Nmap Development mailing list archives
Re: Proposal for adding new option to nmap
From: Fyodor <fyodor () insecure org>
Date: Tue, 6 Jul 2010 19:17:22 -0700
On Mon, Jul 05, 2010 at 02:27:24PM -0600, David Fifield wrote:
On Mon, Jul 05, 2010 at 03:37:57PM +0530, kirubakaran S wrote: This option is only really useful if it produces clean output, without any startup or junk messages. Ideally, it prints out only the selected scripts, one per line, to standard output, and quits. I understand that this might not be easy to implement because of the need to initialize the script engine and avoid code paths that produce extra output.
Maybe there should be some unique way to distinguish the --script-list lines. For example, they could all start with "SL: ". My feeling is that it is easy to parse those out, and provides a few significant advantages: o We don't have to remember in the future to make sure all output message either fall outside the Nmap --script-list code path or are properly guarded against printing anything when --script-list is requested. It seems likely that someone will eventually add an output line somewhere which inadvertently breaks this. o It means we don't have to go through all the existing Nmap output and add ugly guard messages to prevent it from printing in --script-list mode. o It means that if we ever want to add a feature to --script-list (like include the supported script phases or categories), we can do so without breaking compatibility. We would (for a time) keep printing the old stuff with the "SL: " prefix, and use a new prefix for the new format. I think that is cleaner than having to add a different command-line option.
If --script-list can't easily work in this way, then we might as well just use -d2.
I'm not against the -d2 approach, but you do lose the "format guarantee" aspect. We would have to remember not to change that debugging output, and obtaining the full path name is more of a pain with -d2 format since its on a separate Fetchfile line.
Either way, we will have to document in the source code that the specific output format is being used by an external program (Zenmap) and it can't be changed or removed.
Yes.
I am thinking that the script list output should have the full absolute path to every script, not just the basename.
Makes sense.
The output might be /usr/share/nmap/scripts/http-auth.nse /usr/share/nmap/scripts/http-date.nse ... /home/david/custom/test-script.nse
Note that on Windows it may include spaces like: C:\Program Files (x86)\Nmap\scripts\http-auth.nse Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Proposal for adding new option to nmap kirubakaran S (Jul 01)
- Re: Proposal for adding new option to nmap Patrick Donnelly (Jul 01)
- Re: Proposal for adding new option to nmap David Fifield (Jul 01)
- Re: Proposal for adding new option to nmap David Fifield (Jul 04)
- Re: Proposal for adding new option to nmap kirubakaran S (Jul 05)
- Re: Proposal for adding new option to nmap David Fifield (Jul 05)
- Re: Proposal for adding new option to nmap Kris Katterjohn (Jul 05)
- Re: Proposal for adding new option to nmap Fyodor (Jul 06)
- Re: Proposal for adding new option to nmap David Fifield (Jul 01)
- Re: Proposal for adding new option to nmap Patrick Donnelly (Jul 01)