Nmap Development mailing list archives

Re: status report #9 of 15

From: David Fifield <david () bamsoftware com>
Date: Mon, 28 Jun 2010 21:59:42 -0600

On Mon, Jun 28, 2010 at 10:41:09PM +0530, kirubakaran S wrote:

Accomplishments:

** Arguments can be entered values in interface itself. The user can
also edit the argument values supplied later.


This looks very nice! I have found a couple of bugs though.

The first is that script arguments are not revealed to be shared among
scripts in the interface. If I select afp-brute, and enter a value for
the userdb argument, it does not appear under userdb when I later select
db2-brute. Script arguments are global and the interface should reflect
that by updating an argument everywhere when it is changed in one place.

The other bug is that the interface needs to be smart about quoting or
escaping string values. I can enter this string as the value for userdb,
for example:

/home/david/userdb,test=nothing

and the profile editor will construct the command line

nmap --script db2-brute --script-args userdb=/home/david/userdb,test=nothing

This makes it appear as though I have entered a script argument
test=nothing. The command generated should instead be

nmap --script db2-brute --script-args userdb="/home/david/userdb,test=nothing"

This makes me realize that we haven't considered how to let the user set
a script argument whose value is a table. We need to distinguish between
the values {test} (a table) and "{test}" (a string). Do you have ideas
on how to accomplish this? I don't want a solution that relies on
guessing whether a value looks like a string or a table. We might have
another GUI widget to select which interpretation is used, or we could
force the user to quote their strings if necessary and only show an
error when it would lead to an incorrect interpretation, as in the
test=nothing example above.

The documentation for script argument syntax is at
http://nmap.org/book/nse-usage.html#nse-args.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

status report #9 of 15 kirubakaran S (Jun 28)
- Re: status report #9 of 15 David Fifield (Jun 28)
- <Possible follow-ups>
- Status report #9 of 15 ithilgore (Jun 28)
- Status Report #9 of 15 Dražen Popović (Jun 28)
- Status Report #9 of 15 alexandru (Jun 28)
- Status Report #9 of 15 Djalal Harouni (Jun 29)
- Status Report #9 of 15 Luis MartinGarcia. (Jun 29)