Re: [Patch] Intensity for NSE version scripts

[Patrick Donnelly <batrick () batbytes com>]

Hi Jay

On Wed, Jul 16, 2014 at 8:08 AM, Jay Bosamiya <jaybosamiya () gmail com> wrote:

> I've been working on how to make NSE version scripts obey intensity
> (i.e. similar to --version-intensity used for normal Nmap service probes).
> Note: If the user specifies "script-intensity" in --script-args then
> that is used as intensity; otherwise, the value of --version-intensity
> is used.
>
> I've come up with 2 methods for this:
>
> Method 1: Using optional argument to shortport.version_port_or_service()
> The optional rarity variable defaults to 7 if unspecified. The script
> doesn't run when intensity < rarity.
>
> Method 2: Using rarity field
> This method involves adding a field (like author, license, dependencies
> etc.) to version scripts. This rarity field is an optional field that
> defaults to 7 if not specified. It does not let the script run if
> intensity < rarity.

Another way to look at this is version-intensity is a type of script
selection where categories are appropriate. You could add a helper
function which adds "versionN" to the script's categories table
depending on the version script's intensity. Then the internal version
system would select the appropriate intensities  rather than just
"version" (although it should still select "version" for
compatibility). e.g.:

-sV --version-intensity 3

will cause the version engine to select: "version0,version1,version2,version3"

This has the benefit that we don't bother testing scripts which will
never run; since version intensity is statically set at startup, it
can't change during Nmap's execution.

That's just one other possibility. Of the two you gave, I like method
1 the best.

-- 
Patrick Donnelly
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/