Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: status report #6 of 15

From: Felix Wolfsteller <felix.wolfsteller () intevation de>
Date: Wed, 9 Jun 2010 14:41:05 +0200
On Tuesday 08 June 2010 19:16:55 kirubakaran S wrote:

* Finished parsing script.db and obtained metadata from scripts
* The obtained metsdata are stored in the format
<filename,category,Description,License,Author,Arguments,URL>--


  After discussion with David,we finally ended up with executable program
script-metada.py.

This program obtains script metadata like
scriptname,categories,Description,Author,License,
URL of NSEDoc. This is the prototype program for our script selection
interface.

**Obtain the program by
svn co  svn://svn.insecure.org/nmap-exp/kirubakaran


The repository does not seem to be autonously accessible.


**Run the executable python program script-metadata.py
Move into checked out Directory
    on windows, by double clicking it
    on Linux, using ./script-metadata.py
(Please make sure, NMAPDIR environment variable is set to locate the Nmap
datafiles)

**sample output:
***************************************************************************
FileName:afp-brute.nse
category: ['auth', 'intrusive']
license: Same as Nmap--See http://nmap.org/book/man-legal.html
Author: Patrik Karlsson
Description:
Performs password guessing against Apple Filing Protocol (AFP)

Arguments:['userdb', 'passdb', 'unpwdb.userlimit', 'unpwdb.passlimit',
'unpwdb.timelimit']
URL: http://nmap.org/nsedoc/scripts/afp-brute.nse.html
***************************************************************************
***************************************************************************
FileName:afp-path-vuln.nse
category: ['safe', 'vuln']
license: Same as Nmap--See http://nmap.org/book/man-legal.html
Author: Patrik Karlsson
Description: Detects the Mac OS X AFP directory traversal vulnerability
CVE-2010-0533
Arguments:['afp.username', 'afp.password']
URL: http://nmap.org/nsedoc/scripts/afp-path-vuln.nse.html
***************************************************************************
***************************************************************************
.
.
.
.
.
.
I welcome your suggestions and report on bugs in this program.It will
greatly help
us to make it better.


As you asked for suggestions, some things jumped in my eyes on first sight.

Why not follow some standards like the freedesktop ones (e.g. 
http://standards.freedesktop.org/desktop-entry-spec/desktop-entry-spec-1.0.html , 
find a summary at 
http://library.gnome.org/devel/glib/2.22/glib-Key-value-file-parser.html#glib-Key-value-file-parser.description ).

The output could thus look like:

# Comment if you like
[afp-path-vuln.nse]
# Use list separator of your choice
category: 'safe';'vuln'
# ...
URL: http://nmap.org/nsedoc/scripts/afp-path-vuln.nse.html

[afp-brute.nse]
category: 'auth';'intrusive']
license: Same as Nmap--See http://nmap.org/book/man-legal.html
Author: Patrik Karlsson
Description: Performs password guessing against Apple Filing Protocol (AFP)
# ...

etc.

Also, imho the keywords should be written consistently in lower or in upper 
case. Afaict uppercase seems to be used more often. Besides, in your example, 
sometimes a space follows the colon ("URL: http...") sometimes not 
("Arguments:[...").


Enjoy,

-- felix



Thanks
cheers
Kirubakaran.S
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



-- 
Felix Wolfsteller |  ++49 541 335083-783  |  http://www.intevation.de/
PGP Key: 39DE0100
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: