[NSE] Feature suggestion (GSoC?)

[Martin Holst Swende <martin () swende se>]

Hi list

As the number of scripts in NSE is steadily increasing, it becomes more
and more difficult to remember what is implemented and how it works. It
would be nice to be able to get a list of available nse-scripts that can
be used against a service or port, description (doc + usage +
argumentes) by doing something like this :

Without actually running a scan .
nmap --script-show -p 8080,27017 -s "mysql", "couchdb"
- Available scripts :
    - 8080 (http-alt)
       - http-enum-foo: Enumerates http methods
           -args: x y
    - 27017 (mongodb):
       - mongodb-stats: Gets information about the database
       - mongodb-tables: Gets tables from the database
    -mysql etc....
 
Or, alternatively, when running a scan: nmap -sV --script-show foo.com.
This feature does not strike me as very difficult: description is
already programmatically accessible and methods to check what scripts
can be run against a specified service or port are already in place. 
Perhaps some mechanism regarding handling of script arguments would have
to be implemented, so the framework can determine what arguments a
scripts uses. That would be a good feature by itself, even without the
feature above: the ability to query a script what parameters are needed
without checking the source.


Comments?
Regards,
Martin Holst Swende
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/