Nmap Development mailing list archives
Re: Use of nmap.fetchfile in scripts
From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 25 Apr 2013 16:02:58 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Daniel, everyone, On 04/25/2013 02:50 PM, Daniel Miller wrote:
List, Today on IRC, a user had a problem with dns-brute.nse. The dns-brute.hostlist script-arg would not accept a relative filename like so: `--script-args dns-brute.hostlist=./list.txt` I provided him a small patch (http://pastebin.com/QHMavbKa) that checked for a file at the relative or absolute path after first checking the locations that nmap.fetchfile returns. dns-brute is not the only script that does this. Lots of scripts are using the pattern of passing script-args to nmap.fetchfile, when the function really makes better sense to retrieve a static filename relative to the Nmap search paths. On the other hand, the unpwdb library does what I would expect: If the userdb script-arg is provided, it uses the value literally as a path, otherwise it uses nmap.fetchfile to grab "nselib/data/usernames.lst"
A long time ago I wrote both nmap.fetchfile() and unpwdb, so it's not surprising to me that they behave together as you expect they should. However, I am surprised that apparently so many scripts are using fetchfile() for arbitrary file paths. When I wrote it it was only intended for finding Nmap files (cf. r6637 and r6638)--so it does indeed make better sense to use it for that. I'm too lazy to find the current docs for fetchfile(), but maybe they were rewritten and they are now misleading?
Dan
Cheers, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJReZn+AAoJEEQxgFs5kUfuptoP/0ywh6QmxbDRlXdHFa+J09eF VKdB2ARSDdYkJoda9ypEvot3Cai+oiZCRvV2U3HLef0cNGIbFrVv2e6mLyV5bT/f giqlXLwf/N9HZ+DEfpDtjUlbspKgB8M01+ZGBkafiJTvWtIJHtrw6ehE7x4XoqjJ jFjZULeW07SialOTFG8msymBbIfAz+vwz6EyNesyI/kqqe7mQRCLF5AS4NuhPGvP eZO51cMQaOW7whxgSRTwQ4a69WHpJleqpEyVkqlBE4lJALelv5MhLuOfM2rptkWe iy5KN6Y3sr3W7r4WcqGkk3vNt7jXIgn9S7UX+xk3Xmf4LyRVKbxkhkIfuWLyV315 nMmTbyLolLZHpEVtJM8UnnQYdr77sMiMXQl4QKKDozfEm5isBEgAH0Vthcs3Wxif 22UEP4oONLcinYZjZyuT/UkBw1m27h7nmsy2iXkj8w6+mz85q/aJp8uVvdKfwndv oybplL+ixZFkTBgE+WBCPmwiF2Umj/NPEHn35QwgnJULW2+Gqtq8PecX+oKMnm2G qkdly890Eo4cc9BERTYAfGlecndu3APDvC62tYIAKFPYmZ+okDv1/RmCXk9wfU9K LAxgV+bG8MZUMruo1IXKVLKluGw5Sz/k3hbFT9ZdDV00LaWWpQH6GcmIDup+HS8g 8hDUd+mDG+VyT2AIjNfV =zJ6f -----END PGP SIGNATURE----- _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Use of nmap.fetchfile in scripts Daniel Miller (Apr 25)
- Re: Use of nmap.fetchfile in scripts Kris Katterjohn (Apr 25)
- Re: Use of nmap.fetchfile in scripts Daniel Miller (Apr 26)
- Re: Use of nmap.fetchfile in scripts Kris Katterjohn (Apr 25)