Nmap Development mailing list archives
Re: Script selection - Gsoc
From: David Fifield <david () bamsoftware com>
Date: Fri, 2 Apr 2010 16:52:37 -0600
On Thu, Apr 01, 2010 at 09:03:25PM +0200, Martin Holst Swende wrote:
I thought a bit more about argument handling, and instead of just throwing ideas around, I implemented something a bit more concrete to show what I mean. I picked a script which uses arguments, it happened to be dns-zonetransfer.nse. To that script, I added the function : script_args = function() return {name="dnszonetransfer.domain", desc="Domain to transfer"}, {name="domain", desc="Fallback domain to transfer if dnszonetransfer.domain is not set"} end And modified the action function by basically just removing a call to nmap.registry as thus : action_ = function(host, port, args) local soc, status, data local catch = function() soc:close() end local try = nmap.new_try(catch) local domain = nil if args.dnszonetransfer and args.dnszonetransfer.domain then domain = args.dnszonetransfer.domain elseif args['dnszonetransfer.domain'] then domain = args['dnszonetransfer.domain'] ... As you can see, the action is now called action_ . This is because I did not want to dive into nse_main.lua, but instead simulated the framework by wrapping the original action in another function (which is called action). So, something like this could be used by the framework to both determine what arguments are used and provide help to the end-user about them: From my view, it seems like a great benefit to have info about arguments as lua-code instead of relying on parsing tags from a bunch of files. The only drawback as I see it is that all scripts with comments need to be modified - but probably only very minor, but please correct me if I am wrong. Comments?
Making script arguments defined by code not comments--as we do for description and categories--is a sensible design decision. There would have to be a way to get arguments from included libraries too. I don't like adding an extra parameter to action; isn't the pretty much the same as nmap.registry.args? Also it puts args at a different parameter index for portrule and hostrule scripts, which is a little awkward but maybe it doesn't bother people. But the overall idea is something I can support. --script-updatedb could then put args in script.db and Zenmap could parse it. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Script selection - Gsoc Ron (Apr 01)
- <Possible follow-ups>
- Re: Script selection - Gsoc David Fifield (Apr 01)
- Re: Script selection - Gsoc Martin Holst Swende (Apr 01)
- Re: Script selection - Gsoc David Fifield (Apr 02)
- Re: Script selection - Gsoc Martin Holst Swende (Apr 03)
- Re: Script selection - Gsoc David Fifield (Apr 02)
- Script selection - Gsoc kirubakaran S (Apr 01)
- Re: Script selection - Gsoc David Fifield (Apr 02)
- Re: Script selection - Gsoc kirubakaran S (Apr 03)
- Re: Script selection - Gsoc David Fifield (Apr 02)