diff --git a/nselib/http.lua b/nselib/http.lua index d960e3760..142962d03 100644 --- a/nselib/http.lua +++ b/nselib/http.lua @@ -2173,6 +2173,10 @@ end -- -- @param body The body of the page. function clean_404(body) + if ( not(body) ) then + return + end + -- Remove anything that looks like time body = string.gsub(body, '%d?%d:%d%d:%d%d', "") body = string.gsub(body, '%d%d:%d%d', "") diff --git a/scripts/http-affiliate-id.nse b/scripts/http-affiliate-id.nse index 4208c898f..8195ccf65 100644 --- a/scripts/http-affiliate-id.nse +++ b/scripts/http-affiliate-id.nse @@ -91,6 +91,10 @@ portaction = function(host, port) local url_path = stdnse.get_script_args("http-affiliate-id.url-path") or "/" local body = http.get(host, port, url_path).body + if ( not(body) ) then + return + end + -- Here goes affiliate matching for name, re in pairs(AFFILIATE_PATTERNS) do local regex = pcre.new(re, 0, "C") diff --git a/scripts/http-generator.nse b/scripts/http-generator.nse index c39a62a6e..f71ea4f3b 100644 --- a/scripts/http-generator.nse +++ b/scripts/http-generator.nse @@ -78,6 +78,7 @@ action = function(host, port) end) response = follow_redirects(host, port, path, redirects) - return response.body:match(pattern) - + if ( response and response.body ) then + return response.body:match(pattern) + end end diff --git a/scripts/http-slowloris-check.nse b/scripts/http-slowloris-check.nse index 1ce3bd46c..c0def6788 100644 --- a/scripts/http-slowloris-check.nse +++ b/scripts/http-slowloris-check.nse @@ -65,6 +65,10 @@ local TimeWith -- time with additional headers -- does a half http request and waits until timeout local function slowThread1(host,port) + -- if no response was received when determining SSL + if ( Bestopt == "none" ) then + return + end local socket,status local catch = function() TimeWithout = nmap.clock() @@ -81,6 +85,10 @@ end -- does a half http request but sends another -- header value after 10 seconds local function slowThread2(host,port) + -- if no response was received when determining SSL + if ( Bestopt == "none" ) then + return + end local socket,status local catch = function() -- note the time the socket timedout @@ -135,6 +143,9 @@ so, it starves the http server's resources causing Denial Of Service. stdnse.sleep(1) end -- compare times + if ( not(TimeWith) or not(TimeWithout) ) then + return + end local diff = TimeWith - TimeWithout stdnse.print_debug("Time difference is: %d",diff) -- if second connection died 10 or more seconds after the first diff --git a/scripts/http-title.nse b/scripts/http-title.nse index 3cc81df90..34d5f537e 100644 --- a/scripts/http-title.nse +++ b/scripts/http-title.nse @@ -51,6 +51,10 @@ action = function(host, port) end end + if ( not(resp.body) ) then + return + end + -- try and match title tags title = string.match(resp.body, "<[Tt][Ii][Tt][Ll][Ee][^>]*>([^<]*)") diff --git a/scripts/http-trace.nse b/scripts/http-trace.nse index de265b0de..6f7d2dd80 100644 --- a/scripts/http-trace.nse +++ b/scripts/http-trace.nse @@ -37,7 +37,9 @@ portrule = shortport.http --@param response_headers The HTTP response headers local validate = function(response, response_headers) local output_lines = {} - + if ( not(response) ) then + return + end if not(response:match("HTTP/1.[01] 200") or response:match("TRACE / HTTP/1.[01]")) then return else