Nmap Development mailing list archives
Re: NSE console script help
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 18 Jan 2011 20:41:29 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/18/2011 08:24 PM, Fyodor wrote:
Well, the way I see it, there are four main script help selection possibilities: 1) Print the script help info for all scripts known by Nmap 2) Print the info for all scripts selected (by a specifier, like "default" or "safe" or "broadcast" or "asn-query" or whatever). In this case, you can get behavior #1 by specifying "all". 3) Print just the scripts which pass their rule (portrule, hostrule, prerule, or postrule) and thus would be (or are) actually run by Nmap. 4) Print just the help for the scripts which actually produced output. That way users don't end up with output from scripts they don't really understand.
[...]
One question is how much work you want Nmap to do when you ask for help. With #1 and #2, you could either print the information immediately and then stop, or you could let the scan continue. The advantage of stopping is that it lets people see their script options before committing to running them. I suppose the advantages of continuing are that it puts the information there in the Nmap report along with the results (avoids running Nmap twice), and (more importantly) might be more consistent if we also offer #3 and #4. For #3, Nmap needs to do its port scanning, OS detection, version detection, and run at least the script portrules. For #4, Nmap needs to completely execute. So if we want to support these, it pretty much dictates an interface which runs the scan AND produces help.
[...]
It is worth noting that each one is a superset of the higher-numbered options. So #2 contains all the scripts (and possibly more) in #3, and so on.
I've been busy lately and I don't currently have the time to think about the best way to specify the option (--script-help, etc); however, I do want to at least throw my opinion in for which help types I prefer. I don't currently see a reason to not just print the help and stop (or at least I don't want to be forced to have Nmap run the scan just to see the help information). I mean, why would I want help info in my output when I'm already running the scan I wanted help with? I guess I can see some use for that, but I think printing the help and stopping should be the default behavior. In the case that the scan runs and help is printed, I think #4 is good. Overall, I currently like #2 the best (and specifying "all" for the behavior for #1). So I think #2 should be default, and #4 should be the behavior if there's going to be an option to run the scan and print the help together.
Cheers, Fyodor
Cheers, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNNk9ZAAoJEEQxgFs5kUfuv30P+QGU8Ucr6eLhFRuOvHutFHqq pHzuNHcH8d85i130Hb/3gZoUVUzCZLu+nxB9WennzlTrwDSGuR9fFi/I7Ov207gf hRu1Zrik/n83t+1rLTOLJ2mU6ONR6EyP1LRXCs+wUuHnOt2ziAvUqKmsC/qVth9q qBcQB0TlonasZpW/4PojRuxc7NuHDcAPtxZQ/Q+WNZEx3Z7g1QU3BgBrN17U1Z14 dumeD3b8hE/D8AZwhyIKddwzupsrEk3evbl1hCpdj+uHYt2MlnBKi6KuUZ4lTL5c GrFXxpZ257NfEEJQ2/PXhzCa198lbhNS6UP7pKjn/uL3+JUPMLAf4pGHJn+EY12/ BrU0iWg5qo+t9Po2QZtwu94BmXiqGP9B9ENVUFJtH22ToHAID7O3bX7fTwknSeyN i2d0y/s8wZR1hWwxEuVZCQ7aJOnGQN0XCH5S8eNDDSFRb2abLn0cSUSYRXVCqQbx /GJ/tvYk3+33vepxfxH9iVlTvmBc/y5B1OvZxKdVNuOI1IFNc4pdDn5XZxJi9PK1 Aa14FxNPFdFlKqsJiw6QQDQYTYQFi4nXC3yl8VrEnDE9aFQd6cgrLPglnKbBDJoE lhKV82GhuB1m1jj1X4vLOzt2Kw1TpLXJUnp4GLtW06B3dxPEya8WdLLzKAaLA2r3 fG0CYW4qz43yd4w6mIMr =IU8o -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE console script help Martin Holst Swende (Jan 17)
- Re: NSE console script help Arturo 'Buanzo' Busleiman (Jan 17)
- RE: NSE console script help Drazen Popovic (Jan 17)
- Re: NSE console script help David Fifield (Jan 17)
- Re: NSE console script help Martin Holst Swende (Jan 17)
- Re: NSE console script help Fyodor (Jan 18)
- Re: NSE console script help Martin Holst Swende (Jan 18)
- Re: NSE console script help Patrick Donnelly (Jan 18)
- Re: NSE console script help Martin Holst Swende (Jan 18)
- Re: NSE console script help Fyodor (Jan 18)
- Re: NSE console script help Kris Katterjohn (Jan 18)
- Re: NSE console script help Martin Holst Swende (Jan 21)
- Re: NSE console script help Fyodor (Jan 24)
- Re: NSE console script help Martin Holst Swende (Jan 18)
- Re: NSE console script help David Fifield (Jan 26)