Nmap Development mailing list archives
Re: NSE console script help
From: Fyodor <fyodor () insecure org>
Date: Tue, 18 Jan 2011 00:50:37 -0800
On Mon, Jan 17, 2011 at 08:49:34PM +0100, Martin Holst Swende wrote:
Reposting this which I posted earlier ([1], [2]), perhaps with a bad subject-line, since there was no response.
Thanks for reposting. I agree with others that this could be a worthwhile feature. I think using --script-args to implement this works great as a proof-of-concept, but I agree with David that it probably isn't perfect as a final implementation. Maybe there could be a new option like --script-help which takes a script specifier (i.e. a script name or category or expression--the same arguments as --script itself takes). Then it could print help information for all the matching scripts. Ideally, I think Nmap should do no actual scanning when executed this way (e.g. "nmap --script-help default"). I also agree that it might be nice for Zenmap to use this standard script-help mechanism. Maybe it could print the information in XML or something to the -oX stream. It would probably be good to separate the "--script-args force" part into a separate patch, since that is a completely different feature. I tried to read your new nse_main.lua from the Seclists archive at http://seclists.org/nmap-dev/2010/q4/att-567/nse_main_lua.bin. But I was a bit annoyed that Firefox only lets me download the Lua file rather than offering the choice of viewing it as text in the browser window. It turns out that there has been a firefox "bug" (enhancement request) for this feature for more than 10 years, but it hasn't been implemented yet. The good news is that I found a plugin which let's you choose to view unhandled MIME types as text or HTML or an image or basically whatever you want. It seems to be working well for me so far: https://addons.mozilla.org/en-US/firefox/addon/open-in-browser/ Regarding the Script help output, I suppose it might be best to comma-separate the categories and list them on one line so instead of three lines you have: Categories: default, safe Also, regarding these two lines: NSE: ------------- Script help ------------- http-methods.nse I'll bet you could combine them. Maybe something like: NSE: ------ Script Help: http-methods.nse ------ Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE console script help Martin Holst Swende (Jan 17)
- Re: NSE console script help Arturo 'Buanzo' Busleiman (Jan 17)
- RE: NSE console script help Drazen Popovic (Jan 17)
- Re: NSE console script help David Fifield (Jan 17)
- Re: NSE console script help Martin Holst Swende (Jan 17)
- Re: NSE console script help Fyodor (Jan 18)
- Re: NSE console script help Martin Holst Swende (Jan 18)
- Re: NSE console script help Patrick Donnelly (Jan 18)
- Re: NSE console script help Martin Holst Swende (Jan 18)
- Re: NSE console script help Fyodor (Jan 18)
- Re: NSE console script help Kris Katterjohn (Jan 18)
- Re: NSE console script help Martin Holst Swende (Jan 21)
- Re: NSE console script help Fyodor (Jan 24)
- Re: NSE console script help Martin Holst Swende (Jan 18)
- Re: NSE console script help David Fifield (Jan 26)