- Nmap Network Scanning
- Chapter9.Nmap Scripting Engine
- Script Language
Script Language
The core of the Nmap Scripting Engine is an embeddable Lua interpreter. Lua is a lightweight language designed for extensibility. It offers a powerful and well-documented API for interfacing with other software such as Nmap.
The second part of the Nmap Scripting Engine is the NSE Library, which connects Lua and Nmap. This layer handles issues such as initialization of the Lua interpreter, scheduling of parallel script execution, script retrieval and more. It is also the heart of the NSE network I/O framework and the exception handling mechanism. It also includes utility libraries to make scripts more powerful and convenient. The utility library modules and extensions are described in the section called “NSE Libraries”.
Lua Base Language
The Nmap scripting language is an embedded Lua interpreter which isextended with libraries for interfacing with Nmap. The NmapAPI is in the Lua namespace nmap
. Thismeans that all calls to resources provided by Nmap have annmap
prefix.nmap.new_socket()
, for example, returns anew socket wrapper object. The Nmap library layer also takescare of initializing the Lua context, scheduling parallelscripts and collecting the output produced by completedscripts.
During the planning stages, we considered several programminglanguages as the base for Nmap scripting. Another option was toimplement a completely new programming language. Our criteriawere strict: NSE had to be easy touse, small in size, compatible with the Nmap license,scalable, fast and parallelizable. Severalprevious efforts (by other projects) to design their own security auditing language from scratchresulted in awkward solutions, so we decided early not to follow thatroute. First the Guile Scheme interpreter was considered,but the preference drifted towards the Elk interpreter due to its morefavorable license. But parallelizing Elk scripts would have beendifficult. In addition, we expect that most Nmap users prefer procedural programming over functional languages such as Scheme. Larger interpreters such as Perl, Python, andRuby are well-known and loved, but are difficult to embedefficiently. In the end, Lua excelled in all of our criteria.It is small, distributed under the liberal MIT open source license, hascoroutines for efficient parallel scriptexecution, was designed with embeddability in mind, hasexcellent documentation, and is actively developed by a largeand committed community.Lua is now even embedded in other popular open source security tools includingthe Wireshark sniffer and Snort IDS.