Nmap Development mailing list archives

Re: Nmap tty and NSE

From: David Fifield <david () bamsoftware com>
Date: Wed, 24 Dec 2008 11:19:14 -0700

On Wed, Dec 24, 2008 at 03:11:55AM -0700, Patrick Donnelly wrote:

We should probably have a use in mind for it if the unique ID is
included.  For example, some other messages can then print the unique
ID and omit other (longer) information.


Right now NSE does not track information relevant to a script (the
filename for instance). Under some circumstances, such as when a
script thread must end (host timed out), we cannot retrieve this
information easily. Using the thread's pointer as an identifier is the
only solution that won't dramatically increase the code's complexity.


Can we put the script file name in struct run_record? It is currently

        struct run_record {
          short type; // 0 - hostrule; 1 - portrule
          Port* port;
          Target* host;
        };

which already encapsulates all the information we need except for the
file name.

Having to match up a thread ID in a "Finished" line with an ID in an
earlier "Starting" line just to find out the name of the script that
finished is really suboptimal. I don't mean to put down your patch
technically, because it looks very good, and of course I can only speak
for myself about output preferences.

It is probably worth adding the time (since Nmap started) to the
start/finish lines.


That looks like a good idea. Which function should I be using to add
the timing?


I would use o.TimeSinceStartMS() / 1000.0. There are a few examples in
scan_engine.cc.

Perhaps we should prefix with the subsystem and time to match some of
our other messages (particularly our trace lines).  And if the ID is
going to be there, I'd put it at the end. For example:

NSE (0.41s) starting './scripts/html-title.nse' against 95.78.76.91:80 (thread 0x843a6a8).
NSE (0.92s) finished './scripts/http-auth.nse' against 95.78.76.91:80 (thread 0x843a6a8).


Should we add the "NSE" or "SCRIPT_ENGINE" prefix to these lines?


I like "NSE" better. We should just change the SCRIPT_ENGINE define to
use that, and all the NSE messages will be shorter.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: Nmap tty and NSE, (continued)
- - Re: Nmap tty and NSE doug (Dec 22)
    - Re: Nmap tty and NSE David Fifield (Dec 22)
    - Re: Nmap tty and NSE Brandon Enright (Dec 22)
    - Re: Nmap tty and NSE Fyodor (Dec 22)
  - Re: Nmap tty and NSE Patrick Donnelly (Dec 23)
    - Re: Nmap tty and NSE David Fifield (Dec 23)
    - Re: Nmap tty and NSE Patrick Donnelly (Dec 24)
    - Re: Nmap tty and NSE Fyodor (Dec 24)
    - Re: Nmap tty and NSE Patrick Donnelly (Dec 24)
    - Re: Nmap tty and NSE Fyodor (Dec 24)
    - Re: Nmap tty and NSE David Fifield (Dec 24)
    - Re: Nmap tty and NSE David Fifield (Dec 24)