Re: [NSE] Microsoft SQL Server (MSSQL) library and scripts

[Fyodor <fyodor () insecure org>]

On Mon, Mar 22, 2010 at 01:46:07PM +0100, Patrik Karlsson wrote:
> I should have probably described the scripts in the zipfile and attached some sample output last time I posted:
> http://seclists.org/nmap-dev/2010/q1/1000

Wow, these look great in terms of functionality! I've only briefly
skimmed the code so far.  Regarding these four:

> mssql-databases - list all databases for the server/instance
> mssql-linked-servers - lists linked servers available on the server/instance
> mssql-sp-configure - lists a bunch of configuration options
> mssql-tables - iterates over all databases and lists tables, columns and their data types

I wonder if it would make sense to combine these into some sort of
mssql-info script, with arguments determining what is printed?  I'd
suggest printing just the most notable/important information by
default (maybe 5-20 lines) to give a taste of what is available, and
then you could even note in the output the option to use to get
everything.  It would also be nice to have options for retrieving
subsets of the data, but I think most important is to have a summary
of the most important information (e.g. default output) and a way to
specify that you want it all.

For example, by default it might give the first (N) linked servers,
databases (maybe with a few tables for each), and the most interesting
of the configuration information. The value of (N) might be affected
by verbosity/debugging level.  Then at the end (or somewhere) you
could write something like:

 |_ Output condensed. For full details, run with: --script-args mssql-info=all

The way you have done it now is actually very similar to how many of
our other scripts work.  Particularly the SMB family
(e.g. smb-enum-domains, smb-enum-groups, smb-enum-processes,
smb-enum-sessions, smb-enum-shares, smb-enum-users, smb-server-stats,
and smb-system-info), citrix-enum-*, mysql-{info,users,variables}, and
snmp-win32-*.

So this is a larger issue than mssql-*.  For scripts which gather
information from a service, do people think we should generally have
one gathering script controlled by --script-args, or have a separate
scripts for gathering different pieces of information?

My initial thought is that we might be better off just having
citrix-enum, smb-enum, mssql-enum, and snmp-win32-enum scripts
(perhaps -info rather than -enum in most cases) which print a
condensed summary by default and have a common form of script arg you
can use to print everything and also options for passing a list of
information you want to retrieve (users, shares, databases, whatever).

Of course some cases may necessitate separating scripts if we want
them in different categories, if some require different sorts of
authentication, etc.

The Nessus approach is to allow plugin explosion and then brag about
having tens of thousands of plugins.  But I'm not sure that is the
best approach for Nmap NSE.

I'm interested in what other people think, as these types of scripts
are proliferating and so it gets harder to change things the longer we
wait to decide on a standard.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/