Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Script Dependencies Replacement for Runlevels

From: Ron <ron () skullsecurity net>
Date: Mon, 09 Nov 2009 17:53:44 -0600
David Fifield wrote:

My question is, do we need support for strong dependencies? I'm assuming
I'm correct in thinking that strong dependencies are a new future, and
that weak dependencies are equivalent to runlevels. If there is a use
case for strong dependencies I'm not against them, but I would like to
avoid having a --script-autoadd option.

Once http-spider.nse exists, I'd like to write some scripts that depend
on it. They wouldn't just be helped by http-spider.nse, but they'd
*require* its output to run.


I can think of one thing that runlevels offer that explicit dependencies
don't. Say you have a brute force script, and you want it to run after
every script that can potentially find a login for you. For example,
telnet-brute might want to run after http-userdir-enum because the
latter can identify usernames. We could do this with runlevels by giving
a the login-finding scripts a low runlevel, but with explicit
dependencies every brute force script will need to know about every
login script. I suspect this is not easy to solve from a user interface
point of view. One idea I had was something like

weak_dependencies = {"*login"}

"*login" would stand for a class of scripts that would somehow signify
that they satisfy it. The runlevel assigned to the brute script would
have to be at least one more than the highest runlevel of any *login
script.

Not sure if this really affect what you're saying, but you made me think
of it. There are sort of three types of auth* scripts:
1. Finding users
2. Finding passwords (based on users)
3. Using users/passwords to get more information

With the smb-* scripts, I sort of do 1 and 2 backwards -- you can't
necessarily get good user output in step (1), so I enumerate users in
step (3), but I abstracted the functions out and sort of combine it into
step (2). But that's besides the point -- for http-*, telnet-*, etc,
finding users before finding passwords which is before finding deeper
info is useful.

Also, usernames and such should carry across scripts (like snmp-*
scripts could use the telnet-* and ftp-* bruteforced accounts, perhaps?)

Authentication-based scripts are interesting, for sure.

Ron

-- 
Ron Bowes
http://www.skullsecurity.org/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: