Nmap Development mailing list archives

Re: Zenmap: bug parsing --script?

From: David Fifield <david () bamsoftware com>
Date: Mon, 26 Jul 2010 12:14:52 -0600

On Sat, Jul 24, 2010 at 01:51:03PM -0600, David Fifield wrote:

On Fri, Jul 23, 2010 at 01:35:08PM -0500, Ron wrote:

Hey,

I'm preparing canned demos for my Blackhat slot, and I noticed something odd in Zenmap. If I enter the command:

nmap -p 21 -T4 -d -n --script "ftp* and not *brute*" 192.168.102.*

Then save/restart zenmap, I end up with:

nmap -p 21 -T4 -d -n --script "ftp* 192.168.102.*

Which doesn't work. In fact, even in the editor when I'm editing the --scripts textbox, as soon as I deselect the 
box (and it updates the command) it removes everything after the space. 

Is this a known bug? (I haven't used Zenmap all that much, to be honest).


Yes, this is a bug. I'm surprised no one has noticed it before now. The
command entry is just breaking words on whitespace to pass them to exec.
(In other words, it doesn't just pass the line to a shell; you can't
type "nmap localhost && rm -rf /".)

You can see what's going on while you're editing the command live. If
you enter the command

nmap --script "ftp* and not *brute*"

you will see the "Target" box automatically populated with the three
targets

and not *brute*"

What you're describing, with the 'and not *brute*"' part being removed,
doesn't happen to me. If I save a profile and restore it, it's all
there. You might check in ~/.zenmap/scan_profile.usp to see how it's
being stored. I have

[aaa]
command = nmap --script "ftp* and not *brute*" 192.168.0.1
description =

I don't think this will be too hard to fix. I think the place to do it
is NmapOptions.parse_string, which is just

    def parse_string(self, opt_string):
        self.parse(opt_string.split())

However there may be parts of the code that pre-split the string and
then pass it to NmapOptions.parse, which is how I envisioned NmapOptions
being used. But there are probably only a couple-three places where this
happens so it won't be too hard to track them down.


Please try r19281 and see if it works for you. This allows single- and
double-quoting of strings.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Zenmap: bug parsing --script? Ron (Jul 23)
- Re: Zenmap: bug parsing --script? David Fifield (Jul 24)
  - Re: Zenmap: bug parsing --script? David Fifield (Jul 26)
    - Re: Zenmap: bug parsing --script? David Fifield (Jul 27)