Nmap Development mailing list archives
Re: [NSE] Prerule considerations and concerns
From: Djalal Harouni <tixxdz () gmail com>
Date: Thu, 21 Oct 2010 17:37:55 +0100
On 2010-10-16 15:24:21 -0700, Fyodor wrote:
On Sat, Oct 16, 2010 at 10:32:09AM -0500, Tom Sellers wrote:Here are my concerns with the current behavior: 1. In most cases the results have no relevance to my target. The current scripts broadcast looking for certain data, and that functionality is handy as hell, but it doesn't have any bearing on my target 4 hops away.Hi Tom, you make some good points. A related example is the scan "nmap -A scanme.nmap.org". It ends up doing a pre-scan script with 5 scripts, when none of that functionality is really desired for that scan. The biggest problem is the time and bandwidth used for the undesired functionality, but it also bloats the Nmap output with some extra text: NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 15:01 Completed NSE at 15:01, 5.00s elapsed The five scripts which are running by default are: snmp-interfaces dns-zone-transfer upnp-info ms-sql-info dns-service-discovery Let's start with the first two, as those are simpler to resolve. These don't actually function as prerules unless you pass in special NSE arguments (snmp-interfaces and dnszonetransfer, respectively). The only "problem" they can cause is Nmap having to do the prerule action phase and print out the extra information. It would probably be better for these to check for the required arguments in the prerule() itself rather than in the action.
Yes doing the check for the required arguments in the prerule/postrule script functions is fine. Attached is a patch for dns-zone-transfer to move the checks into the rule functions. I've also moved the portrule checks. For the extra texts: "NSE: Script Pre-scanning.", "NSE: Script scanning 127.0.0.1" "NSE: Script Post-scanning." These messages can be removed easily: we do not print them if all script rules evaluate to false (no threads). A simple patch is attached to remove the two "Pre-scanning" and "Post-scanning" messages. For this: NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 15:01 Completed NSE at 15:01, 5.00s elapsed If we do the script argument check in the prerule/postrule and if we add a new category for the broadcast stuff then this text will not be printed. -- tixxdz
Attachment:
dns-zone-transfer_move_args.diff
Description:
Attachment:
pre-post-scan_debug_msg.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Prerule considerations and concerns Tom Sellers (Oct 16)
- Re: [NSE] Prerule considerations and concerns Fyodor (Oct 16)
- Re: [NSE] Prerule considerations and concerns Patrik Karlsson (Oct 16)
- Re: [NSE] Prerule considerations and concerns David Fifield (Oct 18)
- Re: [NSE] Prerule considerations and concerns Patrik Karlsson (Oct 18)
- Re: [NSE] Prerule considerations and concerns Djalal Harouni (Oct 21)
- Re: [NSE] Prerule considerations and concerns Djalal Harouni (Oct 21)
- Re: [NSE] Prerule considerations and concerns Fyodor (Oct 16)
- Re: [NSE] Prerule considerations and concerns Djalal Harouni (Oct 21)
- Re: [NSE] Prerule considerations and concerns Fyodor (Oct 21)
- Re: [NSE] Prerule considerations and concerns Djalal Harouni (Oct 31)