Re: NSE console script help

[Martin Holst Swende <martin () swende se>]

On 01/18/2011 09:50 AM, Fyodor wrote:
> On Mon, Jan 17, 2011 at 08:49:34PM +0100, Martin Holst Swende wrote:
> > Reposting this which I posted earlier ([1], [2]), perhaps with a bad
> > subject-line, since there was no response.
> Thanks for reposting.  I agree with others that this could be a
> worthwhile feature.  I think using --script-args to implement this
> works great as a proof-of-concept, but I agree with David that it
> probably isn't perfect as a final implementation.  
Yep, agree.

> Maybe there could
> be a new option like --script-help which takes a script specifier
> (i.e. a script name or category or expression--the same arguments as
> --script itself takes).  Then it could print help information for all
> the matching scripts.  Ideally, I think Nmap should do no actual
> scanning when executed this way (e.g. "nmap --script-help default").
I don't really agree there. What you are describing is kind of a
'man-page' system for
scripts and script categories - which, as I see it, is *one* feature of
this new
help-system which should definitely be there - but there is another
feature which is
even more neat, and that is the fact that it by default gives relevant
information only.

Also, I didn't know it myself until I tested it yesterday when David
asked, but it actually already works as
a man-page without doing scans. This works (although I haven't looked up
why):
nmap --script=intrusive --script-args help

If I use: "nmap foobar.com  --script=all --script-args=help", lets say
nmap discovers the
for me totally unknown service "gazonk". Perhaps there is a very
uncommon script which is
a bit intrusive, and not default, written specifically for the gazonk
service.
The chances of me finding that script are small, normally, but since the
command above will
print only[1] the help about that particular script, I will have a
higher chance of finding the right
script for the task.

[1] Actually, it will print help about the broadcast-scripts also, which
don't requrie a certain port or service

To make it even more useful, as I see it, would be if I was able to
say:"nmap foobar.com --script=!default --script-args=help", i.e,
"tell me about the scripts that I have the option to run here, but which
for some reason are not default". Perhaps this can
already be done?

I do like the idea to move it into a separate argument. Something like
nmap --script-help=intrusive (currently: nmap --script=intrusive
--script-args help) <= No scan, print info about "intrusive"-category
nmap foobar.com --script-help=all (currently: nmap foobar.com 
--script=all --script-args=help) <= Scan, print info about
scripts-to-execute in "all"-category


> I also agree that it might be nice for Zenmap to use this standard
> script-help mechanism.  Maybe it could print the information in XML or
> something to the -oX stream.
Definitely. I would prefer to add something to stdnse.format_output
which makes stdnse print it as XML instead. By doing it that way, I
think a lot of other scripts could easily be ported aswell.

> It would probably be good to separate the "--script-args force" part
> into a separate patch, since that is a completely different feature.
Agree.
> I tried to read your new nse_main.lua from the Seclists archive at
> http://seclists.org/nmap-dev/2010/q4/att-567/nse_main_lua.bin.  But I
> was a bit annoyed that Firefox only lets me download the Lua file
> rather than offering the choice of viewing it as text in the browser
> window.  It turns out that there has been a firefox "bug" (enhancement
> request) for this feature for more than 10 years, but it hasn't been
> implemented yet.  The good news is that I found a plugin which let's
> you choose to view unhandled MIME types as text or HTML or an image or
> basically whatever you want.  It seems to be working well for me so
> far:
>
> https://addons.mozilla.org/en-US/firefox/addon/open-in-browser/
>
> Regarding the Script help output, I suppose it might be best to
> comma-separate the categories and list them on one line so instead of
> three lines you have:
>
> Categories: default, safe
Sure
> Also, regarding these two lines:
>
>   NSE: ------------- Script help -------------
>     http-methods.nse
>
> I'll bet you could combine them.  Maybe something like:
>
>   NSE: ------ Script Help: http-methods.nse ------
Yep.
> Cheers,
> Fyodor
Cheers!
/Martin
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/