Nmap Development mailing list archives
Suggestion syntax (was:Script suggestions, take #3)
From: Martin Holst Swende <martin () swende se>
Date: Thu, 09 Feb 2012 10:46:01 +0100
Hi list, Changing the topic, let's ignore the under-the-hood stuff for now. I'd like to get feedback on the proposed syntax for script-suggest. Right now, we have two different versions. 1. --script-suggest <rules> and -sCS working in parallell with and identical to --script <rules> and -sC 2. --script <rules>,$<rules> , where $ (or whatever character we choose) is a flag meaning "use this rule for suggestions", similar to the force-flag. Currently, [1] is implemented (based on discussions in http://seclists.org/nmap-dev/2011/q4/389) and involved quite a lot of changes here and there. [2] is not implemented, but would mean less overall changes in the nmap framework. My personal preference is [1], Patrick leans towards [2]. David, Fyodor, Patrik, Duarte? Some examples and discussions below: On 02/07/2012 10:38 PM, Patrick Donnelly wrote:
Below are some usecases. Let's say we use the $-char for thesuggestions, I'll outline possible syntaxes: #Typical scan with defaults, but show me what more I can do: Current #1: nmap target <ports> -sV -sC -sCS Current #2: nmap target <ports> -sV --script default --script-suggest allI assume Current #1 and #2 are supposed to be equivalent.Flagmode : nmap target <ports> -sV --script default,$allYes, this is what I would expect.From a user syntax PoV, I would prefer keeping them separate. The -sCS or e.g. --script-suggest <rule> can always be appended to any scan syntax very easily. I also suspect that a suggest-flag is even more difficult for a user to understand and use than the force-flag. I can go either way depending on what people think.I don't really agree. I think the prefix is about as accessible and probably more visible. The user will look at the --script documentation and see suggestions are available by prepending a prefix to a rule. [1] http://seclists.org/nmap-dev/2011/q4/426 [Specifically: "o --script is used for choosing which scripts may run. I'm concerned that the purpose will become convoluted because not only is the user now choosing which scripts are allowed to run, the user is also choosing which scripts *will* run. I feel like changing the meaning of --script will only explode with the addition of other useful features into something terribly difficult to manage and, most importantly, difficult to explain to users." ]
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Script suggestions, take #3 Martin Holst Swende (Feb 04)
- Re: Script suggestions, take #3 Patrick Donnelly (Feb 06)
- Re: Script suggestions, take #3 Martin Holst Swende (Feb 07)
- Re: Script suggestions, take #3 Patrick Donnelly (Feb 07)
- Suggestion syntax (was:Script suggestions, take #3) Martin Holst Swende (Feb 09)
- Re: Suggestion syntax (was:Script suggestions, take #3) David Fifield (Mar 14)
- Re: Script suggestions, take #3 Martin Holst Swende (Feb 07)
- Re: Script suggestions, take #3 Patrick Donnelly (Feb 06)