directories 4.23RC3 on MSWin32 Fyodor (Dec 09)
- Re: [Bug]? Script Directories 4.23RC3 on MSWin32 jah (Dec 09)
- Re: [Bug]? Script Directories 4.23RC3 on MSWin32 jah (Dec 09)
- Re: [Bug]? Script Directories 4.23RC3 on MSWin32 jah (Dec 09)
- Re: [Bug]? Script Directories 4.23RC3 on MSWin32 David Fifield (Dec 14)
- Re: [Bug]? Script Directories 4.23RC3 on MSWin32 Kris Katterjohn (Dec 07)