Nmap Development mailing list archives

Re: Output|Input pipe and forcing script run

From: Martin Holst Swende <martin () swende se>
Date: Tue, 30 Nov 2010 21:02:26 +0100

On 11/29/2010 12:02 AM, Martin Holst Swende wrote:

While I was fiddling with nse_main, I added another thing I have been
missing. I often don't really know what scripts are possible to run for
a particular service or port, and I don't always know what they do. So,
I added another script argument: "help". For all the scripts that would
have been run, it instead prints out info about the scripts.


I have updated the script-help a bit. It now formats the output a bit
cleaner.  Attaching nse_main.lua if anyone is interested in testing.

nmap google.com -p80 -sC --script-args help
...

NSE: ------------- Script help -------------
  http-methods.nse
  Categories
      default
      safe
  Description
    Finds out what options are supported by an HTTP server by sending an
    OPTIONS request. Lists potentially risky methods. Optionally tests each
    method individually to see if they are subject to e.g. IP address
    restrictions.
   
    In this script, "potentially risky" methods are anything except GET,
    HEAD, POST, and OPTIONS. If the script reports potentially risky
    methods, they may not all be security risks, but you should check to
    make sure. This page lists the dangers of some common methods:
   
   
http://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_%28OWASP-CM-008%29
   
    The list of supported methods comes from the contents of the Allow and
    Public header fields. In verbose mode, a list of all methods is printed,
    followed by the list of potentially risky methods. Without verbose mode,
    only the potentially risky methods are shown.

NSE: ------------- Script help -------------
  http-vmware-path-vuln.nse
  Categories
      vuln
      safe
      default
  Description
    Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and
Server (CVE-2009-3733).
   
    The vulnerability was originally released by Justin Morehouse and
Tony Flick, who presented at Shmoocon 2010
(http://fyrmassociates.com/tools.html).

NSE: ------------- Script help -------------
  robots.txt.nse
  Categories
      default
      discovery
      safe
  Description
    Checks for disallowed entries in <code>robots.txt</code>.
   
    The higher the verbosity or debug level, the more disallowed entries
are shown.

...

Attachment: nse_main.lua
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: Output|Input pipe and forcing script run Daniel Miller (Oct 01)
- <Possible follow-ups>
- Re: Output|Input pipe and forcing script run David Fifield (Oct 03)
  - Re: Output|Input pipe and forcing script run Martin Holst Swende (Nov 28)
    - Re: Output|Input pipe and forcing script run Martin Holst Swende (Nov 30)