Re: Script force

[Fyodor <fyodor () insecure org>]

On Tue, Dec 13, 2011 at 10:07:29PM +0100, Martin Holst Swende wrote:
> On 12/11/2011 10:40 PM, Djalal Harouni wrote:
>
> I did my best, not really quite at
> home with the formatting options, and I also tried to place the info
> where it seemed appropriate,

Thanks Martin.  I added it in my own way, but using your diff and your
other emails as a very useful source.

> synching with my paperback version, but it seems a bit outdated
> now...

Yeah, we've made so many changes to NSE that it is probably best to
compare with the online version (http://nmap.org/book/nse.html) as
that is kept updated.

> I don't really know how
> to, syntactically, define that a plus sign is optional:

To simplify things, I left '+' off the syntax and also removed the
"all" option.  They are still described in the description though for
advanced users.

I'm glad the feature has made it's way into the repository!  Thanks
for working with us to make so many changes.  There are two issues I'm
curious about now:

o I'm assuming that --force will currently run even against closed and
  filtered ports.  Do you think we should make an exception for those,
  and run the script only if the portrule returns true OR the port is
  open or open|filtered?

o I added a usage example in the chapter based on your description of
  having a list of ms-sql servers, some of which may be on unusual
  ports.  If you think there is a better prime example for this
  capability, let me know.

o I'm assuming this script works for prerules, portrules, hostrules,
  and postrules.  My initial thought is that we ought to leave it like
  that and users should be careful to only force scripts where it
  makes sense.  But if we think it never makes sense to force a
  prerule or postrule script, we could remove that capability.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/