diff --git a/CHANGELOG b/CHANGELOG
index 7ed8c7bbb..19dc39596 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,11 @@
# Nmap Changelog ($Id$); -*-text-*-
+o Added the new --script-args-file option which allows you to specify
+ the name of a file containing all of your desired NSE script
+ arguments. The arguments may be separated with commas or newlines
+ and may be overridden by arguments specified on the command-line
+ with --script-args. [Daniel Miller]
+
o [NSE] Added the script http-vuln-cve2009-3960 that detects and exploits the
CVE 2009-3960 XML injection vulnerability in Adobe products. [Hani
Benhabiles]
diff --git a/NmapOps.h b/NmapOps.h
index 2cfae1072..64a2f12c9 100644
--- a/NmapOps.h
+++ b/NmapOps.h
@@ -330,6 +330,7 @@ class NmapOps {
#ifndef NOLUA
int script;
char *scriptargs;
+ char *scriptargsfile;
int scriptversion;
int scripttrace;
int scriptupdatedb;
diff --git a/docs/nmap.1 b/docs/nmap.1
index fc8db53f8..1bc14267e 100644
--- a/docs/nmap.1
+++ b/docs/nmap.1
@@ -2,12 +2,12 @@
.\" Title: nmap
.\" Author: [see the "Author" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1
-.\" Date: 01/01/2012
+.\" Date: 01/02/2012
.\" Manual: Nmap Reference Guide
.\" Source: Nmap
.\" Language: English
.\"
-.TH "NMAP" "1" "01/01/2012" "Nmap" "Nmap Reference Guide"
+.TH "NMAP" "1" "01/02/2012" "Nmap" "Nmap Reference Guide"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -1358,6 +1358,13 @@ pairs\&. Names and values may be strings not containing whitespace or the charac
The online NSE Documentation Portal at
\m[blue]\fB\%http://nmap.org/nsedoc/\fR\m[]
lists the arguments that each script accepts\&.
+.RE
+.PP
+\fB\-\-script\-args\-file \fR\fB\fIfilename\fR\fR .\" --script-args-file .\" script arguments from file
+.RS 4
+Lets you load arguments to NSE scripts from a file\&. Any arguments on the command line supersede ones in the file\&. The file can be an absolute path, or a path relative to Nmap\*(Aqs usual search path (NMAPDIR, etc\&.) Arguments can be comma\-separated or newline\-separated, but otherwise follow the same rules as for
+\fB\-\-script\-args\fR, without requiring special quoting and escaping, since they are not parsed by the shell\&.
+.RE
.PP
\fB\-\-script\-help \fR\fB\fIfilename\fR\fR\fB|\fR\fB\fIcategory\fR\fR\fB|\fR\fB\fIdirectory\fR\fR\fB|\fR\fB\fIexpression\fR\fR\fB|all\fR\fB[,\&.\&.\&.]\fR .\" --script-help
.RS 4
@@ -1368,7 +1375,6 @@ script, you would run
\fBnmap \-\-script\-help ftp\-anon\fR\&. In addition to getting help for individual scripts, you can use this as a preview of what scripts will be run for a specification, for example with
\fBnmap \-\-script\-help default\fR\&.
.RE
-.RE
.PP
\fB\-\-script\-trace\fR .\" --script-trace
.RS 4
diff --git a/docs/refguide.xml b/docs/refguide.xml
index 0cedeb4c3..42c72734b 100644
--- a/docs/refguide.xml
+++ b/docs/refguide.xml
@@ -2409,7 +2409,24 @@ The online NSE Documentation Portal at
lists the arguments that each script accepts.
+
+
+
+
+ script arguments from file
+
+
+
+ Lets you load arguments to NSE scripts from a file. Any arguments on the
+ command line supersede ones in the file. The file can be an absolute path,
+ or a path relative to Nmap's usual search path (NMAPDIR, etc.)
+ Arguments can be comma-separated or newline-separated, but otherwise follow
+ the same rules as for , without requiring
+ special quoting and escaping, since they are not parsed by the shell.
+
+
+
@@ -2431,7 +2448,6 @@ lists the arguments that each script accepts.
-
diff --git a/docs/scripting.xml b/docs/scripting.xml
index ea3c666fd..1e9c38dad 100644
--- a/docs/scripting.xml
+++ b/docs/scripting.xml
@@ -191,8 +191,8 @@ Black Hat Briefings in 2010.
execute by providing categories, script file names, or the name of
directories full of scripts you wish to execute. You can customize
some scripts by providing arguments to them via the
-
- option.
+ and
+ options.
The
shows a description of what each selected script does.
The two remaining options,
@@ -702,6 +702,20 @@ Nmap script database, but should be used cautiously since Nmap may contain explo
+
+
+
+
+
+
+ This option is the same as
+ except that you pass the
+ arguments in a file rather than on the command-line. See
+ for a detailed
+ explanation.
+
+
+
@@ -971,6 +985,15 @@ http://nmap.org/nsedoc/scripts/afp-showmount.html
the whois table in the example below.
+ Rather than pass the arguments on the command line with
+ , you may store them in a file
+ (separated by commas or newlines) and specify just the file name
+ with . Options specified
+ with on the command-line take
+ precedence over those given in a file. The filename may be
+ given as an absolute path or relative to Nmap's usual
+ search path (NMAPDIR, etc.)
+
Here is a typical Nmap invocation with script arguments:
example of
diff --git a/nmap.cc b/nmap.cc
index e0f6e252f..6fbb15047 100644
--- a/nmap.cc
+++ b/nmap.cc
@@ -629,6 +629,8 @@ void parse_options(int argc, char **argv) {
{"script_updatedb", no_argument, 0, 0},
{"script-args",required_argument,0,0},
{"script_args",required_argument,0,0},
+ {"script-args-file",required_argument,0,0},
+ {"script_args_file",required_argument,0,0},
{"script-help",required_argument,0,0},
{"script_help",required_argument,0,0},
#endif
@@ -657,6 +659,8 @@ void parse_options(int argc, char **argv) {
o.chooseScripts(optarg);
} else if (optcmp(long_options[option_index].name,"script-args")==0){
o.scriptargs=strdup(optarg);
+ } else if (optcmp(long_options[option_index].name,"script-args-file")==0){
+ o.scriptargsfile=strdup(optarg);
} else if (optcmp(long_options[option_index].name, "script-trace") == 0) {
o.scripttrace = 1;
} else if (optcmp(long_options[option_index].name, "script-updatedb") == 0){
diff --git a/nse_main.cc b/nse_main.cc
index e06f77bbb..79bb1f92a 100644
--- a/nse_main.cc
+++ b/nse_main.cc
@@ -290,6 +290,7 @@ static void open_cnse (lua_State *L)
setbfield(L, -1, "scripthelp", o.scripthelp);
setsfield(L, -1, "script_dbpath", SCRIPT_ENGINE_DATABASE);
setsfield(L, -1, "scriptargs", o.scriptargs);
+ setsfield(L, -1, "scriptargsfile", o.scriptargsfile);
setsfield(L, -1, "NMAP_URL", NMAP_URL);
}
diff --git a/nse_main.lua b/nse_main.lua
index 8b8a0e19a..899c3b82a 100644
--- a/nse_main.lua
+++ b/nse_main.lua
@@ -1044,6 +1044,19 @@ do -- Load script arguments (--script-args)
end
end
nmap.registry.args = parse_table("{"..args.."}", 1);
+ -- Check if user wants to read scriptargs from a file
+ if cnse.scriptargsfile ~= nil then --scriptargsfile path/to/file
+ local t, path = cnse.fetchfile_absolute(cnse.scriptargsfile)
+ assert(t == 'file', format("%s is not a file", path))
+ local argfile = assert(open(path, 'r'));
+ local argstring = argfile:read("*a")
+ argstring = gsub(argstring,"\n",",")
+ local tmpargs = parse_table("{"..argstring.."}",1)
+ for k,v in pairs(nmap.registry.args) do
+ tmpargs[k] = v
+ end
+ nmap.registry.args = tmpargs
+ end
end
-- Update Missing Script Database?