mirror of
https://github.com/nmap/nmap.git
synced 2025-12-16 12:49:02 +00:00
Rewrite the section on different script rules.
This commit is contained in:
david
@@ -234,7 +234,7 @@ Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds
|
|||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Script scanning phase is normally done in combination with a port scan,
|
Script scanning is normally done in combination with a port scan,
|
||||||
because scripts may be run or not run depending on the port states
|
because scripts may be run or not run depending on the port states
|
||||||
found by the scan. With the <option>-sn</option> option it is
|
found by the scan. With the <option>-sn</option> option it is
|
||||||
possible to run a script scan without a port scan, only host
|
possible to run a script scan without a port scan, only host
|
||||||
@@ -925,7 +925,7 @@ local username = nmap.registry.args.user
|
|||||||
|
|
||||||
<sect1 id="nse-script-format">
|
<sect1 id="nse-script-format">
|
||||||
<title>Script Format</title>
|
<title>Script Format</title>
|
||||||
<para>NSE scripts consist of a handful of descriptive fields, a <literal>rule</literal> defining when the script should be executed, and an <literal>action</literal> function containing the actual script instructions. Values can be assigned to the descriptive fields just as you would assign any other Lua variables. Their names must be lowercase as shown in this section.</para>
|
<para>NSE scripts consist of a handful of descriptive fields, a rule defining when the script should be executed, and an <literal>action</literal> function containing the actual script instructions. Values can be assigned to the descriptive fields just as you would assign any other Lua variables. Their names must be lowercase as shown in this section.</para>
|
||||||
|
|
||||||
<sect2 id="nse-format-description">
|
<sect2 id="nse-format-description">
|
||||||
<title><literal>description</literal> Field</title>
|
<title><literal>description</literal> Field</title>
|
||||||
@@ -1037,32 +1037,53 @@ NSE: Script Scanning completed.
|
|||||||
<indexterm><primary sortas="postrule script variable">“<varname>postrule</varname>” script variable</primary></indexterm>
|
<indexterm><primary sortas="postrule script variable">“<varname>postrule</varname>” script variable</primary></indexterm>
|
||||||
<indexterm><primary>rules in NSE</primary><see>“<varname>prerule</varname>”, “<varname>portrule</varname>”, “<varname>hostrule</varname>” and “<varname>postrule</varname>”</see></indexterm>
|
<indexterm><primary>rules in NSE</primary><see>“<varname>prerule</varname>”, “<varname>portrule</varname>”, “<varname>hostrule</varname>” and “<varname>postrule</varname>”</see></indexterm>
|
||||||
<para>
|
<para>
|
||||||
|
Nmap uses the script rules to determine whether a script should be
|
||||||
Nmap uses the script rules to determine whether a script should be run
|
run against a target. A rule is a Lua function that returns either
|
||||||
against a target. A script contains either a <literal>prerule</literal>
|
<literal>true</literal> or <literal>false</literal>. The script
|
||||||
function, which lets the script to be run during the Script Pre-scanning
|
<literal>action</literal> function is only performed if the rule
|
||||||
phase, or a <literal>portrule</literal> function, which governs which
|
evaluates to <literal>true</literal>.
|
||||||
ports of a target the scripts may run against, or a
|
</para>
|
||||||
<literal>hostrule</literal> function, which specifies that the script
|
<para>
|
||||||
should be run only once against a target IP and only if
|
A script must contain one or more of the following functions that
|
||||||
the given conditions are met, or a <literal>postrule</literal> function,
|
determine when the script will be run:
|
||||||
which lets the script to be run during the Script Post-scanning phase.
|
<simplelist>
|
||||||
A rule is a Lua function that returns either <literal>true</literal>
|
<member><literal>prerule()</literal></member>
|
||||||
or <literal>false</literal>. A script can have multiple rules functions in
|
<member><literal>hostrule(host)</literal></member>
|
||||||
order to run at different script scan phases, and to share the same code.
|
<member><literal>portrule(host, port)</literal></member>
|
||||||
The script <literal>action</literal> function is only performed if the rule
|
<member><literal>postrule()</literal></member>
|
||||||
evaluates to <literal>true</literal>. Prerules and postrules do not accept
|
</simplelist>
|
||||||
arguments. Hostrules accept a host table as their argument and may
|
<literal>prerule</literal> scripts run once, before any hosts are
|
||||||
test, for example, the IP address or hostname of the target. Portrules
|
scanned, during the script pre-scanning
|
||||||
accept both host and port tables as arguments for any TCP or UDP port in the
|
phase.<indexterm><primary>script
|
||||||
<literal>open</literal><indexterm><primary><literal>open</literal> port state</primary></indexterm>,
|
pre-scanning</primary></indexterm> <literal>hostrule</literal> and
|
||||||
<literal>open|filtered</literal><indexterm><primary><literal>open|filtered</literal> port state</primary></indexterm>,
|
<literal>portrule</literal> scripts run after each batch of hosts
|
||||||
or <literal>unfiltered</literal><indexterm><primary><literal>unfiltered</literal> port state</primary></indexterm> port states. Port rules generally test factors such as the port number, port state, or listening service name in deciding whether to run against a port. Example rules are shown in <xref linkend="nse-tutorial-rule"/>.
|
is scanned. <literal>postrule</literal> scripts run once after all
|
||||||
The current standard to choose between a <literal>prerule</literal>
|
hosts have been scanned, in the script post-scanning
|
||||||
or a <literal>postrule</literal> is: if the script is doing host discovery
|
phase.<indexterm><primary>script post-scanning
|
||||||
or any other network operation then the <literal>prerule</literal>
|
phase</primary></indexterm> A script may run in more than one
|
||||||
should be used. The <literal>postrule</literal> is reserved for data
|
phase if it has several rules.
|
||||||
reporting and statistics gathering that were generated during the scan.
|
</para>
|
||||||
|
<para>
|
||||||
|
<literal>prerule</literal> and <literal>postrule</literal> do not
|
||||||
|
accept arguments. <literal>hostrule</literal> accepts a host table
|
||||||
|
and may test, for example, the IP address or hostname of the
|
||||||
|
target. <literal>portrule</literal> accepts both a host table and
|
||||||
|
a port table for any port in the
|
||||||
|
<literal>open</literal><indexterm><primary><literal>open</literal> port state</primary></indexterm>,
|
||||||
|
<literal>open|filtered</literal><indexterm><primary><literal>open|filtered</literal> port state</primary></indexterm>,
|
||||||
|
or <literal>unfiltered</literal><indexterm><primary><literal>unfiltered</literal> port state</primary></indexterm>
|
||||||
|
port states. Port rules generally test factors such as the port
|
||||||
|
number, port state, or listening service name in deciding whether
|
||||||
|
to run against a port. Example rules are shown in <xref
|
||||||
|
linkend="nse-tutorial-rule"/>.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The current standard to choose between a
|
||||||
|
<literal>prerule</literal> or a <literal>postrule</literal> is
|
||||||
|
this: if the script is doing host discovery or any other network
|
||||||
|
operation then the <literal>prerule</literal> should be used.
|
||||||
|
<literal>postrule</literal> is reserved for reporting of data and
|
||||||
|
statistics that were gathered during the scan.
|
||||||
</para>
|
</para>
|
||||||
</sect2>
|
</sect2>
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user