Nmap Development mailing list archives
Re: version detection guideline
From: Patrick Donnelly <batrick () batbytes com>
Date: Sat, 9 Apr 2011 20:52:09 -0400
Hi Toni, On Sat, Apr 9, 2011 at 11:55 AM, Toni Ruottu <toni.ruottu () iki fi> wrote:
Should all scripts do version detection?
If a script comes across this information, yes.
At some point I was told that any script that runs into version information should record that information. There are somethings here too that are unclear to me. If I write a script that produces serious output but also records version information, should I then include that script to the version category. I have understood that you should not, because the version scripts get enabled automatically when the user executes a service scan, and the user is not expecting to see script output. Some scripts that produce output seem to currently be in the version category, but maybe this is an error.
Right, a script running in the "version script scanning phase" shouldn't be producing script output. The problem is scripts can distinguish between the two. I think we (David, Fyodor, and I) talked about having a versionrule so scripts would know (via SCRIPT_TYPE) they are supposed to be collecting version information and not producing other output. A versionrule would basically be the same as a portrule. Alternatively, NSE may just discard the script output during the version script scan phase and scripts wouldn't need to worry about it at all.
From this I would say that one should never include version detectionin a non-version script. The problem in this is that the script writers may need to write two scripts that are almost identical. The other one just does outputting and the other one does version detection. I think this is a good model, and should be encouraged. Code duplication is a bit boring, but consistent user experience seems more important to me. It is always possible to have the common parts in a library, if it is a huge amount of code and might be useful for other scripts as well.
Well this is why we have different "rules" that trigger the action: so we can reduce code duplication. -- - Patrick Donnelly _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- version detection guideline Toni Ruottu (Apr 09)
- Re: version detection guideline Patrick Donnelly (Apr 09)
- Re: version detection guideline Djalal Harouni (Apr 10)
- Re: version detection guideline David Fifield (Apr 18)
- Re: version detection guideline Patrick Donnelly (Apr 09)