diff --git a/nselib/tns.lua b/nselib/tns.lua index 30d0f0ddd..6631d309a 100644 --- a/nselib/tns.lua +++ b/nselib/tns.lua @@ -111,6 +111,7 @@ local bin = require "bin" local bit = require "bit" +local bits = require "bits" local math = require "math" local match = require "match" local nmap = require "nmap" diff --git a/scripts/http-internal-ip-disclosure.nse b/scripts/http-internal-ip-disclosure.nse index 27e41e34f..6b1101770 100644 --- a/scripts/http-internal-ip-disclosure.nse +++ b/scripts/http-internal-ip-disclosure.nse @@ -1,4 +1,5 @@ local http = require "http" +local nmap = require "nmap" local shortport = require "shortport" local stdnse = require "stdnse" local ipOps = require "ipOps" @@ -52,7 +53,7 @@ local function generateHttpV1_0Req(host, port, path) -- Check if the redirect location contains an IP address redirectIP = locTarget:match("[%d%.]+") if redirectIP then - privateIP, _ = ipOps.isPrivate(redirectIP) + privateIP = ipOps.isPrivate(redirectIP) end stdnse.debug1("Location: %s", locTarget ) diff --git a/scripts/ldap-rootdse.nse b/scripts/ldap-rootdse.nse index 9a5ac09bb..6adad7bb5 100644 --- a/scripts/ldap-rootdse.nse +++ b/scripts/ldap-rootdse.nse @@ -137,7 +137,7 @@ function action(host,port) if not status then socket:close() - return stdnse.format_output(false, searchResEntries) + return stdnse.format_output(false, searchResEntries) end -- Check if we were served all the results or not? @@ -166,22 +166,22 @@ function action(host,port) if not status or not searchResEntries then return stdnse.format_output(false, searchResEntries) end result = ldap.searchResultToTable( searchResEntries ) - + -- if taken a way and ldap returns a single result, it ain't shown.... result.name = "LDAP Results" - local scriptResult = stdnse.format_output(true, result ) - + local scriptResult = stdnse.format_output(true, result ) + -- Start extracting target information -- The following works on Windows AD LDAP as well as VMware's LDAP, VMware uses lower case cn vs AD ucase CN - local serverName = string.match(scriptResult,"serverName: [cC][nN]=([^,]+),[cC][nN]=Servers,[cC][nN]=") + local serverName = scriptResult:match("serverName: [cC][nN]=([^,]+),[cC][nN]=Servers,[cC][nN]=") if serverName then port.version.hostname = serverName end - + -- Check to see if this is Active Directory vs some other product or ADAM -- https://msdn.microsoft.com/en-us/library/cc223359.aspx if string.match(scriptResult,"1.2.840.113556.1.4.800") then port.version.product = 'Microsoft Windows Active Directory LDAP' port.version.name_confidence = 10 - + -- Determine Windows version if not port.version.ostype or port.version.ostype == 'Windows' then local DC_Func = string.match(scriptResult,"domainControllerFunctionality: (%d)") @@ -201,11 +201,11 @@ function action(host,port) port.version.extrainfo = string.format("Domain: %s, Site: %s", domainName, siteName) end end - - -- Set port information + + -- Set port information port.version.name = "ldap" nmap.set_port_version(host, port, "hardmatched") nmap.set_port_state(host, port, "open") - + return scriptResult end diff --git a/scripts/smb-os-discovery.nse b/scripts/smb-os-discovery.nse index 0f85dc96f..bac97e57e 100644 --- a/scripts/smb-os-discovery.nse +++ b/scripts/smb-os-discovery.nse @@ -1,3 +1,4 @@ +local nmap = require "nmap" local smb = require "smb" local stdnse = require "stdnse" local string = require "string"