Nmap Development mailing list archives
Re: [NSE] New class of scripts -- New Rule proposal
From: Ron <ron () skullsecurity net>
Date: Fri, 25 Jun 2010 08:47:53 -0500
On Thu, 24 Jun 2010 14:04:00 -0700 Fyodor <fyodor () insecure org> wrote:
Note that this "Nmap will scan all the newly discovered subdomains and hostnames" part is a big change for Nmap proper. Still, I think it is worth doing and is better than forcing people to run the script once to get the targets and then again to specify those targets. The DNS zone transfer script example you gave is a good one.
I agree. I can see other cases, too, where a run-once-per-scan tool would be helpful, even if it doesn't feed ip addresses back into Nmap.
This will be a nice feature for Ron's California Vanity License plate script too (http://www.skullsecurity.org/blog/?p=723) :). I always feel silly having to specify a target host when I run that, even though it is ignored.
Great use case!
o The scripts will run when the new --script-netscan Nmap option is specified and when the netrule function evaluates to true, like the version scan scripts which depend on the -sV option.Why not specify the scripts using --script like the host and port scripts? I don't see any need to have a separate option for this. I think the "default" category of these scripts (if we have any) should run by default just like default host and port scripts too. And I think we should use the normal --script-args option for their arguments.We can also have different new scripts which can run multiple times: o Before any scanning. o Before hostgroup NSE scan. o After hostgroup NSE scan. o After scanning all hostgroups.I think we should only have phases where we can demonstrate an important script which requires them (e.g. a use case). In particular, what scripts do you have in mind for "Before hostgroup NSE scan" and "After hostgroup NSE scan" scripts?
It seems to me that anything that could potentially be an "after hostgroup" could be controlled with a script dependency. That would take a little more effort, though.
Net table: ---------- Information passed to the new net scripts is in the net lua table.If this information is unavailable in other ways, we should probably make it available to host/port scripts too in case they need it. Cheers, Fyodor
I've brought up a very similar idea a couple times, and I think it's a promising one. I'd really divide it into two concepts: 1. There should be a way for scripts to feed ip addresses back to Nmap (zone transfer on 53, dhcp broadcast, zeroconf, ntp-netmon, etc) 2. There should be a class of scripts that run once-per-scan (or once-per-hostgroup even?), and don't necessarily require any targets. I think we have enough use cases for both to justify further discussion/implementation. -- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86
Attachment:
_bin
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] New class of scripts -- New Rule proposal Djalal Harouni (Jun 24)
- Re: [NSE] New class of scripts -- New Rule proposal Fyodor (Jun 24)
- Re: [NSE] New class of scripts -- New Rule proposal Ron (Jun 25)
- Re: [NSE] New class of scripts -- New Rule proposal Djalal Harouni (Jun 26)
- Re: [NSE] New class of scripts -- New Rule proposal Djalal Harouni (Jun 26)
- Re: [NSE] New class of scripts -- New Rule proposal Ron (Jun 25)
- Re: [NSE] New class of scripts -- New Rule proposal Daniel Miller (Jun 25)
- Re: [NSE] New class of scripts -- New Rule proposal Djalal Harouni (Jun 26)
- Re: [NSE] New class of scripts -- New Rule proposal Fyodor (Jun 28)
- Re: [NSE] New class of scripts -- New Rule proposal DePriest, Jason R. (Jun 29)
- Re: [NSE] New class of scripts -- New Net Rules proposal Djalal Harouni (Jun 26)
- Re: [NSE] New class of scripts -- New Net Rules proposal Patrick Donnelly (Jun 26)
- Re: [NSE] New class of scripts -- New Net Rules proposal Fyodor (Jun 28)
- Re: [NSE] New class of scripts -- New Rule proposal Fyodor (Jun 24)