Re: Thoughts on script documentation

[David Fifield <david () bamsoftware com>]

On Thu, Nov 18, 2010 at 07:48:10AM -0600, Ron wrote:
> This makes me think of another feature I've talked about before but
> that nobody's taken the reins on: the ability to update scripts
> without updating Nmap. 
>
> Telling people to "download the svn" to get the newest scripts isn't
> always realistic, especially with Windows users, and stable builds can
> be months apart. Having the ability to download the newer
> nselib/script files in some way would be handy. 

What if Nmap just came with a script that did the equivalent of

rsync -r rsync://nmap.org/scripts/ /usr/share/nmap/scripts/
rsync -r rsync://nmap.org/nselib/ /usr/share/nmap/nselib/

This is pretty much what openvas-nvt-sync does. It also can download a
.tar.bz2 file if rsync isn't installed.

http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-scanner/tools/openvas-nvt-sync.in?rev=8017&root=openvas&view=markup

Maybe rsync would be easy to get to Windows users. This also wouldn't
solve the problem of version dependencies. I would also want there to be
some kind of digital signature verification or something so nobody could
spoof the feed.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/