Re: nmap command line to execute the nse script only

[Vlatko Kosturjak <kost () linux hr>]

David Fifield wrote:
> On Fri, Aug 29, 2008 at 12:26:45AM +0200, Vlatko Kosturjak wrote:
> > I'm just reading book chapter about NSE:
> > http://nmap.org/book/nse.html
> > I'm looking for a command line to execute the script only and exit.
> > I did not find anything except this:
> > nmap -sP --script script.nse ip
> You could perhaps just scan the few ports you care about:
> nmap --script=anonFTP -p ftp ip
> Look at the portrule of each script to find out what ports it looks at.

That solution implies that we should write for each script which ports
should be open and user couldn't execute the script which he finds on
the net, just the "supported" ones... or he should find out himself the
ports... :(

Also, if during first phase of port scanning, openvas discovers ftp on
some other port than 21, script would not be executed :(
Alternative is that full blown port scan is runned and then single
script executed (in this case anonFTP) which would be slow.

I think it would be good for nmap users also, in case of anonftp they
can check if anonymous ftp is installed on farm of servers very fast
(for audit purposes - for example) or nse writers can check their script
execution when port is open or some other condition is fullfilled.

Kost

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org