Nmap Development mailing list archives
Re: [NSE] New class of scripts -- New Rule proposal
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Tue, 29 Jun 2010 22:13:41 -0500
On Tue, Jun 29, 2010 at 12:14 AM, Fyodor <> wrote:
On Fri, Jun 25, 2010 at 03:35:02PM -0500, Daniel Miller wrote:A way to get around the decision of whether/when to use the netscript's discoveries to automatically add targets, a new -iC option could be added (in the spirit of -iL, -iR), meaning "get targets from netscripts". This avoids surprising someone who was not expecting to scan those new targets, and also allows one to use the same script to simply discover a list of hosts without scanning them.That is certainly a good point. We don't want Nmap going off and expanding the scope of its scans beyond the expectations of its user. It seems that most scripts which discover IP addresses could either print those IPs in the results, or add them to the scan. We'd want to support both. We will have to think about it more concretely once we have such scripts, but I imagine that the default will be to print the IPs, and there will be a special --script-arg (common to all the scripts which do this) which requests that newly discovered IPs be added to the target list. If a certain script arg becomes extremely popular, we can consider giving it an Nmap option as syntactic sugar. For example, the -iC you proposed could be a shortcut for "--script-arg expandtargets" or whatever. I think the best order for figuring this out is: o Add the functionality for scripts to add extra IPs for Nmap to scan. o When writing such a script (particularly the first one), decide how it is most likely to be used, and how to control it with arguments. o Follow the same model with other scripts unless there is a strong reason for divergent behavior. o At some point we can consider adding short Nmap options for the most common script-args. Cheers, Fyodor
Maybe all of this could be used to implement a feature I've wanted to see for a long time: the ability to automatically portscan the IPs that show up in the --traceroute to your original target. -Jason _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] New class of scripts -- New Rule proposal Djalal Harouni (Jun 24)
- Re: [NSE] New class of scripts -- New Rule proposal Fyodor (Jun 24)
- Re: [NSE] New class of scripts -- New Rule proposal Ron (Jun 25)
- Re: [NSE] New class of scripts -- New Rule proposal Djalal Harouni (Jun 26)
- Re: [NSE] New class of scripts -- New Rule proposal Djalal Harouni (Jun 26)
- Re: [NSE] New class of scripts -- New Rule proposal Ron (Jun 25)
- Re: [NSE] New class of scripts -- New Rule proposal Daniel Miller (Jun 25)
- Re: [NSE] New class of scripts -- New Rule proposal Djalal Harouni (Jun 26)
- Re: [NSE] New class of scripts -- New Rule proposal Fyodor (Jun 28)
- Re: [NSE] New class of scripts -- New Rule proposal DePriest, Jason R. (Jun 29)
- Re: [NSE] New class of scripts -- New Net Rules proposal Djalal Harouni (Jun 26)
- Re: [NSE] New class of scripts -- New Net Rules proposal Patrick Donnelly (Jun 26)
- Re: [NSE] New class of scripts -- New Net Rules proposal Fyodor (Jun 28)
- Re: [NSE] New class of scripts -- New Rule proposal Fyodor (Jun 24)