diff --git a/CHANGELOG b/CHANGELOG index d748ccee3..199f1ec55 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -8,12 +8,15 @@ o Compatibility with systems that have the pcre.h header file in its own pcre directory should now be fixed for real. [Fyodor] o Enhanced the radmind service detection signature and added a - deprecated radmind port to nmap-services. Thanks to Matt Selsky for - the patch. + deprecated radmind port to nmap-services. [Matt Selsky] + +o Documented the "--script all" option in the man page and NSE + article. This option executes all scripts in the NSE database + regardless of category. [Fyodor] o Fixed the NSIS installer so that it does not include some excess files (mswin32/* and .svn). Thanks to Alan Jones for reporting the - problem. + problem. [Fyodor] 4.23RC3 diff --git a/docs/nmap.1 b/docs/nmap.1 index f17dc863a..741d9e47d 100644 --- a/docs/nmap.1 +++ b/docs/nmap.1 @@ -1003,21 +1003,31 @@ performs a script scan using the default set of scripts\. it is equivalent to \fB\-\-script=safe,intrusive\fR .RE .PP -\fB\-\-script=\fR +\fB\-\-script \fR .RS 4 -gives you the opportunity to choose from a custom set of scripts\. You can specify script\-categories, single scripts and/or directories with scripts which are to be run against the target hosts instead of the default set\. Nmap will try to interpret the arguments at first as categories and afterwards as files or directories in one of the following places -\fI\-\-datadir/\fR -; -\fI$(NMAPDIR)/\fR -; +Runs a script scan (like +\fB\-sC\fR) with the scripts you have chosen rather than the defaults\. Arguments can be script categories, single scripts or directories with scripts which are to be run against the target hosts instead of the default set\. Nmap will try to interpret the arguments at first as categories and afterwards as files or directories\. Absolute paths are used as is, relative paths are searched in the following places until found: +\fI\-\-datadir/\fR; +\fI$(NMAPDIR)/\fR; \fI~user/nmap/\fR -(only on *nix\-platforms); +(not searched on Windows); \fINMAPDATADIR/\fR or -\fI\./\fR -(optionally inside a +\fI\./\fR\. A \fIscripts/\fR -subdirectory)\. +subdirectory is also tried in each of these\. Give the argument +all +to execute all scripts in the Nmap script database\. +.sp +If a directory is specified and found, Nmap loads all NSE scripts (any filenames ending with +\.nse) from that directory\. They must have the filename extension +nse\. Nmap does not recurse into subdirectories to find scripts\. When individual file names are specified, the file extension does not have to be +nse\. +.sp +Nmap scripts are stored in a +\fIscripts\fR +subdirectory of the Nmap data directory by default\. Scripts are indexed in a database stored in +\fIscripts/script\.db\fR\. The database lists all of the scripts in each category\. A single script may be in several categories\. .RE .PP \fB\-\-script\-args=\fR diff --git a/docs/refguide.xml b/docs/refguide.xml index 6435a2ef1..92ea03e9e 100644 --- a/docs/refguide.xml +++ b/docs/refguide.xml @@ -1946,47 +1946,58 @@ way. - - --script + --script - + +Runs a script scan (like ) with the scripts you have chosen rather than the defaults. Arguments can be script categories, single scripts or directories with scripts which are to be run against the target hosts instead of the default set. Nmap will try to interpret the arguments at first as categories and afterwards as files or directories. Absolute paths are used as is, relative paths are searched in the following places until found: +--datadir/; +$(NMAPDIR)/; +~user/nmap/ (not searched on Windows); +NMAPDATADIR/ or +./. A scripts/ subdirectory is also tried in each of these. Give the argument all to execute all scripts in the Nmap script database. + - - gives you the opportunity to choose from a custom set of - scripts. You can specify script-categories, single scripts and/or - directories with scripts which are to be run against the target hosts - instead of the default set. Nmap will try to interpret the arguments - at first as categories and afterwards as files or directories in one - of the following places - --datadir/ ; - $(NMAPDIR)/ ; - ~user/nmap/ (only on *nix-platforms); - NMAPDATADIR/ or - ./ (optionally inside a - scripts/ subdirectory). - - - +If a directory is specified and found, Nmap loads all NSE +scripts (any filenames ending with .nse) from that +directory. They must have the filename extension +nse. Nmap does not recurse into subdirectories to +find scripts. When individual file names are specified, the file +extension does not have to be nse. + + +Nmap scripts are stored in a scripts +subdirectory of the Nmap data directory +by default. Scripts are indexed in a database stored in +scripts/script.db. The database lists all of the +scripts in each category. A single script may be in several +categories. + + + - - --script-args - - + --script-args + lets you provide arguments to NSE-scripts. Arguments are passed -as name=value pairs. The provided argument is processed and stored -inside a Lua table, to which all scripts have access. The names are -taken as strings (which must be alphanumeric values) and used as -keys inside the argument-table. Values are either strings or tables -themselves (surrounded by ‘{’ and ‘}’. Subtables make -it possible to override arguments for specific scripts (e.g. when you -want to provide different login/password pairs for different scripts). -For example, you could pass the comma-separated arguments: -user=bar,password=foo, and anonFTP={password=nobody@foobar.com}. If you want to override an option to a script, you should -index the subtable with the script's id, since this -is the only way the script knows about its special argument. - +as name=value pairs. The provided argument is +processed and stored inside a Lua table, to which all scripts have +access. The names are taken as strings (which must be alphanumeric +values) and used as keys inside the +argument-table. Values are either strings or tables +themselves (surrounded by ‘{’ and +‘}’. Subtables make it possible to +override arguments for specific scripts (e.g. when you want to provide +different login/password pairs for different scripts). For example, +you could pass the comma-separated arguments: +user=bar,password=foo, and +anonFTP={password=nobody@foobar.com}. If you want +to override an option to a script, you should index the subtable with +the script's id, since this is the only way the +script knows about its special argument. + + +