Nmap Development mailing list archives

Re: Script force

From: David Fifield <david () bamsoftware com>
Date: Tue, 29 Nov 2011 15:11:32 -0800

On Sat, Nov 19, 2011 at 08:22:11PM +0100, Martin Holst Swende wrote:

Thanks for the feedback! I had missed the categories after all, patched
that now. I also added a printout so it is obvious why a script is or
isn't executed :

martin@linovox:~/tools/nmap$ ./nmap localhost -p1000 --script +intrusive -d

Starting Nmap 5.61TEST3 ( http://nmap.org ) at 2011-11-19 20:13 CET
[...]
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 3) scan.
NSE: broadcast-avahi-dos set for execution: portrule true, force true
NSE: Starting broadcast-avahi-dos.
NSE: dns-brute set for execution: portrule false, force true
NSE: Starting dns-brute.

I also changed it to use the '+'-sign, which Fyodor suggested, since it
has good connotations (typically what is used in a search engine to
specify "I want exactly this, nothing else").


I've tested the patch and found it to do what it's supposed to when
listing script names by themselves. I also found some funny interaction
with the "and", "or", and "not" operators. Specifically, these operators
always change force to false, because they do not see the second return
value of the m function. But additionally, it's not clear what the
correct interaction even is.

Here are some test cases I tried:

script name                     dport   runs?
http-title                      -p22            no
+http-title                     -p22    yes
http-title,http-title           -p22            no
http-title,+http-title          -p22            no
+http-title,http-title          -p22            no
+http-title,+http-title         -p22    yes
http-title or http-title        -p22            no
http-title or +http-title       -p22            no
+http-title or http-title       -p22            no
+http-title or +http-title      -p22            no

Also, even supposing that the "or" would retain the force value, what
should happen in cases like this?
        http-title or +http-*
Should http-title be forced in this case? It seems like it would not be,
because "or" will short-circuit before reading "+http-*".

I also tried
        +(default or vuln)
I didn't really expect it to work. This was the output:
        NSE: failed to initialize the script engine:
        [string "rule"]:1: attempt to call a boolean value

I'm starting to think that it shouldn't be allowed to mix + with boolean
operators. In other words, only allow one script name or category name
between commas when a + is present. Otherwise show an error message.
Does this sound possible to implement? Do you have any other ideas?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Script force Martin Holst Swende (Nov 15)
- Re: Script force Vlatko Kosturjak (Nov 15)
  - Re: Script force Martin Holst Swende (Nov 15)
    - Re: Script force Djalal Harouni (Nov 15)
- Re: Script force Djalal Harouni (Nov 15)
  - Re: Script force Martin Holst Swende (Nov 16)
    - Re: Script force Martin Holst Swende (Nov 16)
    - Re: Script force Duarte Silva (Nov 16)
    - Re: Script force Djalal Harouni (Nov 19)
    - Re: Script force Martin Holst Swende (Nov 19)
    - Re: Script force David Fifield (Nov 29)
    - Re: Script force Martin Holst Swende (Nov 30)
    - Re: Script force Fyodor (Nov 30)
    - Re: Script force Djalal Harouni (Dec 01)
    - Re: Script force Martin Holst Swende (Dec 03)
    - Re: Script force Patrick Donnelly (Dec 04)
    - Re: Script force - Named probes Djalal Harouni (Dec 04)
    - Re: Script force - Named probes Martin Holst Swende (Dec 04)
    - Re: Script force - Named probes Djalal Harouni (Dec 04)
    - Re: Script force - Named probes Patrick Donnelly (Dec 15)
    - Re: Script force - Named probes Martin Holst Swende (Dec 16)

(Thread continues...)