Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: detect nmap for default scripts #694

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

feat: detect nmap for default scripts #694

wants to merge 1 commit into from

Conversation

PsypherPunk
Copy link
Collaborator

@PsypherPunk PsypherPunk commented Nov 18, 2024
edited
Loading

If using a the equivalent of --scripts default, we're currently defaulting to nmap. However, as per #691, if it's not there, RustScan errors after completing the port-scan.

Making use of which to verify that an nmap binary can be found; this looks like:

❯ ./target/debug/rustscan --addresses 127.0.0.1 --scripts default
[!] Initiating scripts failed!
nmap: command not found. See <https://nmap.org/download>
  1. is this something we actually want?
    • alternatively, we could log and disable the scripting engine.
  2. if so, is the above adequate messaging?
  3. although I can verify the behaviour, how can we wrap this in a unit test?

closes #691

@PsypherPunk
feat: detect nmap for default scripts
5dc8acf 
if using the equivalent of `--scripts default`, use
[`which`](https://github.com/harryfei/which-rs) to verify that an `nmap`
binary can be found.

closes bee-san#691
@PsypherPunk PsypherPunk requested a review from bee-san November 18, 2024 16:28
@bee-san
Copy link
Owner

bee-san commented Nov 19, 2024
edited
Loading

Becuase the script fails, I would maybe not use which and instead handle it in the code where it fails. So if it tries to run nmap, and nmap returns with status code > 0, we can write "Rustscan currently uses nmap...." 🤔

is this something we actually want?

Yes, my plan is to get rid of nmap in the future though :)

I am actually thinking of rewriting the script engine to also work with Rust files, and to turn some nmap scripts (the open source ones) into straight Rust code which should be fun.

if so, is the above adequate messaging?

"RustScan currently uses nmap for scripts, and nmap is not found. You can download it here {URL}"

although I can verify the behaviour, how can we wrap this in a unit test?

Not a unit test, but put it here:
https://github.com/RustScan/RustScan/blob/master/tests/

See timelimit.rs in that folder. It runs rustscan as a process just to see what the output is.

  1. run as process
  2. see output
  3. check to see if output is fail state or not (os.status_code or something)

Because CI runs on 3 OS's, this behaviour and use of which will run on all 3.

@PsypherPunk
Copy link
Collaborator Author

Hmmm…I could reasonably do this by just checking for the right error code:

let es = match status.code() {
    Some(127) => return Err(anyhow!("RustScan currently uses nmap for scripts, and nmap is not found. You can download it here: https://nmap.org/download")),
    Some(code) => code,

but by that point we don't know that we're specifically running nmap, just that the executable in question couldn't be found.

Unless I'm missing something, this might be worth closing if there's a planned rewrite in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bee-san bee-san Awaiting requested review from bee-san

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

detect the presence of nmap
2 participants
@PsypherPunk @bee-san