Re: Use of nmap.fetchfile in scripts

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Daniel, everyone,

On 04/25/2013 02:50 PM, Daniel Miller wrote:
> List,
>
> Today on IRC, a user had a problem with dns-brute.nse. The
> dns-brute.hostlist script-arg would not accept a relative filename like
> so: `--script-args dns-brute.hostlist=./list.txt` I provided him a small
> patch (http://pastebin.com/QHMavbKa) that checked for a file at the
> relative or absolute path after first checking the locations that
> nmap.fetchfile returns.
>
> dns-brute is not the only script that does this. Lots of scripts are
> using the pattern of passing script-args to nmap.fetchfile, when the
> function really makes better sense to retrieve a static filename relative
> to the Nmap search paths. On the other hand, the unpwdb library does what
> I would expect: If the userdb script-arg is provided, it uses the value
> literally as a path, otherwise it uses nmap.fetchfile to grab
> "nselib/data/usernames.lst"

A long time ago I wrote both nmap.fetchfile() and unpwdb, so it's not
surprising to me that they behave together as you expect they should.

However, I am surprised that apparently so many scripts are using
fetchfile() for arbitrary file paths.  When I wrote it it was only intended
for finding Nmap files (cf. r6637 and r6638)--so it does indeed make better
sense to use it for that.

I'm too lazy to find the current docs for fetchfile(), but maybe they were
rewritten and they are now misleading?

> Dan

Cheers,
Kris Katterjohn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJReZn+AAoJEEQxgFs5kUfuptoP/0ywh6QmxbDRlXdHFa+J09eF
VKdB2ARSDdYkJoda9ypEvot3Cai+oiZCRvV2U3HLef0cNGIbFrVv2e6mLyV5bT/f
giqlXLwf/N9HZ+DEfpDtjUlbspKgB8M01+ZGBkafiJTvWtIJHtrw6ehE7x4XoqjJ
jFjZULeW07SialOTFG8msymBbIfAz+vwz6EyNesyI/kqqe7mQRCLF5AS4NuhPGvP
eZO51cMQaOW7whxgSRTwQ4a69WHpJleqpEyVkqlBE4lJALelv5MhLuOfM2rptkWe
iy5KN6Y3sr3W7r4WcqGkk3vNt7jXIgn9S7UX+xk3Xmf4LyRVKbxkhkIfuWLyV315
nMmTbyLolLZHpEVtJM8UnnQYdr77sMiMXQl4QKKDozfEm5isBEgAH0Vthcs3Wxif
22UEP4oONLcinYZjZyuT/UkBw1m27h7nmsy2iXkj8w6+mz85q/aJp8uVvdKfwndv
oybplL+ixZFkTBgE+WBCPmwiF2Umj/NPEHn35QwgnJULW2+Gqtq8PecX+oKMnm2G
qkdly890Eo4cc9BERTYAfGlecndu3APDvC62tYIAKFPYmZ+okDv1/RmCXk9wfU9K
LAxgV+bG8MZUMruo1IXKVLKluGw5Sz/k3hbFT9ZdDV00LaWWpQH6GcmIDup+HS8g
8hDUd+mDG+VyT2AIjNfV
=zJ6f
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/