tval2msecs and tval2secs. This affects the following options:
Nmap:
--host-timeout
--max-rtt-timeout --min-rtt-timeout --initial-rtt-timeout
--scan-delay --max-scan-delay
--stats-every
Ncat:
-d --delay
-i --idle-timeout
-w --wait
Nping:
--delay
--host-timeout
--icmp-orig-time --icmp-recv-time --icmp-trans-time
Some sanity checks have been added when it looks like someone is using
the old default of milliseconds. For example,
$ ./nmap --host-timeout 10000
The default unit for --host-timeout is seconds (since April 2010), so your time of "10000" is 2.8 hours. If this is what you want, use "10000s".
QUITTING!
$ ./nmap --scan-delay 1000
The default unit for --scan-delay is seconds (since April 2010), so your time of "1000" is 16.7 minutes. Use "1000ms" for 1000 milliseconds.
QUITTING!
Times with a unit are always taken at face value and will avoid the
error message.
See http://seclists.org/nmap-dev/2010/q2/159 for discussion.
latter would allow you to do this:
$ nmap --max-os-tries 1s localhost
Bogus --max-os-tries argument specified, must be between 1 and 50 (inclusive)
QUITTING!
Because the "1s" became 1000.
atoi isn't right for option parsing because it doesn't catch errors, but
it's what the rest of the option parsing code uses.
top of the first comment, so the entire description got stuffed into the
@author field. I also discovered a limitation in the NSEDoc parser: the
first non-empty line following the first --- comment must be the
"module" call, or else the block isn't recognized as belonging to a
module. This was preventing @args from appearing in certain libraries.
Djalal Harouni told me about this.
o [NSE] Scripts that take an argument for a time duration can now have
the duration be a number followed by a unit, like other times in
Nmap. For example, 10m for 10 minutes. The units understood are ms
for milliseconds, s for seconds, m for minutes, and h for hours.
Seconds are the default if no unit is specified. The new function
stdnse.parse_timespec does the parsing of these formats. The
qscan.delay script argument, which formerly interpreted its argument
as being in milliseconds, now defaults to seconds; append "ms" to
continue using the same numbers. [David]
qscan.delay
dns-fuzz.timelimit
mssql.timelimit
A side effect is that the default units for qscan.delay are seconds, not
milliseconds. 0 is now the magic value to disable the time limit in
dns-fuzz.
It has scoped args in the straight form of "ftp-bounce.<arg>" which is
apparently how this works now (at least what other scripts seem to use) instead
of using actual subtables like in http://seclists.org/nmap-dev/2008/q2/567
o [Zenmap] Made IP addresses be sorted by octet, not by their string
representation. For example, 10.1.1.2 is now sorted before
10.1.1.10, when it was the opposite before. This was reported by
Norris Carden. [David]
scripts are:
- ms-sql-brute.nse uses the unpwdb library to guess credentials for MSSQL
- ms-sql-config retrieves various configuration details from the server
- ms-sql-empty-password checks if the sa account has an empty password
- ms-sql-hasdbaccess lists database access per user
- ms-sql-query add support for running custom queries against the database
- ms-sql-tables lists databases, tables, columns and datatypes with optional
keyword filtering
- ms-sql-xp-cmdshell adds support for OS command execution to privileged
users
[Patrik]
