Nmap Development mailing list archives
Re: NSE console script help
From: Martin Holst Swende <martin () swende se>
Date: Tue, 18 Jan 2011 21:30:52 +0100
On 01/18/2011 08:56 PM, Patrick Donnelly wrote:
On Tue, Jan 18, 2011 at 2:27 PM, Martin Holst Swende <martin () swende se> wrote:To make it even more useful, as I see it, would be if I was able to say:"nmap foobar.com --script=!default --script-args=help", i.e, "tell me about the scripts that I have the option to run here, but which for some reason are not default". Perhaps this can already be done?I want to emphasize (because I think you may be confused) that there are two conditions that a script must satisfy before being able to run against this "foobar.com". First, the script must match the category or filename (or directory) given via the --script option. For you, if you want all the non-default scripts, you can do this using the boolean operators via "not default", or specifically "nmap foobar.com --script 'not default' --script-args=help". Second, the script must actually satisfy the rule against the host[:port].
Yes. My only confusion was why this worked: nmap --script="all" --script-args=help However, I see now that it only print info about *broadcast* scripts in default category. So no generic man-page functionality... :(
In your example, I find a lot of opportunity for confusion. Many scripts have the "option" to run against foobar.com but only those that first match "not default" will be able to. Perhaps what you want is, more formally, "which scripts that are not in the default category would run against this host if I did a real scan". That is quite doable.
That is exactly what I want. nmap localhost -p80 --script="not default" --script-args=help This now gives me information about some scripts that I might have otherwise missed.
However, I don't think this is necessarily something that needs to be in Nmap proper. One of the initial reasons for the rewrite of NSE core was so that a user could in fact change how NSE runs (as you have done in previous work). I like to think we encourage script writers to change NSE to ease debugging work (or even add features). To me, this falls under "debugging" and isn't necessarily needed. There are instances where we have added debugging features that were in high demand (stack traces come to mind). Maybe this is also worthwhile to add as well.
I don't think it is 'debugging', to me it is contextual help. The context being my current scan and the services found. Perhaps I am misunderstanding you. /Martin _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE console script help Martin Holst Swende (Jan 17)
- Re: NSE console script help Arturo 'Buanzo' Busleiman (Jan 17)
- RE: NSE console script help Drazen Popovic (Jan 17)
- Re: NSE console script help David Fifield (Jan 17)
- Re: NSE console script help Martin Holst Swende (Jan 17)
- Re: NSE console script help Fyodor (Jan 18)
- Re: NSE console script help Martin Holst Swende (Jan 18)
- Re: NSE console script help Patrick Donnelly (Jan 18)
- Re: NSE console script help Martin Holst Swende (Jan 18)
- Re: NSE console script help Fyodor (Jan 18)
- Re: NSE console script help Kris Katterjohn (Jan 18)
- Re: NSE console script help Martin Holst Swende (Jan 21)
- Re: NSE console script help Fyodor (Jan 24)
- Re: NSE console script help Martin Holst Swende (Jan 18)
- Re: NSE console script help David Fifield (Jan 26)