Nmap Development mailing list archives
Re: Add script arguments to --script-help
From: Paulino Calderon <paulino () calderonpale com>
Date: Mon, 03 Jun 2013 00:24:20 -0500
On 05/01/2013 01:33 PM, David Fifield wrote:
On Tue, Apr 30, 2013 at 09:01:41PM -0500, Paulino Calderon wrote:I've always thought the --script-help command should give you the script arguments so I don't have to look them up when I don't remember/know the argument variables. For example the current output gives: ./nmap --script-help http-brute Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-04-30 20:51 CDT http-brute Categories: intrusive brute http://nmap.org/nsedoc/scripts/http-brute.html Performs brute force password auditing against http basic authentication. This patch includes the script arguments as follows: http-brute Categories: intrusive brute http://nmap.org/nsedoc/scripts/http-brute.html Performs brute force password auditing against http basic authentication. Script Arguments: http-brute.path points to the path protected by authentication (default: /) http-brute.hostname sets the host header in case of virtual hosting http-brute.method sets the HTTP method to use (default: GET) Feel free to suggest improvements to the code, it's a starting point. I couldn't find the @args tags loaded anywhere else so I grabbed them from the file ( Maybe not the most efficient way? )You might want to take a look at the zenmapCore/ScriptMetadata class that does this job for Zenmap. Zenmap and the NSEDoc pages recursively load arguments from included libraries; you might want to do that. There is a function there called nsedoc_tags_iter in Zenmap that does the right thing for NSEDoc parsing. David Fifield
Hi,I've added the logic to include every NSE library required in the script as well. The new output looks like this:
# ./nmap --script-help http-brute Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-06-02 23:58 CDT http-brute Categories: intrusive brute http://nmap.org/nsedoc/scripts/http-brute.html Performs brute force password auditing against http basic authentication. Script Arguments:http-brute.path points to the path protected by authentication (default: /)
http-brute.hostname sets the host header in case of virtual hosting http-brute.method sets the HTTP method to use (default: GET) brute.useraspass guess the username as password for each user brute.emptypass guess an empty password for each user brute.unique make sure that each password is only guessed once brute.firstonly stop guessing after first password is found brute.passonly iterate over passwords only for services that provide brute.retries the number of times to retry if recoverable failures brute.delay the number of seconds to wait between guesses (default: 0) brute.threads the number of initial worker threads, the number of brute.mode can be user, pass or creds and determines what mode to run brute.credfile a file containing username and password pairs delimited brute.guesses the number of guesses to perform against each account. http.max-cache-size The maximum memory size (in bytes) of the cache. http.useragent The value of the User-Agent header field sent withhttp.pipeline If set, it represents the number of HTTP requests that'll be http.max-pipeline If set, it represents the number of outstanding HTTP requests
The order is the same as they were declared in the script. It also checks if the "require" argument points to a valid NSE library and not a lua library.
Feedback is appreciated, I really think users will benefit from reading script arguments easily.
Cheers.
Attachment:
nse_main.lua
Description:
Attachment:
nse_main.lua.patch
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Add script arguments to --script-help Paulino Calderon (Apr 30)
- Re: Add script arguments to --script-help David Fifield (May 01)
- Re: Add script arguments to --script-help Paulino Calderon (May 01)
- Re: Add script arguments to --script-help Paulino Calderon (Jun 02)
- Re: Add script arguments to --script-help David Fifield (Jun 21)
- Re: Add script arguments to --script-help David Fifield (May 01)