Nmap Development mailing list archives
Re: [NSE] Draft - targets-sniffer.nse
From: Patrick Donnelly <batrick () batbytes com>
Date: Tue, 22 Mar 2011 15:53:56 -0400
On Tue, Mar 22, 2011 at 3:17 PM, Toni Ruottu <toni.ruottu () iki fi> wrote:
This thing is cool! It fails unless you are root, for understandable reasons. Do we have some kind of policy for scripts that require root?
Well, ideally you would just throw an error in the script if you don't have root, something like: if not nmap.is_privileged() then error "i require r00t" end we could even make that an (empty) module to require: require "root" I think in the past we decided it was decided that errors thrown this way can't be used because it ends up aborting the entire scan. In earlier versions of NSE, this would actually occur in the middle of a scan which made it *really* annoying. Now we have NSE loaded at Nmap startup so this isn't quite as big an issue. I myself would like to see these types of errors ignored by NSE (as in, "the script isn't broken, but it can't run for X reason"). Currently, as an example, we have these awkward constructions in mysql-brute.nse: -- ripped from ssh-hostkey.nse -- openssl is required for this script if not pcall(require,"openssl") then portrule = function() return false end action = function() end stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.", SCRIPT_NAME) return; end I think it should be possible to modify (hook) require so that these types of errors remain silent (except with debugging == 3).
I think there should be a way for scripts to report this to nmap, and nmap should probably abort the scan if the user is has request root features while being nonroot. I am not sure, if this is possible at the moment. I am not sure I understand the big picture.
We could make it so if a user requests a script "by name" that Nmap aborts the scan when a required feature is missing, e.g. openssl or r00t. This is similar to how we increase the verbosity when the script is specified "by name" on the command line. -- - Patrick Donnelly _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Draft - targets-sniffer.nse, (continued)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 26)
- Re: [NSE] Draft - targets-sniffer.nse Henri Doreau (Mar 26)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 28)
- Re: [NSE] Draft - targets-sniffer.nse Henri Doreau (Mar 28)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 28)
- Re: [NSE] Draft - targets-sniffer.nse Djalal Harouni (Mar 29)
- Re: [NSE] Draft - targets-sniffer.nse Toni Ruottu (Mar 29)
- Re: [NSE] Draft - targets-sniffer.nse Abuse007 (Mar 30)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse Patrick Donnelly (Mar 22)