Re: NSE Questions

[Diman Todorov <diman.todorov () chello at>]

I will try to provide accurate answers.

> I see one can run multiple scrips if the are under the directory
> /nse-scripts/, can I assume it will run scrips under the sub and  
> sub sub
> directories under the /nse-scripts/ directory?
No. Directories are not scanned recursively currently. I have not found
this to be necessary. If there is a good reason to recursively scan
directories, I will go for it. I have been reluctant to add this feature
because the directory scanning code is the only part of NSE which  
requires
extra porting work to work on all nmap capable systems.

> I already see the NSE scripts growing quickly.  Fyodor will you or  
> could
> you provide a separate download zip file of the NSE scripts on a more
> frequent basis then Nmap updates?  Then while an Nmap update is still
> being worked out people could get current set of all offered scripts.
> Of course doing this might mean the directory structure of scrips  
> should
> be changed.  Maybe /nse-scripts/default/  and /nse-scripts/custom/  so
> that when one unzips all current offered scrips it would not over  
> wright
> anything in the /custom/ folder?
If there are no objections (Fyodor?) I would like to individually audit
scripts which are potentially going to be included in the main nmap  
distribution.
I don't see the need for a default/ and custom/ folder but I see your  
point
that it might be good to maintain a pool of scripts separate from the  
main source
tree. I could imagine adding code to nmap which would keep nse- 
scripts/ up to
date in an apt-get manner. Issuing nmap --script-update-repository might
fetch a tar ball from www.insecure.org and set it up for you.
I would keep custom scripts out of the nmap data directory. The -- 
script=<file|dir>
facilities are meant for execution of custom scripts.

> > From my reading it sounds like one could do a standard NMAP scan plus
> all or a set of NSE scripts, is this correct?
> some thing like:
> nmap -sC -v -v -v -A -sV -version-all -O -oX  <some hopefully small IP
> range>
Yep.
but I would write
nmap -sVC -vvv -A -version-all -O -oX <ip range>

> I did not see any mention of XML output. Can the script output along
> with other output be sent to an XML file?
> Are there or should there be standards around tag types and outputs  
> for
> XML consistency?
The nmap xml dtd has been extended with tags used by NSE. The nmap  
xml to
html xsl has been extended so that NSE output is nicely embedded in  
the nmap
html report. Perhaps I should mention this in the docs ;)

> Does the output include a list of what scrips were used in scanning?
Yes. It prints the script id if provided, otherwise the path at which
the script is located. Running with higher verbosity levels will also
tell you which scripts are going to run even if some of them don't
produce output.

> I am confused around the --script-updatedb option.  Can one specify
> --script-updatedb as part of the normal nmap script scan option  
> just in
> case there were new/changed scripts or do you have to update the DB  
> then
> to a scan (2 steps)?  Depending on timing I would think most people
> would like to
> just update the db every time they change things much.
This is also a candidate for better documentation...
You are supposed to run --script-updatedb only if you change the  
category
tags of a scripts or if you add new scripts to nse-scripts. Usually this
only happens at install time.

I hope I was able to help.
cheers
Diman



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org