Nmap Development mailing list archives
Re: [nmap-svn] r21603 - nmap/todo
From: David Fifield <david () bamsoftware com>
Date: Sat, 5 Feb 2011 12:10:21 -0800
(I meant to send this a few days ago but mistyped the address.) On Mon, Jan 10, 2011 at 02:13:18PM -0800, Fyodor wrote:
On Sun, Jan 09, 2011 at 08:54:15PM -0800, David Fifield wrote:On Tue, Jan 04, 2011 at 06:11:52PM -0800, commit-mailer () insecure org wrote:+o A trivial change: we currently print some lines about NSE + pre-scanning and post-scanning in verbose mode even when no such + scripts are being run. We should not print those in that case. For + example, nmap -A -v scanme.nmap.org gives me these superfluous lines: + NSE: Starting runlevel 1 (of 2) scan. + Initiating NSE at 18:09 + NSE: Script Pre-scanning. + Completed NSE at 18:09, 0.00s elapsed + NSE: Starting runlevel 2 (of 2) scan. + Initiating NSE at 18:09 + NSE: Script Pre-scanning. + Completed NSE at 18:09, 0.00s elapsed + [...] + NSE: Starting runlevel 1 (of 2) scan. + Initiating NSE at 18:09 + NSE: Script Post-scanning. + Completed NSE at 18:09, 0.00s elapsed + NSE: Starting runlevel 2 (of 2) scan. + Initiating NSE at 18:09 + NSE: Script Post-scanning. + Completed NSE at 18:09, 0.00s elapsedI removed the messages Initiating NSE at 18:09 Completed NSE at 18:09, 0.00s elapsed when there are no scripts to be run. The others are more difficult, because when we enter a run level we don't yet know how many scripts will be run. It used to be the case that we loaded all the script instances in advance, but we now load them on demand in chunks to bound memory use. http://seclists.org/nmap-dev/2010/q4/308. It confuses the control flow somewhat, but I'm thinking about buffering these messages and only showing them once the first script will be run. That can have the weird side effect that some runlevels may be announced when others aren't, for example: NSE: Starting runlevel 1 (of 4) scan. NSE: Starting runlevel 2 (of 4) scan.Thanks David, that helps. Maybe we don't need to print the runlevel stuff in plain verbose=1 mode anyway? For debugging, that information can be useful. But for a simple -v scan, it is probably enough to just say that nse scanning is starting, then do the whole NSE scan (or pre-scan or post-scan, including all runlevels), and then print that it has completed. Ideally the message will only print for an NSE phase if there is at least one script action being run. Verbosity (-v) is one of the most common options used with Nmap, so we need to be extra careful about what we print there. I'm not quite as concerned with -d and multiple -v levels.
I bumped the runlevel messages up to verbosity 2. I made it so that the "Script Pre-scanning" etc. messages are not printed except when there is at least one thread to be run. Also, the pre-scanning phase was never empty because snmp-interfaces had a "return true" prerule. I changed it to check for the presence of its require script argument in the prerule instead of the action, like other scripts. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r21603 - nmap/todo David Fifield (Jan 09)
- Re: [nmap-svn] r21603 - nmap/todo Fyodor (Jan 10)
- Re: [nmap-svn] r21603 - nmap/todo David Fifield (Feb 05)
- Re: [nmap-svn] r21603 - nmap/todo Fyodor (Jan 10)