Nmap Development mailing list archives
Re: Huawei/H3C Local User enumeration script
From: David Fifield <david () bamsoftware com>
Date: Thu, 25 Oct 2012 11:23:21 -0700
On Thu, Oct 25, 2012 at 10:52:51AM -0700, Kurt Grutzmacher wrote:
I don't see where the script accepts a community string. You say the script needs a read-only or read-write community string; how does the user get one?Like all the other SNMP NSEs the user would need to send it with --script-args snmpcommunity=<community>. I have added a @usage section to help for this. Based on http://nmap.org/nsedoc/lib/snmp.html this argument is accepted by the library and does not need to be configured in NSE scripts.
Is there likely to be a default community string? Or is ti not something worth checking for?
It would probably be better to use structured output than stdnse.format_output for this script. Make your process_answer function return a nice semantic table with labeled fields; then just return it. http://nmap.org/book/nse-api.html#nse-structured-outputSounds good except that how does one make columns in the structured output? I see some discussion but not real resolution. For now I'm just having to slap everything into an element output which makes:
You don't make columns in the structured output. Structured output is a table of name-value pairs. If you need columns, then you additionally return a string with the formatted columns--but we are trying to discourage this kind of output when simple structured output is enough.
output.users[#output.users + 1] = string.format("%s - %s - level: %s", v.value, password, level)
This is exactly what structured output shouldn't return :) Is the first field a user name? Then it should be more like this: local users = stdnse.output_table() for _, v in ipairs( tbl ) do ... users[#users+1] = {username=v.value, password=password, level=level} end return users Think about what would be the optimal structure for a programmer using the username-password table, and your script should construct exactly that structure at some point. You can return this table directly. If you need fancier formatting, then pass the formatted users table into another function that will format the username/password/level triples: output = process_answer(users) return output, format_user_table(output) format_user_table would contain the same string.format code you are doing now. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Huawei/H3C Local User enumeration script Kurt Grutzmacher (Oct 23)
- Re: Huawei/H3C Local User enumeration script David Fifield (Oct 24)
- Re: Huawei/H3C Local User enumeration script Kurt Grutzmacher (Oct 25)
- Re: Huawei/H3C Local User enumeration script David Fifield (Oct 25)
- Re: Huawei/H3C Local User enumeration script Kurt Grutzmacher (Oct 25)
- Re: Huawei/H3C Local User enumeration script David Fifield (Nov 07)
- Re: Huawei/H3C Local User enumeration script Kurt Grutzmacher (Oct 25)
- Re: Huawei/H3C Local User enumeration script David Fifield (Oct 24)