Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Quoting/escaping of command line in XML

From: David Fifield <david () bamsoftware com>
Date: Sat, 13 Nov 2010 18:10:23 -0800
On Thu, Nov 11, 2010 at 08:47:02AM -0800, David Fifield wrote:

XML output has an nmaprun@args attribute that is meant to allow you to
recover the command line:

$ ./nmap -sn -oX - --no-stylesheet
<?xml version="1.0"?>
<!-- Nmap 5.35DC18 scan initiated Thu Nov 11 08:30:57 2010 as: ./nmap -sn -oX - -&#45;no-stylesheet -->
<nmaprun scanner="nmap" args="./nmap -sn -oX - -&#45;no-stylesheet">

It has a problem, which is that it loses information when any of the
arguments contains a space:

$ ./nmap -sn -oX - --no-stylesheet --script-args 'msg=one two'
<?xml version="1.0"?>
<!-- Nmap 5.35DC18 scan initiated Thu Nov 11 08:33:50 2010 as: ./nmap -sn -oX - -&#45;no-stylesheet -&#45;script-args 
msg=one two -->
<nmaprun scanner="nmap" args="./nmap -sn -oX - -&#45;no-stylesheet -&#45;script-args msg=one two"

NSE sees the proper argument msg="one two", but if you try to recover
the command line, it looks like an argument msg="one" running against
the target "two". Fyodor also noticed this:

C:\> "C:\Program Files (x86)\Nmap\nmap.exe" -sn -oX - --no-stylesheet
<?xml version="1.0"?>
<!-- Nmap 5.35DC18 scan initiated Thu Nov 11 08:36:13 2010 as: C:\Program Files (x86)\Nmap\nmap.exe -sn -oX - -->
<nmaprun scanner="nmap" args="C:\Program Files (x86)\Nmap\nmap.exe -sn -oX -">

Here it looks like "C:\Program" is the executable name and "Files" and
"(x86)\Nmap\nmap.exe" are targets.

I attach a patch that quotes spaces in this string. It also escapes '"'
and '\' because of the added quoting. This is only to enable the
recovery of the arguments array (i.e., what you would pass to execv). It
doesn't look for shell metacharacters or anything like that, so you
can't just copy and paste from the XML to your shell. (Although this
patch makes copying easier than it was before.) I'm writing to ask for
comments and to alert anyone using this part of XML output.


It's committed in r21030.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: