Nmap Development mailing list archives
Re: Add script arguments to --script-help
From: David Fifield <david () bamsoftware com>
Date: Fri, 21 Jun 2013 16:24:27 -0700
On Mon, Jun 03, 2013 at 12:24:20AM -0500, Paulino Calderon wrote:
I've added the logic to include every NSE library required in the script as well. The new output looks like this: # ./nmap --script-help http-brute Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-06-02 23:58 CDT http-brute Categories: intrusive brute http://nmap.org/nsedoc/scripts/http-brute.html Performs brute force password auditing against http basic authentication. Script Arguments: http-brute.path points to the path protected by authentication (default: /) http-brute.hostname sets the host header in case of virtual hosting http-brute.method sets the HTTP method to use (default: GET) brute.useraspass guess the username as password for each user brute.emptypass guess an empty password for each user brute.unique make sure that each password is only guessed once ...
The idea and sample output look pretty good. But we need to do better NSEDoc parsing. Currently you're only getting the first line of each @arg description. I'm afraid that the parser won't closely match what Zenmap and the online docs do. The very inner part of the argument parser is just returning a line of text, and it's hard to do anything flexible with that. It doesn't look good that the parsing code is repeated in two places, once for scripts and once for libraries; i.e. there's no reason for this line to appear twice:
+ if string.find(line, "@args") or string.find(line, "@arg") then + if string.find(line, "@args") or string.find(line, "@arg") then
It looks wrong to have script.args be an array of preformatted text blobs like the following. It would be much better to have an array of {name=..., desc=...} tables, and use a loop to print them out. Don't call format_arg_tag until you are about to print them out.
+ if #script.args>1 then + log_write_raw("stdout", format("Script Arguments: \n %s\n", concat(script.args, "\n "))); + end
You need to look at .luadoc files in addition to .lua files. I urge you to look at how Zenmap does this. Particularly nsedoc_tags_iter, which loops over lines and yields (name, desc) pairs. It is called by ScriptMetadata.get_script_args_from_file. There is another wrapper ScriptMetadata.get_arguments that follows library dependencies. https://svn.nmap.org/nmap/zenmap/zenmapCore/ScriptMetadata.py Can you comment on these changes:
@@ -786,9 +840,9 @@ elseif t == "directory" then for f in lfs.dir(path) do local file = path .."/".. f - if find(file, "%.nse$") and not files_loaded[file] then + if find(f, "%.nse$") and not files_loaded[file] then script_params.selection = "directory"; - local script = Script.new(file, script_params); + local script = Script.new(path, script_params); chosen_scripts[#chosen_scripts+1] = script; files_loaded[file] = true; end
David Fifield _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Add script arguments to --script-help Paulino Calderon (Apr 30)
- Re: Add script arguments to --script-help David Fifield (May 01)
- Re: Add script arguments to --script-help Paulino Calderon (May 01)
- Re: Add script arguments to --script-help Paulino Calderon (Jun 02)
- Re: Add script arguments to --script-help David Fifield (Jun 21)
- Re: Add script arguments to --script-help David Fifield (May 01)