Nmap Development mailing list archives

Re: [NSE] NTP info gathering script...

From: David Fifield <david () bamsoftware com>
Date: Sat, 12 Dec 2009 01:14:50 -0700

On Tue, Dec 01, 2009 at 06:29:44PM +0100, Richard Sammet wrote:

Well, the next bunch of changes is implemented:
 - some more documentation
 - Added the function get_timeout() which enables the script to
consider the global nmap timing setting (-T*)
 - Changed it to make use of stdnse.format_output instead of fiddling
around with a string
 - Added nmap.set_port_state() - because if the script receives
valuable data, the port should be in state=open ;)


Hi Richard, the script looks good and it is straightforward. I want you
to comment some of the values used in the script:

        string.char(0x16, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00)
        buffer = try(comm.exchange(host, port, request,
                {lines=16, proto=port.protocol, timeout=timeout}))
        buffer = string.sub(buffer, 13)

You need to say where the packet payload, and the numbers 16 and 13 come
from. If possible, provide a link to online documentation of this
packet.

The test to see if a field should be printed can be done faster and
clearer without the findINtable function:

        local wlist = {"version", "processor", "system", "refid", "stratum"}
        for k, v in string.gmatch(buffer, "(%w+)=\"?([^\",]+)\"?") do
                if wlist[k] then
                        table.insert(info, string.format("%s: %s", k, v))
                end
        end

You could include the test against "any" here but I think script args
for this script is overkill. Just include the fields that people are
going to want to see by default. Same with the timeout--just use a good
default.

I will freeze it at this stage until public testing is done. And I
really hope that I considered all the requirements for nse scripts to
be added to the bundle... (are there any detailed nse coding
guidelines available?)


The best are

http://nmap.org/book/nse-tutorial.html
http://nmap.org/book/nsedoc.html

You have a few minor problems in your documentation. You must use
"@usage" instead of "@sample execution". You don't need to write "@param
(void)" when a function takes no arguments--just don't use any @param.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] NTP info gathering script... Richard Sammet (Nov 29)
- Re: [NSE] NTP info gathering script... Matt Selsky (Nov 29)
  - Re: [NSE] NTP info gathering script... Richard Sammet (Nov 30)
    - Re: [NSE] NTP info gathering script... Richard Sammet (Nov 30)
    - Re: [NSE] NTP info gathering script... Matt Selsky (Nov 30)
    - Re: [NSE] NTP info gathering script... Richard Sammet (Dec 01)
    - Re: [NSE] NTP info gathering script... David Fifield (Dec 12)
    - Re: [NSE] NTP info gathering script... Richard Sammet (Dec 12)
    - Re: [NSE] NTP info gathering script... Richard Sammet (Dec 12)
    - Re: [NSE] NTP info gathering script... David Fifield (Dec 12)
    - Re: [NSE] NTP info gathering script... Richard Sammet (Dec 13)
    - Re: [NSE] NTP info gathering script... Richard Sammet (Dec 14)
    - Re: [NSE] NTP info gathering script... David Fifield (Dec 21)
- Re: [NSE] NTP info gathering script... Ron (Dec 21)