Nmap Development mailing list archives

Re: Requirements for script selection interface in zenmap

From: David Fifield <david () bamsoftware com>
Date: Tue, 18 May 2010 13:13:49 -0600

On Mon, May 17, 2010 at 03:15:08PM +0530, kirubakaran S wrote:

               I have added use case and Requirements in my project proposal.
http://docs.google.com/View?id=dwn8dz7_25cfgrnphn

The Requirements are

#1 The whole interface of script selection and argument passing fits
in to scripting tab of zenmap.

#2 The interface must show list of installed scripts in local system.

#3 The interface must allow the user to enter the specifications for
selecting scripts and view the list of scripts.

#4 The NmapParser class must read and write NSE output

#5 The interface should allow installation of scripts from external source.

#6 The interface should also provide uninstall facility of scripts.

#7 The argument name for selected scripts should be extracted and displayed.


These requirements are looking good. I would remove #5 and #6, because
they are not really requirements of this project, even though they would
be nice to have and we can add them if there's time. For this, we will
have to decide what it means to "install" a script. (Copy it to
/usr/share/nmap/scripts or equivalent? What if the user is
unprivileged?) The same with "uninstall"; does that mean to delete the
script file? What if other users on the machine are using it?

In place of #5 and #6, I would add

* It must be possible to select scripts from the filesystem that aren't
  in script.db.

Here are some more I want you to add:

* The interface must be able to parse a script specification from an
  Nmap command line. It must not require other metadata to be stored in
  scan_profile.usp.

* The interface mustbe able to construct a command line script
  specification from the state of the GUI widgets. Combined with the
  previous requirement, this means there must be two-way translation
  between the command line and the GUI.

* The interface must be internationalized with gettext _ marking of
  strings.

Regarding the first two items: They are inspired by problems we used to
have in the Zenmap command line. We had this bad situation where Zenmap
could transform GUI widgets into a command line, but it couldn't parse a
command line to set the state of the widgets. You had to do all your
command line editing, start to finish, in the profile editor, or you
couldn't use the profile editor at all. This was fixed last summer but
you might take some inspriration from the requirements I wrote at
http://www.bamsoftware.com/wiki/Nmap/ZenmapCommandLine.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Requirements for script selection interface in zenmap kirubakaran S (May 17)
- Re: Requirements for script selection interface in zenmap David Fifield (May 18)