Nmap Development mailing list archives

Re: New script names

From: "sara fink" <sara.fink () gmail com>
Date: Wed, 12 Nov 2008 15:20:38 +0200

I'd like to propose a  feature request about which nse script to choose in
the command line. Is it complicated to make tab completion?

There is a similar script in gentoo which helps in less typing commands.
example emerge moz will tab complete to mozilla-firefox.

The name of the script there is gentoo-bashcomp. If there is interest, I can
post here the source.

Thanks in advance
Sara

On Tue, Nov 11, 2008 at 10:48 PM, Patrick Donnelly <
batrick.donnelly () gmail com> wrote:

On Tue, Nov 11, 2008 at 9:18 AM, David Fifield <david () bamsoftware com>
wrote:

On Mon, Nov 10, 2008 at 11:58:03PM -0600, Kris Katterjohn wrote:

On 11/10/2008 11:51 PM, David Fifield wrote:

I changed zone-transfer to dns-zone-transfer. I also changed the name

of

the table that script takes for a script argument. It was zoneTrans

(the

old name of the script; I changed it to dnszonetransfer. Am I right,
there's no way to specify a script argument with dashes in the name? I
get

nmap --script-args 'dns-zone-transfer={domain=foo}'
Error parsing --script-args

QUITTING!


It's apparently possible[1], but a bit clumsier.


Interesting. The script args parser works by transforming the string
with patterns to put quotes around the values, then evaluates it as Lua
code. That means you can do weird things like

       nmap --script-args 'foo=a".."b'

resulting in the table { foo = "ab" }. Or

       nmap --script-args 'pi="..math.pi.."'

resulting in { pi = "3.1415926535898" }. Or

       nmap --script-args='loop="..loadstring("while true do end")().."'

to lock up Nmap.

David Fifield


There are a large variety of ways to lock up NSE. The script args can
be made to not lock up the system by not exposing most C functions and
setting a debug hook, if this is a problem which I don't think it is.

Cheers,

--
-Patrick Donnelly

"One of the lessons of history is that nothing is often a good thing
to do and always a clever thing to say."

-Will Durant

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

New script names David Fifield (Nov 05)
- Re: New script names Vlatko Kosturjak (Nov 06)
- Re: New script names Rob Nicholls (Nov 06)
  - Re: New script names Kris Katterjohn (Nov 06)
    - Re: New script names David Fifield (Nov 06)
    - Re: New script names Kris Katterjohn (Nov 06)
    - Re: New script names David Fifield (Nov 10)
    - Re: New script names Kris Katterjohn (Nov 10)
    - Re: New script names David Fifield (Nov 11)
    - Re: New script names Patrick Donnelly (Nov 11)
    - Re: New script names sara fink (Nov 12)
    - Re: New script names Ron (Nov 12)
    - Re: New script names David Fifield (Nov 12)
    - Re: New script names Ron (Nov 12)
    - Re: New script names Richard Moore (Nov 12)
    - Re: New script names Arturo 'Buanzo' Busleiman (Nov 12)
    - Re: New script names sara fink (Nov 12)
    - Re: New script names Patrick Donnelly (Nov 12)
    - Re: New script names sara fink (Nov 12)
- Re: New script names Fyodor (Nov 06)
  - Re: New script names Dirk Loss (Nov 06)

(Thread continues...)