Nmap Development mailing list archives
Re: [NSE] Prerule considerations and concerns
From: David Fifield <david () bamsoftware com>
Date: Mon, 18 Oct 2010 14:39:32 -0600
On Sat, Oct 16, 2010 at 03:24:21PM -0700, Fyodor wrote:
On Sat, Oct 16, 2010 at 10:32:09AM -0500, Tom Sellers wrote:Here are my concerns with the current behavior: 1. In most cases the results have no relevance to my target. The current scripts broadcast looking for certain data, and that functionality is handy as hell, but it doesn't have any bearing on my target 4 hops away.Hi Tom, you make some good points. A related example is the scan "nmap -A scanme.nmap.org". It ends up doing a pre-scan script with 5 scripts, when none of that functionality is really desired for that scan. The biggest problem is the time and bandwidth used for the undesired functionality, but it also bloats the Nmap output with some extra text: NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 15:01 Completed NSE at 15:01, 5.00s elapsed The five scripts which are running by default are: snmp-interfaces dns-zone-transfer upnp-info ms-sql-info dns-service-discovery
I have to take responsibility for upnp-info, ms-sql-info, and dns-service-discovery, because I asked Patrik to write them that way, not thinking of this issue.
upnp-info ms-sql-info dns-service-discovery These all have prerules which send a broadcast or multicast network query. That is probably not something we want Nmap to do by default every time it runs with scripting. But these three also have hostrules and/or postrules which act against the specified targets and which we probably do want to run by default. I see a couple options for resolving this: 1) We could split off the broadcast functionality of these scripts into new scripts (upnp-broadcast or something) and maybe add them to a new category ("broadcast"? "broadcastdiscovery"?). The way users who want all the broadcast discovery scripts (or individual ones) could easily get them, but it avoids them running by default when you only care about your list of targets. 2) Or we could add a general NSE Arg for enabling the broadcast discovery. This would be like the recently added "newtargets" argument.
We could use the "targets-" prefix like targets-traceroute.nse. This doesn't exactly match what I had in mind for "targets-", because these scripts can print out useful information regardless of whether newtargets is set. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Prerule considerations and concerns Tom Sellers (Oct 16)
- Re: [NSE] Prerule considerations and concerns Fyodor (Oct 16)
- Re: [NSE] Prerule considerations and concerns Patrik Karlsson (Oct 16)
- Re: [NSE] Prerule considerations and concerns David Fifield (Oct 18)
- Re: [NSE] Prerule considerations and concerns Patrik Karlsson (Oct 18)
- Re: [NSE] Prerule considerations and concerns Djalal Harouni (Oct 21)
- Re: [NSE] Prerule considerations and concerns Djalal Harouni (Oct 21)
- Re: [NSE] Prerule considerations and concerns Fyodor (Oct 16)
- Re: [NSE] Prerule considerations and concerns Djalal Harouni (Oct 21)
- Re: [NSE] Prerule considerations and concerns Fyodor (Oct 21)
- Re: [NSE] Prerule considerations and concerns Djalal Harouni (Oct 31)