Nmap Development mailing list archives
Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts
From: Fyodor <fyodor () insecure org>
Date: Mon, 22 Mar 2010 13:45:00 -0700
On Mon, Mar 22, 2010 at 01:46:07PM +0100, Patrik Karlsson wrote:
I should have probably described the scripts in the zipfile and attached some sample output last time I posted: http://seclists.org/nmap-dev/2010/q1/1000
Wow, these look great in terms of functionality! I've only briefly skimmed the code so far. Regarding these four:
mssql-databases - list all databases for the server/instance mssql-linked-servers - lists linked servers available on the server/instance mssql-sp-configure - lists a bunch of configuration options mssql-tables - iterates over all databases and lists tables, columns and their data types
I wonder if it would make sense to combine these into some sort of mssql-info script, with arguments determining what is printed? I'd suggest printing just the most notable/important information by default (maybe 5-20 lines) to give a taste of what is available, and then you could even note in the output the option to use to get everything. It would also be nice to have options for retrieving subsets of the data, but I think most important is to have a summary of the most important information (e.g. default output) and a way to specify that you want it all. For example, by default it might give the first (N) linked servers, databases (maybe with a few tables for each), and the most interesting of the configuration information. The value of (N) might be affected by verbosity/debugging level. Then at the end (or somewhere) you could write something like: |_ Output condensed. For full details, run with: --script-args mssql-info=all The way you have done it now is actually very similar to how many of our other scripts work. Particularly the SMB family (e.g. smb-enum-domains, smb-enum-groups, smb-enum-processes, smb-enum-sessions, smb-enum-shares, smb-enum-users, smb-server-stats, and smb-system-info), citrix-enum-*, mysql-{info,users,variables}, and snmp-win32-*. So this is a larger issue than mssql-*. For scripts which gather information from a service, do people think we should generally have one gathering script controlled by --script-args, or have a separate scripts for gathering different pieces of information? My initial thought is that we might be better off just having citrix-enum, smb-enum, mssql-enum, and snmp-win32-enum scripts (perhaps -info rather than -enum in most cases) which print a condensed summary by default and have a common form of script arg you can use to print everything and also options for passing a list of information you want to retrieve (users, shares, databases, whatever). Of course some cases may necessitate separating scripts if we want them in different categories, if some require different sorts of authentication, etc. The Nessus approach is to allow plugin explosion and then brag about having tens of thousands of plugins. But I'm not sure that is the best approach for Nmap NSE. I'm interested in what other people think, as these types of scripts are proliferating and so it gets harder to change things the longer we wait to decide on a standard. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Mar 21)
- <Possible follow-ups>
- [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Mar 22)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Mar 22)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Mar 22)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Fyodor (Mar 22)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Ron (Mar 22)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Mar 23)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Fyodor (Mar 28)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Ron (Mar 28)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts David Fifield (Mar 22)
- [NSE] Feature suggestion (GSoC?) Martin Holst Swende (Mar 25)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Kris Katterjohn (Mar 28)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Fyodor (Mar 28)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Kris Katterjohn (Mar 28)
- Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts Patrik Karlsson (Mar 30)