diff --git a/docs/refguide.xml b/docs/refguide.xml index 429a2bc2d..b5609831d 100644 --- a/docs/refguide.xml +++ b/docs/refguide.xml @@ -2241,7 +2241,7 @@ way. - + @@ -2252,9 +2252,16 @@ Runs a script scan using the comma-separated list of filenames, script categories, and directories. Each element in the list may also be a Boolean expression describing a more complex set of scripts. Each element is interpreted first as an expression, then as a category, and -finally as a file or directory name. The special argument -all makes every script in Nmap's script database -eligible to run. The all argument should be used with caution as NSE may contain dangerous scripts including exploits, brute force authentication crackers, and denial of service attacks. +finally as a file or directory name. + +There are two special features for advanced users only. +One is to prefix script names and expressions with ++ to force them to run even if they normally +wouldn't (e.g. the relevant service wasn't detected on the target +port). The other is that the argument all may be +used to specify every script in Nmap's database. Be cautious with +this because NSE contains dangerous scripts such as exploits, brute +force authentication crackers, and denial of service attacks. diff --git a/docs/scripting.xml b/docs/scripting.xml index 8bfdd82b8..84fb7ae09 100644 --- a/docs/scripting.xml +++ b/docs/scripting.xml @@ -619,7 +619,7 @@ Black Hat Briefings in 2010. - + @@ -633,10 +633,24 @@ finally as a file or directory name. The special argument eligible to run. The all argument should be used with caution as NSE may contain dangerous scripts including exploits, brute force authentication crackers, and denial of service attacks. + +Each element in the script expression list may be prefixed with a ++ character to force the given script(s) to run +regardless of the conditions in their prerule or +hostrule functions. This is generally only done by +advanced users in special cases. For example, you might want to do a +configuration review on a bunch of MS SQL servers, some of which are +running on nonstandard ports. Rather than slow the Nmap scan by +running extensive version detection () so that Nmap will recognize the ms-sql +service, you can force the ms-sql-config script to run against all the +targetted hosts and ports by specifying . + File and directory names may be relative or absolute. Absolute names are -used directly. Relative paths are looked for in the -scripts of each of the following places until +used directly. Relative paths are searched for in the +scripts subdirectory of each of the following places until found: data filesdirectory search orderscripts, location of @@ -1214,6 +1228,12 @@ NSE: Script Scanning completed. to run against a port. Example rules are shown in . + + Advanced users may force a script to run regardless of the + results of these rule functions by prefixing the script name (or + category or other expression) with a + in the + argument. + The current standard to choose between a prerule or a postrule is