Re: Script force

[Martin Holst Swende <martin () swende se>]

On 11/16/2011 09:37 AM, Martin Holst Swende wrote:
> On 11/16/2011 02:01 AM, Djalal Harouni wrote:
> > Martin,
> >
> > On Tue, Nov 15, 2011 at 03:24:12PM +0100, Martin Holst Swende wrote:
> > > Hi,
> > >
> > > Due to some interest shown off-list, I have made a new patch to enable
> > > the feature to force a script to run, the patch is basically the same as
> > > earlier but since the svn-version of nse_main has changed, so does the
> > > patch.
> > >
> > > Usage :
> > > nmap -p2424 target.com --script ms-sql-config --script-args force
> > >
> > > The primary usecase people seem to have is that they e.g. do a
> > > configuration review of a lot of ms-sql servers, say you have a list of
> > > 20 servers where the database is located on an uncomon port. They don't
> > > want to have to do -sV --version-all just to run a script, since they
> > > already know what's on the port.
> > >
> > > Attached is the svn diff and the complete nse_main.lua file.
> > >
> > > Regards,
> > > Martin Holst Swende
> > >
> > > Index: nse_main.lua
> > > ===================================================================
> > > --- nse_main.lua    (revision 27093)
> > > +++ nse_main.lua    (working copy)
> > > @@ -344,13 +344,19 @@
> > >      -- This thread allows us to load the script's globals in the
> > >      -- same Lua thread the action and rule functions will execute in.
> > >      local co = create(main);
> > > +    -- If the script-argument "force" is used, we will ignore the portrule and run it even 
> > > +    -- if the portrule says no. This is useful if a service is known by the user, but runs at a 
> > > +    -- uncommon port which may not be identified by service discovery or takes very long
> > > +    -- time to discover due to the amount of probes that needs to be sent. 
> > > +    local force = stdnse.get_script_args("force")
> > > +
> > You can also do:
> > local force = stdnse.get_script_args(self.short_basename..".force")
> >
> > This way you can select which scripts to run "script_name.force" or
> > force them all when "force" is specified.
> >
> > But this is not a clean solution since you will specify the script name
> > twice. A better one would be to do it in the --script switch, perhaps
> > with a one char (e.g: '#', --script='ms-sql-*#' to force ms-sql* scripts)
> > or anything else ...  (making sure to escape those chars!)
> >
> > Perhaps then you will get an approval :)
> >
> > Thanks.
> I really like that idea!
> I implemented it, using the @ - character. Usage :
> ./nmap --script @smb-brute,http-* -p80 www.google.com -d3
> //This would force smb-brute, but run the http-* as normal.
>
> ./nmap --script @http-title,smb-brute -p80 www.google.com
> //Forces http-title, but not smb-brute
>
> Force does not work for categories now ("@http-*"), but I can add it on
> if this suggestion gets approval. Svndiff attached.
Why wait. Here's another version, the following syntax works also:
/nmap --script @smb-* -p80 www.google.com

Diff attached.
Regards,
/Martin

Attachment: svndiff_nsemain
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/