Re: Remove script ids, just use file names?

[jah <jah () zadkiel plus com>]

On 04/11/2008 05:43, David Fifield wrote:
> Hi everyone,
>
> Fyodor had the idea of getting rid of script ids and just identifying
> them by their file name instead. A script id is what is stored in the id
> field in a script. It's also what gets prefixed to each chunk of NSE
> output.
>
> Script ids offer a human-readable identifier for the script, which is
> nice. However user interaction with scripts is done using file
> names--when you want to run a certain script you give its file name on
> the command line. Knowing its id doesn't help, which can be frustrating
> when you want to re-run a single script whose output you see among that
> of other scripts.
>
> The effect of this would be to change
>
> 21/tcp  open   ftp
> |_ Anonymous FTP: FTP: Anonymous login allowed
> 80/tcp  open   http
> |_ HTML title: Foo.
> 110/tcp open   pop3
> |_ POP3 Capabilites:  USER CAPA RESP-CODES UIDL PIPELINING STLS TOP SASL(PLAIN)
>
> to
>
> 21/tcp  open   ftp
> |_ anonFTP: FTP: Anonymous login allowed
> 80/tcp  open   http
> |_ showHTMLTitle: Foo.
> 110/tcp open   pop3
> |_ popcapa:  USER CAPA RESP-CODES UIDL PIPELINING STLS TOP SASL(PLAIN)
>
> Do you see any downsides? If not I'll start working on this tomorrow.
>
> David Fifield
Hi

I have mixed feelings about this.

On the one hand I like the nice descriptive ID's in the output and
they're especially good for generating reports for people who might not
be familiar with nmap or its scripts - POP3 Capabilities makes it clear
what the script output is showing whereas popcapa would be less clear to
such people.  I also like the fact that calling scripts by name can be
made very simple by the use of short script names  e.g. "asn" for AS
Numbers.  As well as making the output less readable, such a change
might also lead to longer script names as script writers try to make the
filenames as descriptive as possible (maybe even leading to filenames
containing spaces - alert("FUD")).

On the other hand I agree that, knowing the script id, calling the
script by name isn't particularly intuitive.  I imagine that this
affects new users of nmap quite often.  They'll run a scan with -sC, see
some nice results and then want to reproduce those results by calling
specific scripts by name - which they'll have to do by looking through
the script sources until they spot the id or, now, consulting the nsedocs.

Some alternative solutions that may be worth considering:

A new option --list-scripts might print out the id, filename, and
possibly the categories and short description of each script - sorted by
script id, so that users could lookup the filename from the id.  This
would be a nice touch, but might get more cumbersome as the number of
scripts increases.  An argument to --list-scripts might be used to
filter scripts by id such that "--list-scripts z" might print (in a nice
tabular fashion not doable in this post):

id     filename     description and categories
zone-transfer     zoneTrans.nse     Requests a zone transfer (AXFR) from
a DNS server. {default, intrusive, discovery}
IRC zombie     ircZombieTest.nse     Checks for an IRC zombie.  {malware}

and --list-scripts html would show scripts with html in the id.
--list-scripts might also recognise script categories and print out only
scripts in the categories selected.  Slightly off-topic, I know, but
could in fact enrich the user experience - and all from the command line.

Another, not mutually exclusive, possibility might be to enable calling
of scripts by their id and would solve the issue without sacrificing the
readability of script output - although it perhaps wouldn't help new
users to learn the script names as the former possibility or the current
proposal might.

Other than these, a less desirable solution might be to print both the
id and the filename in the results.

Regards,

jah

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org