Nmap Development mailing list archives
Deletion of obsolete script files before installation
From: David Fifield <david () bamsoftware com>
Date: Wed, 18 Nov 2009 12:32:45 -0700
Hi all, At the Nsploit presentation at Defcon this year, Ron and Brandon and I noticed that the presenter had a bunch of scripts with old names in the /usr/share/nmap/scripts directory, scripts like HTTPAuth.nse, chargenTest.nse, and MSSQLm.nse, along with the current set of scripts we ship. Some of those old scripts have been removed, but most of them just got new names. This happens if you just keep doing new installations over previous ones. The installation rules don't delete the contents of the scripts directory on the assumption that there may be custom scripts there. Having those old scripts is bad, though, because they will start to be run after the developer does --script-updatedb once. With the pending merge of dependencies for scripts, it also means that there may be a corpus of dependency-ignorant scripts that will all run simultaneously. So instead of deleting the entire directory, I made a list of specific script names that will be deleted before installing new scripts. This reduces the chance that someone's custom script will be deleted. I made the list by installing Nmap 4.76 and comparing its script names with what we have now. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Deletion of obsolete script files before installation David Fifield (Nov 18)
- Re: Deletion of obsolete script files before installation Corey Chandler (Nov 18)
- Re: Deletion of obsolete script files before installation David Fifield (Nov 18)
- Re: Deletion of obsolete script files before installation Tom Sellers (Nov 18)
- Re: Deletion of obsolete script files before installation David Fifield (Nov 18)
- Re: Deletion of obsolete script files before installation Corey Chandler (Nov 18)