Proposal for adding new option to nmap

[kirubakaran S <kirubakaran1989 () gmail com>]

Hello nmap-dev,
                     I am kirubakaran, Gsoc student working on
developing script selection interface in zenmap.
I propose to add to a new option in nmap which will facilitate the
development of script selection
interface.

Background:
                  When the user wants to run scripts, They can give
script names,categories, directories or
expressions to select the scripts. we will call these as
specifications. for example "default and not safe",
This specification selects all the scripts which are in default
category and not in safe category. Nmap, in
particular NSE, evaluates these specifications and calculates the list
of scrpits to be executed.
Problem:
                In zenmap we require the list of scripts, when a
specification is given by user in interface. For
example, when user types "nmap --script http-*" zenmap has to get list
of scripts whose name start with "http".
The specification can also be complex involving boolean operators like
AND,OR and NOT. Also, the specification
can include entire directory which contains the scripts,path to
specific scripts present in local computer or
categories in which the script belongs.
 Possible solution:
    To copy the logic used in nse_main.lua to zenmap. This will solve
the problem now, but these two logics has to
be maintained same forever.Whenever there is a change in one logic,
maintenance would be difficult.

Proposed solution:
    To include a command line option in nmap,  "--script-list" that
prints the list of scripts that meets the specification criteria.
 Example : when user types in "nmap --script 'http-*' --script-list"
 The output is:
 http-auth
 http-date
 http-enum
 http-favicon
 http-headers
 http-iis-webdav-vuln
 http-malware-host
 http-methods
 http-open-proxy
 http-passwd
 http-php-version
 http-trace
 http-userdir-enum
 http-vmware-path-vuln
       nmap will not expect the host to be specified when this option
is enabled.It prints the list of
scripts that meets the specification criteria and exits nmap
execution.It works just like --script-updatedb
       when command like "nmap --script-list" is executed without
specifying the script option, nmap will
print the list of all scripts installed in system.

Benefits:
           This command will be used by zenmap whenever it wants to
retrieve the list of scripts. when a
specification is given by user in interface, zenmap can invoke nmap in
background and obtain the list
of scripts according to the specification.There will not be any side
effects to current nmap functionality as
it only prints the list of scripts.
          This option can also be used by users or other nmap modules
that wants to get the list of scripts.
Otherwise, The users can only obtain the list of scripts using debug
option -d2, but nmap has to run a scan against
a host.


-- 
cheers
Kirubakaran.S
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/