Deletion of obsolete script files before installation

[David Fifield <david () bamsoftware com>]

Hi all,

At the Nsploit presentation at Defcon this year, Ron and Brandon and I
noticed that the presenter had a bunch of scripts with old names in the
/usr/share/nmap/scripts directory, scripts like HTTPAuth.nse,
chargenTest.nse, and MSSQLm.nse, along with the current set of scripts
we ship. Some of those old scripts have been removed, but most of them
just got new names. This happens if you just keep doing new
installations over previous ones. The installation rules don't delete
the contents of the scripts directory on the assumption that there may
be custom scripts there.

Having those old scripts is bad, though, because they will start to be
run after the developer does --script-updatedb once. With the pending
merge of dependencies for scripts, it also means that there may be a
corpus of dependency-ignorant scripts that will all run simultaneously.
So instead of deleting the entire directory, I made a list of specific
script names that will be deleted before installing new scripts. This
reduces the chance that someone's custom script will be deleted. I made
the list by installing Nmap 4.76 and comparing its script names with
what we have now.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/