Nmap Development mailing list archives
Re: NSE Questions
From: Diman Todorov <diman.todorov () chello at>
Date: Tue, 5 Sep 2006 17:23:57 +0200
I will try to provide accurate answers.
I see one can run multiple scrips if the are under the directory /nse-scripts/, can I assume it will run scrips under the sub and sub sub directories under the /nse-scripts/ directory?
No. Directories are not scanned recursively currently. I have not found this to be necessary. If there is a good reason to recursively scan directories, I will go for it. I have been reluctant to add this feature because the directory scanning code is the only part of NSE which requires extra porting work to work on all nmap capable systems.
I already see the NSE scripts growing quickly. Fyodor will you or could you provide a separate download zip file of the NSE scripts on a more frequent basis then Nmap updates? Then while an Nmap update is still being worked out people could get current set of all offered scripts. Of course doing this might mean the directory structure of scrips should be changed. Maybe /nse-scripts/default/ and /nse-scripts/custom/ so that when one unzips all current offered scrips it would not over wright anything in the /custom/ folder?
If there are no objections (Fyodor?) I would like to individually audit scripts which are potentially going to be included in the main nmap distribution. I don't see the need for a default/ and custom/ folder but I see your point that it might be good to maintain a pool of scripts separate from the main source tree. I could imagine adding code to nmap which would keep nse- scripts/ up to date in an apt-get manner. Issuing nmap --script-update-repository might fetch a tar ball from www.insecure.org and set it up for you. I would keep custom scripts out of the nmap data directory. The -- script=<file|dir> facilities are meant for execution of custom scripts.
From my reading it sounds like one could do a standard NMAP scan plusall or a set of NSE scripts, is this correct? some thing like: nmap -sC -v -v -v -A -sV -version-all -O -oX <some hopefully small IP range>
Yep. but I would write nmap -sVC -vvv -A -version-all -O -oX <ip range>
I did not see any mention of XML output. Can the script output along with other output be sent to an XML file? Are there or should there be standards around tag types and outputs for XML consistency?
The nmap xml dtd has been extended with tags used by NSE. The nmap xml to html xsl has been extended so that NSE output is nicely embedded in the nmap html report. Perhaps I should mention this in the docs ;)
Does the output include a list of what scrips were used in scanning?
Yes. It prints the script id if provided, otherwise the path at which the script is located. Running with higher verbosity levels will also tell you which scripts are going to run even if some of them don't produce output.
I am confused around the --script-updatedb option. Can one specify --script-updatedb as part of the normal nmap script scan option just in case there were new/changed scripts or do you have to update the DB then to a scan (2 steps)? Depending on timing I would think most people would like to just update the db every time they change things much.
This is also a candidate for better documentation... You are supposed to run --script-updatedb only if you change the category tags of a scripts or if you add new scripts to nse-scripts. Usually this only happens at install time. I hope I was able to help. cheers Diman _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NSE Questions Alan Jones (Aug 19)
- Re: NSE Questions Diman Todorov (Sep 05)