Nmap Development mailing list archives
Ncat proposal: new environment variables
From: Jacek Wielemborek <wielemborekj1 () gmail com>
Date: Wed, 10 Jul 2013 16:49:22 +0200
Hi guys, During the development of the coming --lua-extensions Ncat switch, David came up with the idea of transforming some of the functionality that was starting to form. Instead of making it some Lua API that's inaccessible to --sh-exec and --exec scripts, he proposed to add a few environment variables so that not only Lua programs could take advantage of that, but every program ran with the --exec command-line. There are two types of proposed environment variables. First of them is associated to connection parameters - the most obvious of which would be the remote address. The advantage of that would be that the scripts ran by Ncat could know the IP address/domain name of the server they're talking to. For example, a script talking to the HTTP server could alter its "Host: " header according to the target domain - see example: ncat --sh-exec 'echo -e "OPTIONS / HTTP/1.1\r\nHost: $NCAT_HOST\r\n\r\n" ; cat /dev/stdin > /dev/stderr' insecure.org 80 In the listen mode, NCAT_HOST could be set to the incoming connection's address. There could be probably more stuff a script could be interested in though - for example, whether it's running over SSL or not. For example, a tiny web server could use this information while generating links to decide whether the URL's should start with "http" or "https". The second group of the environment variables I'd like to suggest would be currently made of file descriptors to two special Ncat streams - ncatin and ncatout. ncatin is basically Ncat's standard input and ncatout's for stdout. This would allow your scripts to not only control the connection, but also the terminal. I believe it would be especially useful when used in a pipe of chains, for example like this: some_command | ncat --sh-exec "some-wrapper" example.com > output.txt The some_wrapper could for example implement the websocket protocol - one of the jobs that was originally meant for Ncat Lua scripts. So, what do you think of these environment variables? Would you use them? Yours, Jacek Wielemborek _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Ncat proposal: new environment variables Jacek Wielemborek (Jul 10)
- Re: Ncat proposal: new environment variables Jacek Wielemborek (Jul 19)
- Re: Ncat proposal: new environment variables David Fifield (Jul 23)
- Re: Ncat proposal: new environment variables Jacek Wielemborek (Jul 19)