Re: [NSE] Mysql/SQLite for nselib?

[Sven Klemm <sven () c3d2 de>]

Arturo 'Buanzo' Busleiman wrote:
> Sven Klemm wrote:
> > Are you talking about using a database in nse scripts or are you
> > talking about a generic script that logs all scan results in a
> > database? You can use any lua library that provides database access in
> > nse and use their functionality.
>
> I'm talking about adding (say) mysql functions to NSE scripts written in LUA. This would include the
> ability of writing a results-dumper using a promiscuous portrule() function.

You can already do that. You can use common lua libraries inside your 
NSE scripts. I've attached a NSE script that does a "SELECT version()" 
on a PostgreSQL database. My example use luasql 
(http://www.keplerproject.org/luasql/)  but that was just the first 
google hit for lua and sql.

This is the output:

./nmap --script db_test -p22 localhost

Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-22 23:03 CEST
Interesting ports on localhost (127.0.0.1):
PORT   STATE SERVICE
22/tcp open  ssh
|_ DB test: PostgreSQL 8.3.3 on x86_64-pc-linux-gnu, compiled by GCC 
cc (Debian 4.3.1-1) 4.3.1

Nmap done: 1 IP address (1 host up) scanned in 0.02 seconds

You need to have luasql installed for the script to work.

Cheers,
Sven

--
Sven Klemm
http://cthulhu.c3d2.de/~sven/


require 'luasql.postgres'

id = "DB test"
description = "DB test"
author = "Sven Klemm <sven () c3d2 de>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html";
categories = {"default","safe","discovery"}

portrule = function()
  return true
end

action = function(host, port)
  env = assert(luasql.postgres())
  con = assert(env:connect("sven"))
  res = con:execute("SELECT version()")
  row = res:fetch ({}, "a")
  return row['version']
end


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org