Re: [NSE] Script Arguments with Environment Variables

[Fyodor <fyodor () insecure org>]

On Thu, Jun 03, 2010 at 08:57:06AM -0400, Patrick Donnelly wrote:
> Hi nmap-dev,
>
> > From a conversation in #nmap (on Freenode), a user decided to manually
> change the user agent in the NSE http library so he wouldn't have to
> add a script argument for every nmap invocation. I was thinking it
> would be useful to have an environment variable (maybe
> NMAP_SCRIPTARGS) that the user could set in their startup scripts so
> changing the libraries/scripts is no longer necessary. What do you all
> think?

Interesting idea.  While it is true that Nmap takes this approach in
some cases (like the NMAP_DATADIR environmental variable which can be
used instead of --datadir), I feel that this is an issue that calls
for a universal approach rather than having separate variables for
each Nmap option.

If someone is changing their shell startup files anyway, maybe they
can just alias nmap to "nmap --script-args whatever" rather than set
an environmental variable.  That has the advantage of working with
other options too.  Like maybe they always want -v and -T4 in their
scans, or a certain -S option on a machine with many IP aliases.  And
most shells provide an easy way to turn off the alias expansion for
one execution (for example you can specify the full path name of
Nmap).

I'm not sure if multiple --script-args can be given on the Nmap
command line and be merged together, but that would make the alias
approach easier to use.

If people don't like the aliases approach, we could consider
alternatives using environmental variables or a .nmaprc file or
something else.  I'm open to ideas.  But I do think it would be best
if they are universal rather than just supporting a single Nmap
option.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/