RE: Question on NSE script output

["Sina Bahram" <sbahram () nc rr com>]

Unless if I did it wrong, you can't actually do this:

                return host.ip .. " Anonymous FTP login allowed"
 
Let me preface with, I'm a programmer, but not a LUA one.

Here's what I've discovered.

If you are printing something, then unless if you have parentheses around
it, you can't inline concat a string.  Even if you assign it to a local
variable first, then pass the variable to the print.  Probably because it
does expansion at that point, just like lisp or something.

Since we're returning a string, not printing it ... I'm not sure if the
print that eventually gets called has parentheses around it; thus, when I
tried to do the line of code above, almost exactly what you wrote as your
suggestion in your email, I got the same error as if I had done a print with
a string being concatted without parentheses around it.

Does this make sense?

What I eventually did was just modified the script to only return host.ip,
then could grep on the anon keyword, since that's prefaced before the
output.

Anyways, I got the stuff to work, so no worries, but I am interested in
fixing this weirdness, if I can?

Take care,
Sina

-----Original Message-----
From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org]
On Behalf Of David Fifield
Sent: Friday, June 05, 2009 11:58 PM
To: Sina Bahram
Cc: 'nmap-dev'
Subject: Re: Question on NSE script output

On Thu, Jun 04, 2009 at 10:19:39PM -0400, Sina Bahram wrote:
> I have a question about NSE output in nmap.
>
> I want to discover all ftp servers on a decent sized network which allow
> anonymous login.  Wonderful for me that there exists an NSE script to do
> exactly this, but how do I get only those ip's?
>
> I was thinking of just inserting a print to stderr of the ip and a yes/no
> flag into the script then being able to grep on this?  Is it possible to
> print to STDERR in our NSE infrastructure?

I don't know of a way to print to stderr, but you can include the IP
address in the normal script output:
        if(isAnon) then
                return host.ip .. " Anonymous FTP login allowed"
        end

> I'm sure there's a much prettier way, and since I tend to despise hacks
for
> no good reason, I look forward to hearing about a way of just getting the
> ftp servers which allow anonymous login, somehow?
>
> I can't grep the regular nmap output as the context crosses multiple
lines,
> and it becomes an awk script, if I really want to do it right, and I'd
like
> the data quick.

Without any script changes, you could get the list pretty quick with
egrep '(^Interesting ports |ftp-anon)' scan.log | grep -B 1 ftp-anon

Script output is a difficult case because it is mostly free-form text
that may be short or may be many lines.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org