Nmap Development mailing list archives
[NSE] Script Dependencies Replacement for Runlevels
From: Patrick Donnelly <batrick () batbytes com>
Date: Sun, 8 Nov 2009 17:45:19 -0500
Right now scripts are required to assign a runlevel for their scripts to enforce an ordered execution of a group of scripts during an NSE scan. As an example, smb-brute.nse uses a runlevel of 0.5 so it runs before other smb-* scripts. This allows the other smb-* scripts to utilize the results from the smb-brute.nse script. Unfortunately, it can be difficult to identify the dependencies between these scripts (specified loosely via runlevels) and impossible to enforce a dependency (since scripts are not aware of what other scripts are running). Enforcing a dependency means that we do not run our script if we are missing a dependency (or, we abort scanning altogether because a dependency is missing). I have created a patch to NSE that replaces runlevels with a table of dependencies that clearly outlines what other scripts the script depends on. The table is of the form: dependences = {"script1", script2", ...} Runlevels become an internal representation of the order of scripts that are generated by the dependencies. If a dependency is not present in the current group of scripts then an error will be raised noting the missing dependency. Alternatively, you can use the new command line option --script-autoadd to automatically add dependencies to the current group of scripts (this can potentially add dangerous scripts and therefore is not the default). We also have weak dependencies that specify scripts that the script should run after but are not required for its execution. Its form is the same as the dependencies table above. The user will still see what the current runlevel is during the scan. Additionally, they will now be aware of the number of runlevels: NSE: Script scanning 127.0.0.1. NSE: Starting runlevel 1 (of 3) scan. Initiating NSE at 17:38 Completed NSE at 17:38, 0.00s elapsed NSE: Starting runlevel 2 (of 3) scan. Initiating NSE at 17:38 Completed NSE at 17:38, 0.00s elapsed NSE: Starting runlevel 3 (of 3) scan. Initiating NSE at 17:38 Completed NSE at 17:38, 0.00s elapsed NSE: Script Scanning completed. Another non-obvious benefit to explicit dependencies is we no longer have scripts running in their own runlevel needlessly (reducing our overall parallelism). Before, smb-brute would run by itself in runlevel 0.5 when it could run alongside other unrelated scripts. With respect to backwards compatibility, there is none. We ignore any runlevel specification in the script. Explicit dependencies would be required. -- -Patrick Donnelly "Let all men know thee, but no man know thee thoroughly: Men freely ford that see the shallows." - Benjamin Franklin
Attachment:
dependency.5.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Script Dependencies Replacement for Runlevels Patrick Donnelly (Nov 08)
- Re: [NSE] Script Dependencies Replacement for Runlevels Ron (Nov 08)
- Re: [NSE] Script Dependencies Replacement for Runlevels Fyodor (Nov 09)
- Re: [NSE] Script Dependencies Replacement for Runlevels David Fifield (Nov 09)
- Re: [NSE] Script Dependencies Replacement for Runlevels Ron (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels David Fifield (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels Ron (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels Fyodor (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels Fyodor (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels Ron (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels Ron (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels Patrick Donnelly (Nov 10)