Re: Script selection interface - Requirements.

[David Fifield <david () bamsoftware com>]

On Thu, May 20, 2010 at 12:26:43PM +0530, kirubakaran S wrote:
>   I am posting here updated list of Requirements for Script selection interface
> and the rough idea of interface we are planning to implement.
>
> #1 The whole interface of script selection and argument passing fits
>  in to scripting tab of zenmap.
>
>  #2 The interface must show list of installed scripts in local system.
>
>  #3 The interface must allow the user to enter the specifications for
>  selecting scripts and view the list of scripts.
>
>  #4 The NmapParser class must read and write NSE output
>
>  #5 It must be possible to select scripts from the filesystem that aren't
>  in script.db.
>
>  #6. The interface must be able to parse a script specification from an
>  Nmap command line. It must not require other metadata to be stored in
>  scan_profile.usp.
>
>  #7.The interface mustbe able to construct a command line script
>  specification from the state of the GUI widgets. Combined with the
>  previous requirement, this means there must be two-way translation
>  between the command line and the GUI.
>
>  #8.The interface must be internationalized with gettext _ marking of
>  strings.
>
> Please look in to the attachment for simulation of  interface.
>
> I have designed interface so that satisfies all the requirements. I request
> you all brainstorm for more requirements.

Thanks, this is starting to look really good! I want to add two new
requirements.

#9 The interface must display script metadata (description, author,
   license, categories, sample output) for at least one selected script
   at a time.
#10 The interface must display the script arguments supported by at
   least one selected script at a time, and must allow the user to edit
   their values.

Edit #2 to be more specific: "installed in script.db."

Now, for a first iteration, in other words something that can have a
working prototype within two weeks of the start of the coding period, I
want you to design an interface that *doesn't* satisfy all the
requirements. I want an interface that only does this:

#1 The whole interface of script selection and argument passing fits
   in to scripting tab of zenmap.
#2 The interface must show list of installed scripts in script.db.
#10 The interface must display the script arguments supported by at
   least one selected script at a time, and must allow the user to edit
   their values.

This is already going to be a fair amount of work. You have to solve at
least the following problems:

1. Write a Python parser for script.db.
2. Find a way for Zenmap to extract script arguments.
3. Adapt the profile editor to allow a custom interface for one of the
   tabs (currently it can only construct interfaces from the data in
   profile_editor.xml).

So I want you to maintain two design mockups: one for the final
interface that we will continue adapting, and one for the next
iteration, what you expect you can get done in one or two weeks of
coding.

As for your complete interface, I have a couple of ideas so far. You
should move the "Open" button below the script.db list to convey the
idea that it's an "extension" of the script.db selection. You can give
it a label like "Other file...". In your mockups, you can remove the
"Help" column along the right side to give more room.

I've already asked you to review the NSE Facilitator and see how many of
our requirements it meets. I also want you to review the plugin
selection interface of OpenVAS-Client in the same way. (I want you to
really install OpenVAS-Client and try it.) The reason I'm asking you to
do this is just to get some brainstorming ideas. Other people have been
trying to solve problems similar to ours, and we don't have to start
from scratch.

http://www.openvas.org/openvas-client.html
http://www.openvas.org/compendium/scan-options-plugins.html

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/