About nse script search function.

[madaragon]

While considering the NSE Script search function, there are a few things you may want to check regarding the design.

1. Retrieval of NSE Scripts from the Official Repository and Other Options When considering the implementation of a search feature for NSE Scripts, I'm wondering if retrieving them from the official repository is the optimal approach. Could you provide advice on the method of retrieval from the official repository, and if there are any other alternatives I should consider? URL: https://svn.nmap.org/nmap/scripts/

2. Feasibility of Resource Update Functionality for Local JSON Storage When implementing search functionality for NSE scripts, we are considering whether we need a mechanism to update resources when leveraging local JSON files.

3. Comparison Between Local Resource and Scraping As I plan the implementation of a search feature for NSE Scripts, I'm deliberating between using local resources and scraping from the official repository and which aligns better with the project's design philosophy. Could you provide insights into the advantages, disadvantages, and design considerations associated with both local resource usage and scraping from the official repository?

Feel free to provide your insights and recommendations on these questions. Your input will be greatly appreciated in shaping the direction of the project.

[justakazh]

Here are my thoughts on the retrieval of NSE Scripts. Fetching NSE Scripts from official sources can be a stable and reliable option, as it provides the latest versions and ensures their security. There are several considerations I have:

• Providing a local database (SQLite) to store information related to NSE Scripts and other vulnerability information (including msfmodule or other information locally), as the information related to msfmodule is still in the file 'files/msf_module.json', and of course, the information to be stored later will be extensive.

• To update the database, perhaps adding a new parameter to update the database, for example: --update.

• To obtain information about NSE Scripts, we can scrape the URL you provided above, then extract the description of the NSE Script, making it easier to search for relevant NSE Scripts.

Is this sufficient to answer the questions above? If you have any other suggestions, I would be happy to hear them.

[madaragon]

Thank you for your reply. I thought you wanted to manage it with json, but when I looked into it, I found out that was the case. I think managing it with SQLite is a very good idea. I also agree with the update option. The other thing is DB design. . . Script name, category, description, link... Any other thoughts?

[justakazh]

Maybe we need gather all information about exploit and insert in in one database. Example database structure:

Db_name: Exploit

• Table : msf_module
• Table : nse_scripts

myabe it's will easier to manage, and contribute it

[madaragon]

@justakazh In the commit below, I added the database name change and SQLite close processing, could you please check it? 691adb4bc25c382d37bbf32308e72c494f3faebf