Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE][patch] Load script-args from a file

From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 21 Sep 2011 11:01:18 -0500
On 06/18/2011 04:42 PM, Fyodor wrote:

On Wed, Jun 15, 2011 at 10:12:02PM -0500, Daniel Miller wrote:

Here's a patch to let users specify a file from which to load
script-args. Example:

$ cat ~/.nmap/myargs
smbdomain=WORKGROUP,
smbpassword=MyPa$$,

$ nmap --script smb-* --script-args file=myargs target.example.com

Simply put, it checks for a script-arg of "file", parses the contents
of the file the same way we currently parse the argument to --script-args,
combines it with any arguments on the command line, then goes about
business as usual. Any arguments on the command line supersede ones in the
file. The file can be an absolute path, or a path relative to Nmap's usual
search path (NMAPDIR, etc.)

Thanks Dan.  That does sound like it might be useful.  It would be
interesting to hear other people's take on this (e.g. who here is
likely to use this)?  From a UI perspective, I think it would be
better to add a separate Nmap option (e.g. --script-args-file) rather
than to make the "file" script argument name be magic.  That would be
consistent with the way we offer both --exclude and --excludefile
rather than providing a syntax to --exclude that causes it to load a
file.

Cheers,
Fyodor


List,
Dredging up an old thread, I've modified the patch to use the --script-args-file syntax. It will take either an absolute file path, or a path relative to Nmap's search path (~/.nmap/:$NMAP_DIR:/usr/whatever/nmap/), and load arguments out of that file just as they would be specified on the command line. The only difference is that arguments may be separated with newlines, not just commas. The example in my initial email now looks like this: 
$ cat ~/.nmap/myargs
smbdomain=WORKGROUP
smbpassword=MyPa$$

$ nmap --script smb-* --script-args-file myargs target.example.com


Dan
P.S. Some of the options are listed twice, once with hyphens, and again with underscores. I thought I understood this was to be more flexible in what was allowed, but I noticed the options parsing often only compares with the hyphenated version. Should we strip some of these out, or does it really not matter?

Attachment: argsfile.patch
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: