Nmap Development mailing list archives
Need a new solution for Zenmap script listing
From: David Fifield <david () bamsoftware com>
Date: Sun, 23 Jan 2011 23:29:42 -0800
Daniel Miller's bug report today (http://seclists.org/nmap-dev/2011/q1/235) reminded me to re-check whether Zenmap's method of getting a list of scripts is side effect–free. Unfortunately, since the advent of our broadcast scripts it's not, and merely opening the profile editor causes a scan of the local network with broadcast-dns-service-discovery, broadcast-dropbox-listener, broadcast-ms-sql-discover, broadcast-upnp-info, broadcast-wsdd-discover, and db2-discover. What Zenmap does is first run "nmap -d2 --script=all" to get a list of all available scripts, by looking for lines like NSE: Loaded '/usr/local/share/nmap/scripts/afp-brute.nse'. NSE: Loaded '/usr/local/share/nmap/scripts/afp-path-vuln.nse'. NSE: Loaded '/usr/local/share/nmap/scripts/afp-serverinfo.nse'. It used to be that providing no targets meant Nmap would not scan anything, but that's not the case now. This same technique is used to get a list of scripts that match a boolean expression; for example if you edit a command with --script="http-* and safe", Zenmap will run "nmap -d2 --script='http-* and safe'" in the background so it can update the list of selected scripts. Obviously if someone enters something like --script="broadcast" it will have the same problem. I think that Martin Swende's idea for --script-help or however it ends up being implemented is the best proposal so far that would make this easy to fix. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Need a new solution for Zenmap script listing David Fifield (Jan 23)
- Re: Need a new solution for Zenmap script listing Patrick Donnelly (Jan 24)