Nmap Development mailing list archives
Re: [NSE] Script Dependencies Replacement for Runlevels
From: Ron <ron () skullsecurity net>
Date: Mon, 09 Nov 2009 17:53:44 -0600
David Fifield wrote:
My question is, do we need support for strong dependencies? I'm assuming I'm correct in thinking that strong dependencies are a new future, and that weak dependencies are equivalent to runlevels. If there is a use case for strong dependencies I'm not against them, but I would like to avoid having a --script-autoadd option.
Once http-spider.nse exists, I'd like to write some scripts that depend on it. They wouldn't just be helped by http-spider.nse, but they'd *require* its output to run.
I can think of one thing that runlevels offer that explicit dependencies don't. Say you have a brute force script, and you want it to run after every script that can potentially find a login for you. For example, telnet-brute might want to run after http-userdir-enum because the latter can identify usernames. We could do this with runlevels by giving a the login-finding scripts a low runlevel, but with explicit dependencies every brute force script will need to know about every login script. I suspect this is not easy to solve from a user interface point of view. One idea I had was something like weak_dependencies = {"*login"} "*login" would stand for a class of scripts that would somehow signify that they satisfy it. The runlevel assigned to the brute script would have to be at least one more than the highest runlevel of any *login script.
Not sure if this really affect what you're saying, but you made me think of it. There are sort of three types of auth* scripts: 1. Finding users 2. Finding passwords (based on users) 3. Using users/passwords to get more information With the smb-* scripts, I sort of do 1 and 2 backwards -- you can't necessarily get good user output in step (1), so I enumerate users in step (3), but I abstracted the functions out and sort of combine it into step (2). But that's besides the point -- for http-*, telnet-*, etc, finding users before finding passwords which is before finding deeper info is useful. Also, usernames and such should carry across scripts (like snmp-* scripts could use the telnet-* and ftp-* bruteforced accounts, perhaps?) Authentication-based scripts are interesting, for sure. Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Script Dependencies Replacement for Runlevels, (continued)
- Re: [NSE] Script Dependencies Replacement for Runlevels Ron (Nov 08)
- Re: [NSE] Script Dependencies Replacement for Runlevels Fyodor (Nov 09)
- Re: [NSE] Script Dependencies Replacement for Runlevels David Fifield (Nov 09)
- Re: [NSE] Script Dependencies Replacement for Runlevels Ron (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels David Fifield (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels Ron (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels Fyodor (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels Fyodor (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels Ron (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels Ron (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels Patrick Donnelly (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels Ron (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels Fyodor (Nov 10)
- Re: [NSE] Script Dependencies Replacement for Runlevels Patrick Donnelly (Nov 12)
- Re: [NSE] Script Dependencies Replacement for Runlevels David Fifield (Nov 13)
- Re: [NSE] Script Dependencies Replacement for Runlevels Fyodor (Nov 13)
- Re: Requests for script dependencies Patrick Donnelly (Dec 27)
- Re: Requests for script dependencies David Fifield (Dec 27)
- Re: Requests for script dependencies Patrick Donnelly (Dec 28)
- Re: Requests for script dependencies Ron (Dec 28)