Nmap Development mailing list archives
Re: [NSE patch]
From: David Fifield <david () bamsoftware com>
Date: Mon, 15 Sep 2008 00:51:32 -0600
On Wed, Aug 27, 2008 at 12:54:45AM +0100, jah wrote:
On 26/08/2008 01:59, Fyodor wrote:One problem is that when I use this in combination with version detection, the NSE script fails to get results: ./nmap -sV --script scripts/netbios-smb-os-discovery.nse 192.168.0.4 [...] PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn 445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds MAC Address: 00:0C:29:FA:6E:BD (VMware) Service Info: OS: Windows Host script results: | Discover OS Version over NetBIOS and SMB: OS version cannot be determined. |_ Never received a response to SMB Setup AndX Request | Discover OS Version over NetBIOS and SMB: Windows XP |_ Discover system time over SMB: 2008-08-25 19:56:53 UTC-7I've noticed this too and I think that because the script is in the version category it's actually called twice when you specify it by name and with -sV: SCRIPT ENGINE: Matching rules. SCRIPT ENGINE: Will run C:\Program Files\Nmap\scripts\netbios-smb-os-discovery.nse against 192.168.1.1 SCRIPT ENGINE: Will run C:\Program Files\Nmap\scripts\netbios-smb-os-discovery.nse against 192.168.1.1 SCRIPT ENGINE: Running scripts. So aside from the issue in the script, perhaps NSE should prevent a script running twice when a version category script is called by -sV and by name?
I made a change in NSE to prevent the script from being loaded twice. Previously the initialization code only checked for duplication while it was reading script.db; now it checks any time a file is loaded. The check is keyed on the script's file name, so you can fool it with something like --script=script.nse,/usr/share/nmap/scripts/../script/script.nse. But --script=script.nse -sV with script.nse in the "version" category will no longer run script.nse twice. I haven't figured out why the script gives bogus results when it is run twice yet. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE patch] Ron (Aug 25)
- Re: [NSE patch] Fyodor (Aug 25)
- Re: [NSE patch] Ron (Aug 25)
- Re: [NSE patch] Fyodor (Aug 26)
- Re: [NSE patch] Ron (Aug 26)
- Re: [NSE patch] Ron (Aug 25)
- Re: [NSE patch] jah (Aug 26)
- Re: [NSE patch] David Fifield (Sep 14)
- Re: [NSE patch] Ron (Sep 15)
- Re: [NSE patch] Fyodor (Aug 25)