where the Script.new failed:
chosen_scripts[#chosen_scripts+1] = Script.new(path);
if Script.new returns nil, then the operation is a no-op (as intended). So,
just add the script to the array. Script.new now accepts a selected_by_name
argument so we don't set it manually.
then looks in the scripts subdirectory, then in the current directory.
cnse.fetchfile_absolute now checks for an absolute path, then calls
nmap_fetchfile if that fails (and no longer looks in scripts/). Use
cnse.fetchscript when accessing files that should be in the scripts
subdirectory.
instituted to keep memory under control when there are many open
ports. Nathan reported 3 GB of memory use (with an out-of-memory NSE
crash) for one host with tens of thousands of open ports. This limit
can be controlled with the variable CONCURRENCY_LIMIT in
nse_main.lua. [David]
o Add two new Script scan phases:
Script Pre-scanning phase: before any Nmap scan operation, activated by the new "prerule".
Script Post-scanning phase: after all Nmap scan operations, activated by the new "postrule".
o New environment variables:
SCRIPT_PATH
SCRIPT_NAME
SCRIPT_TYPE: the type of the rule that activated the script.
completed." due to two issues. One is that we already have a
different line printed in verbose mode which looks like "Completed NSE
at 14:31, 0.27s elapsed". The other problem is that this was being
printed in non-verbose mode when you specified an argument like
"--script ssl-cert". We intentionally bump the verbose mode of
scripts when they are specified individually like that so they can
report more script results, but I don't think we need the NSE
infrastructure itself to become more verbose.
custom libraries that must be used instead. (So, try to load our libaries
first, then look through system paths.) This bug is very rare since these
optional libraries are very rarely installed in most distributions.
Bug found by Onur K. [1].
[1] http://seclists.org/nmap-dev/2010/q1/197
with modifications from [2].
** Short description from [1] **
I have created a patch to NSE that replaces runlevels with a table of
dependencies that clearly outlines what other scripts the script
depends on. The table is of the form:
dependences = {"script1", script2", ...}
Runlevels become an internal representation of the order of scripts
that are generated by the dependencies. Dependencies only enforce
an execution order and not a requirement for execution.
[1] http://seclists.org/nmap-dev/2009/q4/295
[2] http://seclists.org/nmap-dev/2009/q4/446
now a script is limited in parallelism to working on one socket at any
time. A script can now create a worker thread that will be capable of
doing work on sockets in parallel with the parent script. See [1] for
more information.
This patch also comes with condition variables that are similar to
POSIX condition variables. They are used in the same fashion as
NSE's mutexes (nmap.mutex).
[1] http://seclists.org/nmap-dev/2009/q4/294
at debugging level 2 or higher and when a key is pressed. This is especially
useful when we have a rare deadlock and we want to know which scripts are
involved and where (a traceback is also printed).
surrounding whitespace is ignored). Here is a simple example for clarity:
--script-args 'greeting = This is a greeting'
Becomes: { ["greeting"] = "This is a greeting" }
Script.new. Because of the new strict.lua library being added, scripts
would look for the absent filename global at load-time and fail due to an
error (ssh-hostkey.nse).
replaced so that all NSE modules will have strict declared global checking at
runtime. This should catch most developer errors early. Please see [1] for
further reference into the problem.
[1] http://seclists.org/nmap-dev/2009/q3/0070.html
have their verbosity level automatically increased by one. Many
will print negative results ("no infection found") at a higher
verbosity level. The idea is that if you ask for a script
specifically, you are more interested in such results.
