Nmap Development mailing list archives
Re: NSE Infrastructure: Eliminate script.db
From: Kris Katterjohn <katterjohn () gmail com>
Date: Mon, 24 Mar 2008 17:59:57 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brandon Enright wrote: | <pure_opinion tone="friendly"> | | Hi Kris, | | I'm actually glad that NSE uses a DB index file rather than dynamically | building the list. The build may seem instantaneous now, but on a busy | file system with lots of scripts the cost of dynamically loading the | list every time Nmap runs could end up being very high. | | A perfect example of this problem is Nessus. If you are running just | one check oftentimes the script enumeration process takes longer than | the scan itself. | | I have a system setup where when someone comes online unregistered, a | very small targetted Nmap and Nessus scan are run against them. At the | start of the school year this can mean thousands of individual | Nmap/Nessus invocations an hour during a time when the disk is | basically pegged. The _only_ way I was able to get Nessus to respond | fast enough was to removal all unused scripts in the directory and | solve all of the script dependencies by hand. I'd hate to have to do | the same with Nmap. | | I know when you profile code you typically focus on repeated routines | rather than startup costs but I'm very glad Nmap uses the DB approach | over beating the filesystem to death every time it starts. | | I think it is quality design decisions like this and good code that | keep people like you and I still interested in developing on Nmap. The | same could not be said for Nessus or many other open source projects | that have trouble getting developers or fighting off the rumblings of | "fork it". | | Brandon | </pure opinion> | Hey Brandon, Thanks for the considerate and detailed response I always associate with you. I imagined the DB was there for the very reason you describe; however, I do like to at least get my opinions out on the list just in case :) I never have more than a few computers on a LAN to play around with, so I never need (and am never able) to do massive scans or tests with Nmap (or anything other tool for that matter). Unfortunately, this hinders my judgement on how things "should" be (though I try never to say anything absolute because I know my experiences are *very* limited compared to power users like you). I've smacked my forehead many times after reading responses to some emails I've sent to lists :) Thanks again, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR+gya/9K37xXYl36AQLLtQ//aCgmy1Uu5RwpWKjp5ClYVuYxF6NtiPY8 FMQZ5rF+guTYxspJoYtHCel+OfPMS9Y9Bcn/bkUjBUSFAIa341cogg7OqEuk5Va8 4mq7mkVRcBaWJ6QwoOH1KLIzfo1KrJJlnOQUKlOru98jBddB/aCCCFrsJ53Ai5lM 8ldv46CMK0pq6zGIEG1FDEliqWkA4Q4DX+VDycTdcqys6DFiQdvm5jSPapN3v/j5 jDMaxi68QaCO2b4rRrfskG5KGmcpH/Uo6ssb+zulIMe6nV/nu5amP8MazQZ5ZVqp Xf1a50dpm94Zhlfjm+y7dLYcDyNuNwSAdrzJVFJVBYZfTRroQimZcBgzvgbB9N0J wyW3KzRqkZ8L2Wsbrcdd3YphKoqiUB0cVFLSjxi4lsy86ppo+oQdmm8lz7a1+Avl yFcS3nUHmnZCSKJNM8wOyEgqRSiBKPuiimzfyOa4Z55RlMvZdZdv3zZKb87XeJS6 wY38vc01SSVDGy19VP3/cKeYq657+BDq5Hvjhxp9ksMUpvhdNH/oszwE/gQihzyA rTG4RG85EOzh8kJOBifr+HmAaojJl0kBD87YVb6a3EIDLIOHL8AIRlsrn5iDyJYW AwJGzcedNjkFAnR/h/0fL0xTlkrlLmQey97Me/xpqQrjXCHY5txDWe+EPAIzByCv KSJMmMPeRFc= =8snH -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NSE Infrastructure: Eliminate script.db Kris Katterjohn (Mar 24)
- Re: NSE Infrastructure: Eliminate script.db Brandon Enright (Mar 24)
- Re: NSE Infrastructure: Eliminate script.db Kris Katterjohn (Mar 24)
- Re: NSE Infrastructure: Eliminate script.db Fyodor (Mar 24)
- Re: NSE Infrastructure: Eliminate script.db Kris Katterjohn (Mar 24)
- Re: NSE Infrastructure: Eliminate script.db Brandon Enright (Mar 24)