diff --git a/nselib/nmap.luadoc b/nselib/nmap.luadoc index 07cffea78..ef1c49c9c 100644 --- a/nselib/nmap.luadoc +++ b/nselib/nmap.luadoc @@ -1,444 +1,444 @@ ---- Interface with Nmap internals. --- \n\n --- The nmap module is an interface with Nmap's internal functions and data --- structures. The API provides target host details such as port states and --- version detection results. It also offers an interface to the Nsock library --- for efficient network I/O. - -module "nmap" - ---- Returns the debugging level as a non-negative integer. --- \n\n --- The debugging level can be set with the -d option. --- @return The debugging level. --- @usage if nmap.debugging() > 0 then ... end -function nmap.debugging() - ---- Determines whether Nmap was compiled with SSL support. --- \n\n --- This can be used to avoid sending SSL probes when SSL is not available. --- @return true if Nmap was compiled with SSL support, false otherwise. -function nmap.have_ssl() - ---- Returns the verbosity level as a non-negative integer. --- \n\n --- The verbosity level can be set with the -v option. --- @return The verbosity level. --- @usage if nmap.verbosity() > 0 then ... end -function nmap.verbosity() - ---- Searches for the specified file and returns a string containing its path if --- it is found and readable (to the process). --- \n\n --- If the file is not found, not readable, or is a directory, nil is returned. --- The call nmap.fetchfile("nmap-rpc") will search for the data file nmap-rpc --- and, assuming it's found (which it should be), return a string like --- "/usr/local/share/nmap/nmap-rpc". --- @param filename Filename to search for. --- @return String representing the full path to the file or nil. -function nmap.fetchfile(filename) - ---- Returns the timing level as a non-negative integer. Possible return values --- vary from 0 to 5, corresponding to the six built-in Nmap timing templates. --- The timing level can be set with the -T option. --- @return The timing level. -function nmap.timing_level() - ---- Gets a port table for a port on a given host. --- \n\n --- This function takes a host table and a port table and returns a port table --- for the queried port. The port table returned is similar in structure to the --- ones passed to the rule and action functions. --- \n\n --- You can of course reuse the host and port tables passed to the port rule --- function. The purpose of this call is to be able to match scripts against --- more than one open port. For example if the target host has an open port 22 --- and a running identd server, then you can write a script which will only fire --- if both ports are open and there is an identification server on port 113. --- While it is possible to specify IP addresses different to the currently --- scanned target, the result will only be correct if the target is in the --- currently scanned group of hosts. --- @param host Host table, containing an "ip" field. --- @param port Port table, containing "number" and "protocol" fields. --- @param protocol Protocol string ("tcp" or "udp") --- @return A new port table holding the status and information for the port. --- @usage p = nmap.get_port_state({ip="127.0.0.1"}, {number="80", protocol="tcp"}) -function nmap.get_port_state(host, port) - ---- Sets the state of a port on a given host. --- \n\n --- Using this function, the final port state, reflected in Nmap's results, --- can be changed for a target. This is useful when Nmap detects a port as --- "open|filtered", but the script successfully connects to that port. In this --- case, the script can set the port state to "open". Note that the port.state --- value, which is passed to the script's action function will not be changed by --- this call. --- @param host Host table, containing an "ip" field. --- @param port Port table, containing "number" and "protocol" fields. --- @param state Port state, like "open" or "closed". -function nmap.set_port_state(host, port, state) - ---- Sets version information on a port. --- \n\n --- NSE scripts are sometimes able to determine the service name and application --- version listening on a port. A whole script category (version) was designed --- for this purpose. set_port_version function is used to record version --- information when it is discovered. --- \n\n --- The host and port arguments to this function should either be the tables --- passed to the action method or they should have the same structure. The port --- argument specifies the port to operate on through its "number" and "protocol" --- fields. and also contains the new version information to set. The version --- detection fields this function looks at are "name", "product", "version", --- "extrainfo", "hostname", "ostype", "devicetype", and "service_tunnel". All --- these keys are optional. --- \n\n --- The probestate argument describes the state in which the script completed. It --- is a string, one of: "hardmatched", "softmatched", "nomatch", "tcpwrapped", --- or "incomplete". "hardmatched" is almost always used, as it signifies a --- successful match. The other possible states are generally only used for --- standard version detection rather than the NSE enhancement. --- @param host Host table, containing and "ip" field. --- @param port Port table, containing "number" and "protocol" fields, as well as --- any additional version information fields. --- @param probestate The state of the probe: "hardmatched", "softmatched", --- "nomatch", "tcpwrapped", or "incomplete". -function nmap.set_port_version(host, port, probestate) - ---- Returns the current date and time in milliseconds. --- @return The number of milliseconds since the epoch (on most systems this is --- 01/01/1970). -function nmap.clock_ms() - ---- Gets the link-level hardware type of an interface. --- \n\n --- This function takes a dnet-style interface name and returns a string --- representing the hardware type of the interface. Possible return values are --- "ethernet", "loopback", "p2p", or nil if none of the other types apply. --- @param interface_name The name of the interface. --- @return "ethernet", "loopback", "p2p", or nil. -function nmap.get_interface_link(interface_name) - ---- Create a mutex on an object. --- \n\n --- This function returns another function that works as a mutex on the object --- passed. This object can be any Lua data type except nil, booleans, and --- numbers. The returned function allows you to lock, try to lock, and release --- the mutex. The returned function takes only one argument, which must be one --- of\n --- "lock": makes a blocking lock on the mutex. If the mutex is busy then --- the thread will yield and wait. The function returns with the mutex locked.\n --- "trylock": makes a non-blocking lock on the mutex. If the mutex is --- busy then it immediately returns with a return value of false. Otherwise, --- the mutex locks the mutex and returns true.\n --- "done": releases the mutex and allows another thread to lock it. If --- the thread does not have a lock on the mutex, an error will be raised.\n --- "running": returns the thread locked on the mutex or nil if no thread --- is locked. This should only be used for debugging as it interferes with --- finished threads from being collected. --- @param object Object to create a mutex for. --- @return Mutex function which takes one of the following arguments: "lock", --- "trylock", "done", or "running". --- @usage --- id = "My Script's Unique ID";\n --- \n --- local mutex = nmap.mutex(id);\n --- function action(host, port)\n --- mutex "lock";\n --- -- do stuff\n --- mutex "done";\n --- return script_output;\n --- end -function nmap.mutex(object) - ---- Creates a new exception handler. --- \n\n --- This function returns another function, an exception handler. The returned --- function takes a variable number of arguments, which are assumed to be the --- return values of another function. It checks the return values for an --- exception, which is signalled when the first return value is false. If there --- is an exception, the script will stop immediately and produce no output. An --- optional handler function can be called before the script is stopped. In the --- error handler function you can perform any clean-up operations, such as --- closing a socket. --- @param handler Exception handler function (optional). --- @usage --- local result, socket, try, catch\n --- \n --- result = ""\n --- socket = nmap.new_socket()\n --- catch = function()\n --- socket:close()\n --- end\n --- try = nmap.new_try(catch)\n --- try(socket:connect(host.ip, port.number))\n --- result = try(socket:receive_lines(1))\n --- try(socket:send(result)) -function nmap.new_try(handler) - ---- Returns a new NSE socket object. --- \n\n --- To allow for efficient and parallelizable network I/O, NSE provides an --- interface to Nsock, the Nmap socket library. The smart callback mechanism --- Nsock uses is fully transparent to NSE scripts. The main benefit of NSE's --- sockets is that they never block on I/O operations, allowing many scripts to --- be run in parallel. The I/O parallelism is fully transparent to authors of --- NSE scripts. In NSE you can either program as if you were using a single non --- blocking socket or you can program as if your connection is blocking. --- Seemingly blocking I/O calls still return once a specified timeout has been --- exceeded. --- \n\n --- NSE sockets are the recommended way to do network I/O. They support --- connect-style sending and receiving over TCP and UDP (and SSL), as well as --- raw socket receiving. --- @return A new NSE socket. --- @see nmap.new_dnet -function nmap.new_socket() - ---- Establishes a connection. --- \n\n --- The connect puts a socket in a state ready for communication. It takes as --- arguments a host descriptor (either an IP address or a hostname), a port --- number and optionally a protocol. The protocol must be one of "tcp", "udp" or --- "ssl"; it is "tcp" if not specified. --- \n\n --- On success the function returns true. On failure it returns false and an --- error string. Those strings are taken from the gai_strerror C function. They --- are (with the error code in parentheses):\n --- "Address family for hostname not supported" (EAI_ADDRFAMILY)\n --- "Temporary failure in name resolution" (EAI_AGAIN)\n --- "Bad value for ai_flags" (EAI_BADFLAGS)\n --- "Non-recoverable failure in name resolution" (EAI_FAIL)\n --- "ai_family not supported" (EAI_FAMILY)\n --- "Memory allocation failure" (EAI_MEMORY)\n --- "No address associated with hostname" (EAI_NODATA)\n --- "Name or service not known" (EAI_NONAME)\n --- "Servname not supported for ai_socktype" (EAI_SERVICE)\n --- "ai_socktype not supported" (EAI_SOCKTYPE)\n --- "System error" (EAI_SYSTEM)\n --- In addition to these standard system error based messages are the following --- two NSE-specific errors:\n --- "Sorry, you don't have OpenSSL" occurs if the protocol is "ssl" but but Nmap --- was compiled without OpenSSL support.\n --- "invalid connection method" occurs if the second parameter is not one of --- "tcp", "udp", and "ssl". --- @param hostid Hostname or IP address. --- @param port Port number. --- @param protocol "tcp", "udp", or "ssl" (default "tcp"). --- @return Status (true or false). --- @return Error code (if status is false). -function socket:connect(hostid, port, protocol) - ---- Sends data on an open socket. --- \n\n --- The send method sends the data contained in the data string through an open --- connection. On success the returns true. If the send --- operation has failed, the function returns true along with an error string. --- The error strings are:\n --- "Trying to send through a closed socket": there was no call to socket:connect --- before the send operation.\n --- "TIMEOUT": the operation took longer than the specified timeout for the --- socket.\n --- "ERROR": an error occurred inside the underlying Nsock library.\n --- "CANCELLED": the operation was cancelled.\n --- "KILL": for example the script scan is aborted due to a faulty script.\n --- "EOF": an EOF was read (probably will not occur for a send operation).\n --- @param data The data to send. --- @return Status (true or false). --- @return Error code (if status is false). -function socket:send(data) - ---- Receives data from an open socket. --- \n\n --- The receive method does a non-blocking receive operation on an open socket. --- On success the function returns true along with the received data. If --- receiving data has failed, the function returns false along with an error --- string. A failure occurs for example if receive is called on a closed socket. --- The receive call returns to the NSE script all the data currently stored in --- the receive buffer of the socket. Error conditions are the same as for the --- send operation. --- @return Status (true or false). --- @return Data (if status is true) or error string (if status is false). -function socket:receive() - ---- Receives lines from an open connection. --- \n\n --- Tries to receive at least n lines from an open connection. A line is a string --- delimited with \n characters. If it was not possible to receive at least n --- lines before the operation times out a "TIMEOUT" error occurs. On the other --- hand, if more than n lines were received, all are returned, not just n. Use --- stdnse.make_buffer to guarantee one line is returned per call. --- \n\n --- On success the function returns true along with the received data. If --- receiving data has failed, the function returns false along with an error --- string. Error conditions are the same as for the send operation. --- @param n Minimum number of lines to read. --- @return Status (true or false). --- @return Data (if status is true) or error string (if status is false). -function socket:receive_lines(n) - ---- Receives bytes from an open connection. --- \n\n --- Tries to receive at least n bytes from an open connection. Like in --- receive_lines, n is the minimum amount of characters we would like to --- receive. If more arrive, we get all of them. If fewer than n characters --- arrive before the operation times out, a "TIMEOUT" error occurs. --- \n\n --- On success the function returns true along with the received data. If --- receiving data has failed, the function returns false along with an error --- string. Error conditions are the same as for the send operation. --- @param n Minimum number of bytes to read. --- @return Status (true or false). --- @return Data (if status is true) or error string (if status is false). -function socket:receive_bytes(n) - ---- Reads from a socket using a buffer and an arbitrary delimiter. --- \n\n --- The receive_buf method reads data from the network until it encounters the --- given delimiter string (or matches the function passed in). This function --- continues to read from the network until the delimiter is found or the --- function times out. If data is read beyond the delimiter, that data is saved --- in a buffer for the next call to receive_buf. This buffer is cleared on --- subsequent calls to other Network I/O API functions. --- \n\n --- The first argument may be either a pattern or a function. If a pattern, that --- pattern is used to separate the data. If a function, it must take exactly one --- parameter (the buffer) and its return values must be in the same format as --- string.find (offsets to the start and the end of the delimiter inside the --- buffer, or nil if the delimiter is not found). The nselib match.lua module --- provides functions for matching against regular expressions or byte counts. --- These functions are suitable as arguments to receive_buf. --- \n\n --- The second argument to receive_buf is a Boolean value controlling whether the --- delimiting string is returned along with the received data (true) or --- discarded (false). --- \n\n --- On success the function returns true along with the received data. If --- receiving data has failed, the function returns false along with an error --- string. Possible error messages are the same as those that the other receive --- function can return, with the addition of\n --- "Error inside splitting-function": the first argument was a function which --- caused an error while being called.\n --- "Error in string.find (nsockobj:receive_buf)!": a string was provided as the --- first argument, and string.find() yielded an error while being called.\n --- "Expected either a function or a string!": the first argument was neither a --- function nor a string.\n --- "Delimiter has negative size!": the returned start offset is greater than the --- end offset.\n --- @param delimiter A Lua pattern or a function with return values like those of --- string.find. --- @param keeppattern Whether to return the delimiter string with any returned --- data. --- @return Status (true or false). --- @return Data (if status is true) or error string (if status is false). -function socket:receive_buf(delimiter, keeppattern) - ---- Closes an open connection. --- \n\n --- On success the function returns true. If the close fails, the function --- returns false and an error string. Currently the only error message is --- "Trying to close a closed socket", which is issued if the socket has already --- been closed. --- \n\n --- Sockets are subject to garbage collection. Should you forget to close a --- socket, it will get closed before it gets deleted (on the next occasion Lua's --- garbage collector is run). However since garbage collection cycles are --- difficult to predict, it is considered good practice to close opened sockets. --- @return Status (true or false). --- @return Error code (if status is false). -function socket:close() - ---- Gets information about a socket. --- \n\n --- This function returns information about the socket object. It returns 5 --- values. If an error occurred, the first value is nil and the second value --- describes the error condition. Otherwise the first value describes the --- success of the operation and the remaining 4 values describe both endpoints --- of the TCP connection. If you put the call in a try() statement the status --- value is consumed. The call can be used for example if you want to query an --- authentication server. --- @return Status (true or false). --- @return Local IP address (if status is true) or error string (if status is --- false). --- @return Local port number (if status is true). --- @return Remote IP address (if status is true). --- @return Remote port number (if status is true). -function socket:get_info() - ---- Sets a timeout for socket input and output operations. --- \n\n --- After this time, given in milliseconds, socket operations will time out and --- return. The default value is 30,000 (30 seconds). The lowest allowed value is --- 10 ms, since this is the granularity of NSE network I/O. --- @param t Timeout in milliseconds. -function socket:set_timeout(t) - ---- Opens a socket for raw packet capture. --- \n\n --- The callback function is a function that receives a packet with headers and --- computes a "packet hash"--some value derived from the packet. For example, --- the callback function could extract the source IP address from a packet. The --- hash of each packet received is compared against all the strings registered --- with the pcap_register function. --- @param device The dnet-style interface name of the device you want to capture --- from. --- @param snaplen The length of each packet you want to capture (similar to the --- -s option to tcpdump)\n --- @param promisc Should be set to 1 if the interface should activate --- promiscuous mode, and 0 otherwise. --- @param test_function Callback function used to compute the packet hash. --- @param bpf A string describing a Berkeley packet filter expression (like --- those provided to tcpdump). --- @see socket:pcap_register -function socket:pcap_open(device, snaplen, promisc, test_function, bpf) - ---- Starts listening for incoming packages. --- \n\n --- The provided packet_hash is a binary string which has to match the hash --- returned by the test_function parameter provided to pcap_open(). If you want --- to receive all packets, just provide the empty string (""). There has to be a --- call to pcap_register() before a call to pcap_receive(). --- @param packet_hash A binary string that is compared against packet hashes. --- @see socket:pcap_open -function socket:pcap_register(packet_hash) - ---- Receives a captured packet. --- \n\n --- If an error or timeout occurs, the function returns false and an error --- message. Otherwise, the function returns true followed by the packet length, --- the layer two header, and the layer three header. --- @return Status (true or false). --- @return The length of the captured packet (this may be smaller than the --- actual packet length since packets are truncated when the Libpcap snaplen --- parameter is smaller than the total packet length). --- @return Data from the second OSI layer (e.g. ethernet headers). --- @return Data from the third OSI layer (e.g. IPv4 headers). -function socket:pcap_receive() - ---- Closes the pcap device. -function socket:pcap_close() - ---- Creates a new dnet object, used to send raw packets. -function nmap.new_dnet() - ---- Opens an ethernet interface for raw packet sending. --- \n\n --- An error ("device is not valid ethernet interface") is thrown in case the --- provided argument is not valid. --- @param interface_name The dnet-style name of the interface to open. -function dnet:ethernet_open(interface_name) - ---- Sends a raw ethernet frame. --- \n\n --- The dnet object must be associated with a previously opened interface. The --- packet must include the IP and ethernet headers. including IP header and --- ethernet header. If there was no previous valid call to ethernet_open() an --- error is thrown ("dnet is not valid opened ethernet interface"). --- @param packet -function dnet:ethernet_send(packet) - ---- Closes an ethernet interface. --- \n\n --- An error ("device is not valid ethernet interface") is thrown in case the --- provided argument is not valid. -function dnet:ethernet_close() +--- Interface with Nmap internals. +-- \n\n +-- The nmap module is an interface with Nmap's internal functions and data +-- structures. The API provides target host details such as port states and +-- version detection results. It also offers an interface to the Nsock library +-- for efficient network I/O. + +module "nmap" + +--- Returns the debugging level as a non-negative integer. +-- \n\n +-- The debugging level can be set with the -d option. +-- @return The debugging level. +-- @usage if nmap.debugging() > 0 then ... end +function nmap.debugging() + +--- Determines whether Nmap was compiled with SSL support. +-- \n\n +-- This can be used to avoid sending SSL probes when SSL is not available. +-- @return true if Nmap was compiled with SSL support, false otherwise. +function nmap.have_ssl() + +--- Returns the verbosity level as a non-negative integer. +-- \n\n +-- The verbosity level can be set with the -v option. +-- @return The verbosity level. +-- @usage if nmap.verbosity() > 0 then ... end +function nmap.verbosity() + +--- Searches for the specified file and returns a string containing its path if +-- it is found and readable (to the process). +-- \n\n +-- If the file is not found, not readable, or is a directory, nil is returned. +-- The call nmap.fetchfile("nmap-rpc") will search for the data file nmap-rpc +-- and, assuming it's found (which it should be), return a string like +-- "/usr/local/share/nmap/nmap-rpc". +-- @param filename Filename to search for. +-- @return String representing the full path to the file or nil. +function nmap.fetchfile(filename) + +--- Returns the timing level as a non-negative integer. Possible return values +-- vary from 0 to 5, corresponding to the six built-in Nmap timing templates. +-- The timing level can be set with the -T option. +-- @return The timing level. +function nmap.timing_level() + +--- Gets a port table for a port on a given host. +-- \n\n +-- This function takes a host table and a port table and returns a port table +-- for the queried port. The port table returned is similar in structure to the +-- ones passed to the rule and action functions. +-- \n\n +-- You can of course reuse the host and port tables passed to the port rule +-- function. The purpose of this call is to be able to match scripts against +-- more than one open port. For example if the target host has an open port 22 +-- and a running identd server, then you can write a script which will only fire +-- if both ports are open and there is an identification server on port 113. +-- While it is possible to specify IP addresses different to the currently +-- scanned target, the result will only be correct if the target is in the +-- currently scanned group of hosts. +-- @param host Host table, containing an "ip" field. +-- @param port Port table, containing "number" and "protocol" fields. +-- @param protocol Protocol string ("tcp" or "udp") +-- @return A new port table holding the status and information for the port. +-- @usage p = nmap.get_port_state({ip="127.0.0.1"}, {number="80", protocol="tcp"}) +function nmap.get_port_state(host, port) + +--- Sets the state of a port on a given host. +-- \n\n +-- Using this function, the final port state, reflected in Nmap's results, +-- can be changed for a target. This is useful when Nmap detects a port as +-- "open|filtered", but the script successfully connects to that port. In this +-- case, the script can set the port state to "open". Note that the port.state +-- value, which is passed to the script's action function will not be changed by +-- this call. +-- @param host Host table, containing an "ip" field. +-- @param port Port table, containing "number" and "protocol" fields. +-- @param state Port state, like "open" or "closed". +function nmap.set_port_state(host, port, state) + +--- Sets version information on a port. +-- \n\n +-- NSE scripts are sometimes able to determine the service name and application +-- version listening on a port. A whole script category (version) was designed +-- for this purpose. set_port_version function is used to record version +-- information when it is discovered. +-- \n\n +-- The host and port arguments to this function should either be the tables +-- passed to the action method or they should have the same structure. The port +-- argument specifies the port to operate on through its "number" and "protocol" +-- fields. and also contains the new version information to set. The version +-- detection fields this function looks at are "name", "product", "version", +-- "extrainfo", "hostname", "ostype", "devicetype", and "service_tunnel". All +-- these keys are optional. +-- \n\n +-- The probestate argument describes the state in which the script completed. It +-- is a string, one of: "hardmatched", "softmatched", "nomatch", "tcpwrapped", +-- or "incomplete". "hardmatched" is almost always used, as it signifies a +-- successful match. The other possible states are generally only used for +-- standard version detection rather than the NSE enhancement. +-- @param host Host table, containing and "ip" field. +-- @param port Port table, containing "number" and "protocol" fields, as well as +-- any additional version information fields. +-- @param probestate The state of the probe: "hardmatched", "softmatched", +-- "nomatch", "tcpwrapped", or "incomplete". +function nmap.set_port_version(host, port, probestate) + +--- Returns the current date and time in milliseconds. +-- @return The number of milliseconds since the epoch (on most systems this is +-- 01/01/1970). +function nmap.clock_ms() + +--- Gets the link-level hardware type of an interface. +-- \n\n +-- This function takes a dnet-style interface name and returns a string +-- representing the hardware type of the interface. Possible return values are +-- "ethernet", "loopback", "p2p", or nil if none of the other types apply. +-- @param interface_name The name of the interface. +-- @return "ethernet", "loopback", "p2p", or nil. +function nmap.get_interface_link(interface_name) + +--- Create a mutex on an object. +-- \n\n +-- This function returns another function that works as a mutex on the object +-- passed. This object can be any Lua data type except nil, booleans, and +-- numbers. The returned function allows you to lock, try to lock, and release +-- the mutex. The returned function takes only one argument, which must be one +-- of\n +-- "lock": makes a blocking lock on the mutex. If the mutex is busy then +-- the thread will yield and wait. The function returns with the mutex locked.\n +-- "trylock": makes a non-blocking lock on the mutex. If the mutex is +-- busy then it immediately returns with a return value of false. Otherwise, +-- the mutex locks the mutex and returns true.\n +-- "done": releases the mutex and allows another thread to lock it. If +-- the thread does not have a lock on the mutex, an error will be raised.\n +-- "running": returns the thread locked on the mutex or nil if no thread +-- is locked. This should only be used for debugging as it interferes with +-- finished threads from being collected. +-- @param object Object to create a mutex for. +-- @return Mutex function which takes one of the following arguments: "lock", +-- "trylock", "done", or "running". +-- @usage +-- id = "My Script's Unique ID";\n +-- \n +-- local mutex = nmap.mutex(id);\n +-- function action(host, port)\n +-- mutex "lock";\n +-- -- do stuff\n +-- mutex "done";\n +-- return script_output;\n +-- end +function nmap.mutex(object) + +--- Creates a new exception handler. +-- \n\n +-- This function returns another function, an exception handler. The returned +-- function takes a variable number of arguments, which are assumed to be the +-- return values of another function. It checks the return values for an +-- exception, which is signalled when the first return value is false. If there +-- is an exception, the script will stop immediately and produce no output. An +-- optional handler function can be called before the script is stopped. In the +-- error handler function you can perform any clean-up operations, such as +-- closing a socket. +-- @param handler Exception handler function (optional). +-- @usage +-- local result, socket, try, catch\n +-- \n +-- result = ""\n +-- socket = nmap.new_socket()\n +-- catch = function()\n +-- socket:close()\n +-- end\n +-- try = nmap.new_try(catch)\n +-- try(socket:connect(host.ip, port.number))\n +-- result = try(socket:receive_lines(1))\n +-- try(socket:send(result)) +function nmap.new_try(handler) + +--- Returns a new NSE socket object. +-- \n\n +-- To allow for efficient and parallelizable network I/O, NSE provides an +-- interface to Nsock, the Nmap socket library. The smart callback mechanism +-- Nsock uses is fully transparent to NSE scripts. The main benefit of NSE's +-- sockets is that they never block on I/O operations, allowing many scripts to +-- be run in parallel. The I/O parallelism is fully transparent to authors of +-- NSE scripts. In NSE you can either program as if you were using a single non +-- blocking socket or you can program as if your connection is blocking. +-- Seemingly blocking I/O calls still return once a specified timeout has been +-- exceeded. +-- \n\n +-- NSE sockets are the recommended way to do network I/O. They support +-- connect-style sending and receiving over TCP and UDP (and SSL), as well as +-- raw socket receiving. +-- @return A new NSE socket. +-- @see nmap.new_dnet +function nmap.new_socket() + +--- Establishes a connection. +-- \n\n +-- The connect puts a socket in a state ready for communication. It takes as +-- arguments a host descriptor (either an IP address or a hostname), a port +-- number and optionally a protocol. The protocol must be one of "tcp", "udp" or +-- "ssl"; it is "tcp" if not specified. +-- \n\n +-- On success the function returns true. On failure it returns false and an +-- error string. Those strings are taken from the gai_strerror C function. They +-- are (with the error code in parentheses):\n +-- "Address family for hostname not supported" (EAI_ADDRFAMILY)\n +-- "Temporary failure in name resolution" (EAI_AGAIN)\n +-- "Bad value for ai_flags" (EAI_BADFLAGS)\n +-- "Non-recoverable failure in name resolution" (EAI_FAIL)\n +-- "ai_family not supported" (EAI_FAMILY)\n +-- "Memory allocation failure" (EAI_MEMORY)\n +-- "No address associated with hostname" (EAI_NODATA)\n +-- "Name or service not known" (EAI_NONAME)\n +-- "Servname not supported for ai_socktype" (EAI_SERVICE)\n +-- "ai_socktype not supported" (EAI_SOCKTYPE)\n +-- "System error" (EAI_SYSTEM)\n +-- In addition to these standard system error based messages are the following +-- two NSE-specific errors:\n +-- "Sorry, you don't have OpenSSL" occurs if the protocol is "ssl" but but Nmap +-- was compiled without OpenSSL support.\n +-- "invalid connection method" occurs if the second parameter is not one of +-- "tcp", "udp", and "ssl". +-- @param hostid Hostname or IP address. +-- @param port Port number. +-- @param protocol "tcp", "udp", or "ssl" (default "tcp"). +-- @return Status (true or false). +-- @return Error code (if status is false). +function socket:connect(hostid, port, protocol) + +--- Sends data on an open socket. +-- \n\n +-- The send method sends the data contained in the data string through an open +-- connection. On success the returns true. If the send +-- operation has failed, the function returns true along with an error string. +-- The error strings are:\n +-- "Trying to send through a closed socket": there was no call to socket:connect +-- before the send operation.\n +-- "TIMEOUT": the operation took longer than the specified timeout for the +-- socket.\n +-- "ERROR": an error occurred inside the underlying Nsock library.\n +-- "CANCELLED": the operation was cancelled.\n +-- "KILL": for example the script scan is aborted due to a faulty script.\n +-- "EOF": an EOF was read (probably will not occur for a send operation).\n +-- @param data The data to send. +-- @return Status (true or false). +-- @return Error code (if status is false). +function socket:send(data) + +--- Receives data from an open socket. +-- \n\n +-- The receive method does a non-blocking receive operation on an open socket. +-- On success the function returns true along with the received data. If +-- receiving data has failed, the function returns false along with an error +-- string. A failure occurs for example if receive is called on a closed socket. +-- The receive call returns to the NSE script all the data currently stored in +-- the receive buffer of the socket. Error conditions are the same as for the +-- send operation. +-- @return Status (true or false). +-- @return Data (if status is true) or error string (if status is false). +function socket:receive() + +--- Receives lines from an open connection. +-- \n\n +-- Tries to receive at least n lines from an open connection. A line is a string +-- delimited with \n characters. If it was not possible to receive at least n +-- lines before the operation times out a "TIMEOUT" error occurs. On the other +-- hand, if more than n lines were received, all are returned, not just n. Use +-- stdnse.make_buffer to guarantee one line is returned per call. +-- \n\n +-- On success the function returns true along with the received data. If +-- receiving data has failed, the function returns false along with an error +-- string. Error conditions are the same as for the send operation. +-- @param n Minimum number of lines to read. +-- @return Status (true or false). +-- @return Data (if status is true) or error string (if status is false). +function socket:receive_lines(n) + +--- Receives bytes from an open connection. +-- \n\n +-- Tries to receive at least n bytes from an open connection. Like in +-- receive_lines, n is the minimum amount of characters we would like to +-- receive. If more arrive, we get all of them. If fewer than n characters +-- arrive before the operation times out, a "TIMEOUT" error occurs. +-- \n\n +-- On success the function returns true along with the received data. If +-- receiving data has failed, the function returns false along with an error +-- string. Error conditions are the same as for the send operation. +-- @param n Minimum number of bytes to read. +-- @return Status (true or false). +-- @return Data (if status is true) or error string (if status is false). +function socket:receive_bytes(n) + +--- Reads from a socket using a buffer and an arbitrary delimiter. +-- \n\n +-- The receive_buf method reads data from the network until it encounters the +-- given delimiter string (or matches the function passed in). This function +-- continues to read from the network until the delimiter is found or the +-- function times out. If data is read beyond the delimiter, that data is saved +-- in a buffer for the next call to receive_buf. This buffer is cleared on +-- subsequent calls to other Network I/O API functions. +-- \n\n +-- The first argument may be either a pattern or a function. If a pattern, that +-- pattern is used to separate the data. If a function, it must take exactly one +-- parameter (the buffer) and its return values must be in the same format as +-- string.find (offsets to the start and the end of the delimiter inside the +-- buffer, or nil if the delimiter is not found). The nselib match.lua module +-- provides functions for matching against regular expressions or byte counts. +-- These functions are suitable as arguments to receive_buf. +-- \n\n +-- The second argument to receive_buf is a Boolean value controlling whether the +-- delimiting string is returned along with the received data (true) or +-- discarded (false). +-- \n\n +-- On success the function returns true along with the received data. If +-- receiving data has failed, the function returns false along with an error +-- string. Possible error messages are the same as those that the other receive +-- function can return, with the addition of\n +-- "Error inside splitting-function": the first argument was a function which +-- caused an error while being called.\n +-- "Error in string.find (nsockobj:receive_buf)!": a string was provided as the +-- first argument, and string.find() yielded an error while being called.\n +-- "Expected either a function or a string!": the first argument was neither a +-- function nor a string.\n +-- "Delimiter has negative size!": the returned start offset is greater than the +-- end offset.\n +-- @param delimiter A Lua pattern or a function with return values like those of +-- string.find. +-- @param keeppattern Whether to return the delimiter string with any returned +-- data. +-- @return Status (true or false). +-- @return Data (if status is true) or error string (if status is false). +function socket:receive_buf(delimiter, keeppattern) + +--- Closes an open connection. +-- \n\n +-- On success the function returns true. If the close fails, the function +-- returns false and an error string. Currently the only error message is +-- "Trying to close a closed socket", which is issued if the socket has already +-- been closed. +-- \n\n +-- Sockets are subject to garbage collection. Should you forget to close a +-- socket, it will get closed before it gets deleted (on the next occasion Lua's +-- garbage collector is run). However since garbage collection cycles are +-- difficult to predict, it is considered good practice to close opened sockets. +-- @return Status (true or false). +-- @return Error code (if status is false). +function socket:close() + +--- Gets information about a socket. +-- \n\n +-- This function returns information about the socket object. It returns 5 +-- values. If an error occurred, the first value is nil and the second value +-- describes the error condition. Otherwise the first value describes the +-- success of the operation and the remaining 4 values describe both endpoints +-- of the TCP connection. If you put the call in a try() statement the status +-- value is consumed. The call can be used for example if you want to query an +-- authentication server. +-- @return Status (true or false). +-- @return Local IP address (if status is true) or error string (if status is +-- false). +-- @return Local port number (if status is true). +-- @return Remote IP address (if status is true). +-- @return Remote port number (if status is true). +function socket:get_info() + +--- Sets a timeout for socket input and output operations. +-- \n\n +-- After this time, given in milliseconds, socket operations will time out and +-- return. The default value is 30,000 (30 seconds). The lowest allowed value is +-- 10 ms, since this is the granularity of NSE network I/O. +-- @param t Timeout in milliseconds. +function socket:set_timeout(t) + +--- Opens a socket for raw packet capture. +-- \n\n +-- The callback function is a function that receives a packet with headers and +-- computes a "packet hash"--some value derived from the packet. For example, +-- the callback function could extract the source IP address from a packet. The +-- hash of each packet received is compared against all the strings registered +-- with the pcap_register function. +-- @param device The dnet-style interface name of the device you want to capture +-- from. +-- @param snaplen The length of each packet you want to capture (similar to the +-- -s option to tcpdump)\n +-- @param promisc Should be set to 1 if the interface should activate +-- promiscuous mode, and 0 otherwise. +-- @param test_function Callback function used to compute the packet hash. +-- @param bpf A string describing a Berkeley packet filter expression (like +-- those provided to tcpdump). +-- @see socket:pcap_register +function socket:pcap_open(device, snaplen, promisc, test_function, bpf) + +--- Starts listening for incoming packages. +-- \n\n +-- The provided packet_hash is a binary string which has to match the hash +-- returned by the test_function parameter provided to pcap_open(). If you want +-- to receive all packets, just provide the empty string (""). There has to be a +-- call to pcap_register() before a call to pcap_receive(). +-- @param packet_hash A binary string that is compared against packet hashes. +-- @see socket:pcap_open +function socket:pcap_register(packet_hash) + +--- Receives a captured packet. +-- \n\n +-- If an error or timeout occurs, the function returns false and an error +-- message. Otherwise, the function returns true followed by the packet length, +-- the layer two header, and the layer three header. +-- @return Status (true or false). +-- @return The length of the captured packet (this may be smaller than the +-- actual packet length since packets are truncated when the Libpcap snaplen +-- parameter is smaller than the total packet length). +-- @return Data from the second OSI layer (e.g. ethernet headers). +-- @return Data from the third OSI layer (e.g. IPv4 headers). +function socket:pcap_receive() + +--- Closes the pcap device. +function socket:pcap_close() + +--- Creates a new dnet object, used to send raw packets. +function nmap.new_dnet() + +--- Opens an ethernet interface for raw packet sending. +-- \n\n +-- An error ("device is not valid ethernet interface") is thrown in case the +-- provided argument is not valid. +-- @param interface_name The dnet-style name of the interface to open. +function dnet:ethernet_open(interface_name) + +--- Sends a raw ethernet frame. +-- \n\n +-- The dnet object must be associated with a previously opened interface. The +-- packet must include the IP and ethernet headers. including IP header and +-- ethernet header. If there was no previous valid call to ethernet_open() an +-- error is thrown ("dnet is not valid opened ethernet interface"). +-- @param packet +function dnet:ethernet_send(packet) + +--- Closes an ethernet interface. +-- \n\n +-- An error ("device is not valid ethernet interface") is thrown in case the +-- provided argument is not valid. +function dnet:ethernet_close()