Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New script names

From: David Fifield <david () bamsoftware com>
Date: Tue, 11 Nov 2008 09:18:05 -0700
On Mon, Nov 10, 2008 at 11:58:03PM -0600, Kris Katterjohn wrote:

On 11/10/2008 11:51 PM, David Fifield wrote:

I changed zone-transfer to dns-zone-transfer. I also changed the name of
the table that script takes for a script argument. It was zoneTrans (the
old name of the script; I changed it to dnszonetransfer. Am I right,
there's no way to specify a script argument with dashes in the name? I
get

nmap --script-args 'dns-zone-transfer={domain=foo}'
Error parsing --script-args

QUITTING!


It's apparently possible[1], but a bit clumsier.


Interesting. The script args parser works by transforming the string
with patterns to put quotes around the values, then evaluates it as Lua
code. That means you can do weird things like

        nmap --script-args 'foo=a".."b'

resulting in the table { foo = "ab" }. Or

        nmap --script-args 'pi="..math.pi.."'

resulting in { pi = "3.1415926535898" }. Or

        nmap --script-args='loop="..loadstring("while true do end")().."'

to lock up Nmap.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: