Qualify some "I"s in script documentation to attribute them to their author, to

reduce confusion when many scripts are presented together. Also make a few other miscellaneous documentation cleanups.
2025-12-15 20:29:03 +00:00 · 2008-11-04 16:41:12 +00:00
parent 8a6106529a
commit 12290c86cd
5 changed files with 8 additions and 13 deletions
--- a/scripts/nbstat.nse
+++ b/scripts/nbstat.nse
@@ -5,8 +5,6 @@ Attempt's to get the target's NetBIOS names and MAC address.
 By default, the script displays the name of the computer and the logged-in
 user; if the verbosity is turned up, it displays all names the system thinks it
 owns.
-\n\n
-For more information on the NetBIOS protocol, see 'nselib/netbios.lua'.
 ]]

 ---
@@ -37,9 +35,6 @@ categories = {"default", "discovery", "safe"}

 require "netbios"

-- I have excluded the port function param because it doesn't make much sense
-- for a hostrule.  It works without warning.  The NSE documentation is
-- not explicit enough in this regard.  
 hostrule = function(host)

 	-- The following is an attempt to only run this script against hosts
--- a/scripts/smb-enumdomains.nse
+++ b/scripts/smb-enumdomains.nse
@@ -115,7 +115,7 @@ action = function(host)
 		end
 	end

-	-- If no domanis were returned, print an error (I don't expect this will actually happen)
+	-- If no domains were returned, print an error (I don't expect this will actually happen)
 	if(#enumdomains_result['domains'] == 0) then
 		if(nmap.debugging() > 0) then
 			return "ERROR: Couldn't find any domains to check"
--- a/scripts/smb-enumsessions.nse
+++ b/scripts/smb-enumsessions.nse
@@ -6,8 +6,8 @@ services), or through a SMB share.
 Enumerating the local and terminal services users is done by reading the remote registry. Keys under
 <code>HKEY_USERS</code> are SIDs that represent the currently logged in users, and those SIDs can be converted
 to proper names by using the <code>LsaLookupSids()</code> function. Doing this requires any access higher than
-anonymous (guests, users, or administrators are all able to perform this request on the operating
-systems I tested). 
+anonymous. Guests, users, or administrators are all able to perform this request on the operating
+systems I (Ron Bowes) tested. 

 Enumerating SMB connections is done using the <code>srvsvc.netsessenum()</code> function, which returns who's
 logged in, when they logged in, and how long they've been idle for. Unfortunately, I couldn't find
--- a/scripts/smb-enumshares.nse
+++ b/scripts/smb-enumshares.nse
@@ -6,7 +6,7 @@ retrieve more information about each share using <code>srvsvc.NetShareGetInfo()<
 Running
 <code>NetShareEnumAll()</code> will work anonymously on Windows 2000, and requires a user-level 
 account on any other Windows version. Calling <code>NetShareGetInfo()</code> requires an 
-administrator account on every version of Windows I tested. 
+administrator account on every version of Windows I (Ron Bowes) tested. 

 Although <code>NetShareEnumAll()</code> is restricted on certain systems, actually connecting to
 a share to check if it exists will always work. So, if <code>NetShareEnumAll()</code> fails, a 
--- a/scripts/smb-enumusers.nse
+++ b/scripts/smb-enumusers.nse
@@ -38,11 +38,11 @@ a user on a domain or system. An LSA function is exposed which lets us convert t
 (say, 1000) to the username (say, "Ron"). So, the technique will essentially try
 converting 1000 to a name, then 1001, 1002, etc., until we think we're done. 

-I break the users into groups of 5 RIDs, and check them individually (checking too many
-at once causes problems). I continue checking until I reach 1100, and get an empty
+Users are broken into groups of five RIDs, then checked individually (checking too many
+at once causes problems). We continue checking until we reach 1100, and get an empty
 group. This probably isn't the most effective way, but it seems to work. 
 It might be a good idea to modify this, in the future, with some more
-intelligence.  I performed a test on an old server with a lot of accounts, 
+intelligence.  I (Ron Bowes) performed a test on an old server with a lot of accounts, 
 and I got these results: 500, 501, 1000, 1030, 1031, 1053, 1054, 1055, 
 1056, 1057, 1058, 1059, 1060, 1061, 1062, 1063, 1064, 1065, 1066, 1067, 1070, 
 1075, 1081, 1088, 1090. The jump from 1000 to 1030 is quite large and can easily 
@@ -51,7 +51,7 @@ result in missing accounts, in an automated check.
 Before attempting this conversion, the SID of the server has to be determined. 
 The SID is determined by doing the reverse operation, that is, converting a name into 
 a RID. The name is determined by looking up any name present on the system. 
-In this script, I try:
+We try:
 * The computer name and domain name, returned in <code>SMB_COM_NEGOTIATE</code>;
 * An nbstat query to get the server name and the user currently logged in; and
 * Some common names: "administrator", "guest", and "test".