Nmap Development mailing list archives
Re: adding info for scripts not abel to run/etc?
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 24 Dec 2015 14:46:33 -0600
Mike, This is an interesting idea. With a little development, I think it could be a useful feature. There are several points at which the script selection changes, which may warrant additional output. First, scripts are loaded based on the combination of -sC, -sV, and --script <expression> that the user passes to Nmap. This is the number that is reported in Nmap's verbose output as "NSE: Loaded 108 scripts for scanning." This is the upper limit of all possible scripts that might run. Next, different scripts run in different phases based on the rule function [1]. So when Nmap outputs "NSE: Script Pre-scanning.", any selected scripts that have a "prerule" will have that rule tested. If a phase is not executed (for instance, if no hosts are up then the script scanning phase for hostrule and portrule scripts will not happen) then some scripts may be bypassed here. One output option would be to print the result of each script's rule function, though that will happen for every open port on every host in the most common case of a portrule script. Usually, if a script's rule fails because of user error (insufficient privileges, missing script-args, etc) then the rule function will print output to the verbose output stream (not a script result). Next, any scripts whose rule function returns true will have their action function called. At debug level 1, Nmap outputs a statement for every script that reaches this phase: "NSE: Starting address-info against scanme.nmap.org (45.33.32.156)." If this function returns nil, there will be no script output. Some scripts choose to return an error string as output at higher verbose levels, but this is non-ideal: mixing results with errors. I think that rather than the engine itself printing info about which scripts run (which it already does to a certain extent) a more useful feature would be some sort of structured error that could be returned when the script determines no useful output can be produced. Dan [1] https://nmap.org/book/nse-tutorial.html#the-rule On Wed, Dec 23, 2015 at 8:56 AM, Mike . <dmciscobgp () hotmail com> wrote:
hello and happy holidays first off! so maybe this is confusing but hear me out. when i run a set of scripts, lets take snmp protocol, for example. if i run "script=snmp* and not brute" , i think that loads 11 scripts. going off memory here. so when i find a target, i run those scripts and i might get 3 back, maybe 4, that ran successfully with output. usually INFO, HH3?, maybe 1 other. my point is, for whatever reason, whether it be a protocol version issue or non-authentication, etc...you get no indication the other scripts were ran, unless you did a packet/script trace (even then the output is raw and you wouldn't understand it) am i missing something i am not aware of as to how we can show what scripts were ran and what were not and a reason why? maybe i am the only one that thinks this should be included and if that is the case, i digress thanks Mike * example: " 11 scripts loaded. 3 ran successfully, 8 did not due to no returned data,etc something like that _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- adding info for scripts not abel to run/etc? Mike . (Dec 23)
- Re: adding info for scripts not abel to run/etc? Daniel Miller (Dec 24)