diff --git a/scripts/dns-brute.nse b/scripts/dns-brute.nse index fb8891845..0877a451c 100644 --- a/scripts/dns-brute.nse +++ b/scripts/dns-brute.nse @@ -162,7 +162,7 @@ local function srv_main(domainname, srvresults, srv_iter) end action = function(host) - local domainname = nmap.registry.args['dns-brute.domain'] + local domainname = stdnse.get_script_args('dns-brute.domain') if not domainname then domainname = guess_domain(host) end @@ -176,10 +176,10 @@ action = function(host) if(not table.contains(nmap.registry.bruteddomains,domainname)) then table.insert(nmap.registry.bruteddomains, domainname) stdnse.print_debug("Starting dns-brute at: "..domainname) - local max_threads = nmap.registry.args['dns-brute.threads'] and tonumber( nmap.registry.args['dns-brute.threads'] ) or 5 + local max_threads = stdnse.get_script_args('dns-brute.threads') and tonumber( stdnse.get_script_args('dns-brute.threads') ) or 5 dosrv = stdnse.get_script_args("dns-brute.srv") or false stdnse.print_debug("THREADS: "..max_threads) - local fileName = nmap.registry.args['dns-brute.hostlist'] + local fileName = stdnse.get_script_args('dns-brute.hostlist') local commFile = fileName and nmap.fetchfile(fileName) local hostlist if commFile then diff --git a/scripts/domcon-cmd.nse b/scripts/domcon-cmd.nse index 9cc2082bd..23106fb77 100644 --- a/scripts/domcon-cmd.nse +++ b/scripts/domcon-cmd.nse @@ -96,9 +96,9 @@ action = function(host, port) local socket = nmap.new_socket() local result_part, result, cmds = {}, {}, {} - local user = nmap.registry.args['domcon-cmd.user'] - local pass = nmap.registry.args['domcon-cmd.pass'] - local cmd = nmap.registry.args['domcon-cmd.cmd'] + local user = stdnse.get_script_args('domcon-cmd.user') + local pass = stdnse.get_script_args('domcon-cmd.pass') + local cmd = stdnse.get_script_args('domcon-cmd.cmd') if( not(cmd) ) then return " \n ERROR: No command supplied (see domcon-cmd.cmd)" end if( not(user)) then return " \n ERROR: No username supplied (see domcon-cmd.user)" end @@ -131,4 +131,4 @@ action = function(host, port) socket:close() return stdnse.format_output( true, result ) -end \ No newline at end of file +end diff --git a/scripts/domino-enum-users.nse b/scripts/domino-enum-users.nse index f9da40a34..71800e5fc 100644 --- a/scripts/domino-enum-users.nse +++ b/scripts/domino-enum-users.nse @@ -66,18 +66,18 @@ action = function(host, port) local helper = nrpc.Helper:new( host, port ) local status, data, usernames, err - local path = nmap.registry.args['domino-enum-users.path'] + local path = stdnse.get_script_args('domino-enum-users.path') local result = {} local save_file = false local counter = 0 - - if ( nmap.registry.args['domino-enum-users.username'] ) then + local domino_username = stdnse.get_script_args("domino-enum-users.username") + if ( domino_username ) then usernames = ( function() local b = true return function() if ( b ) then b=false; - return nmap.registry.args['domino-enum-users.username'] + return domino_username end end end )() @@ -127,4 +127,4 @@ action = function(host, port) end return result -end \ No newline at end of file +end diff --git a/scripts/drda-brute.nse b/scripts/drda-brute.nse index cae09e37e..0cef0904d 100644 --- a/scripts/drda-brute.nse +++ b/scripts/drda-brute.nse @@ -128,9 +128,9 @@ action = function( host, port ) local result, response, status = {}, nil, nil local valid_accounts, threads = {}, {} local usernames, passwords, creds - local database = nmap.registry.args['drda-brute.dbname'] or "SAMPLE" + local database = stdnse.get_script_args('drda-brute.dbname') or "SAMPLE" local condvar = nmap.condvar( valid_accounts ) - local max_threads = nmap.registry.args['drda-brute.threads'] and tonumber( nmap.registry.args['drda-brute.threads'] ) or 10 + local max_threads = stdnse.get_script_args('drda-brute.threads') and tonumber( stdnse.get_script_args('drda-brute.threads') ) or 10 -- Check if the DB specified is valid if( not(isValidDb(host, port, database)) ) then diff --git a/scripts/ftp-anon.nse b/scripts/ftp-anon.nse index caa464688..87c282250 100644 --- a/scripts/ftp-anon.nse +++ b/scripts/ftp-anon.nse @@ -98,7 +98,7 @@ action = function(host, port) socket:close() end - local max_list = nmap.registry.args[SCRIPT_NAME .. ".maxlist"] + local max_list = stdnse.get_script_args("ftp-anon.maxlist") if not max_list then if nmap.verbosity() == 0 then max_list = 20 diff --git a/scripts/gopher-ls.nse b/scripts/gopher-ls.nse index 5bd5438e7..36140969e 100644 --- a/scripts/gopher-ls.nse +++ b/scripts/gopher-ls.nse @@ -42,7 +42,7 @@ end action = function( host, port ) local INFO = "i" - local maxfiles = nmap.registry.args[SCRIPT_NAME .. ".maxfiles"] + local maxfiles = stdnse.get_script_args(SCRIPT_NAME..".maxfiles") if not maxfiles then maxfiles = 10 else diff --git a/scripts/http-default-accounts.nse b/scripts/http-default-accounts.nse index 6aeec45fd..cb05e09c9 100644 --- a/scripts/http-default-accounts.nse +++ b/scripts/http-default-accounts.nse @@ -215,9 +215,9 @@ end --- action = function(host, port) local fingerprintload_status, fingerprints, requests, results - local fingerprint_filename = nmap.registry.args["http-default-accounts.fingerprintfile"] or "http-defaul-accounts-fingerprints.lua" - local category = nmap.registry.args["http-default-accounts.category"] or false - local basepath = nmap.registry.args["http-default-accounts.basepath"] or "/" + local fingerprint_filename = stdnse.get_script_args("http-default-accounts.fingerprintfile") or "http-defaul-accounts-fingerprints.lua" + local category = stdnse.get_script_args("http-default-accounts.category") or false + local basepath = stdnse.get_script_args("http-default-accounts.basepath") or "/" local output_lns = {} --Load fingerprint data or abort diff --git a/scripts/http-domino-enum-passwords.nse b/scripts/http-domino-enum-passwords.nse index 783a69701..5ee6534d6 100644 --- a/scripts/http-domino-enum-passwords.nse +++ b/scripts/http-domino-enum-passwords.nse @@ -208,14 +208,14 @@ end action = function(host, port) local path = "/names.nsf" - local download_path = nmap.registry.args['domino-enum-passwords.idpath'] - local vhost= nmap.registry.args['domino-enum-passwords.hostname'] - local user = nmap.registry.args['domino-enum-passwords.username'] - local pass = nmap.registry.args['domino-enum-passwords.password'] + local download_path = stdnse.get_script_args('domino-enum-passwords.idpath') + local vhost= stdnse.get_script_args('domino-enum-passwords.hostname') + local user = stdnse.get_script_args('domino-enum-passwords.username') + local pass = stdnse.get_script_args('domino-enum-passwords.password') local creds, pos, pager local links, result, hashes,legacyHashes, id_files = {}, {}, {}, {},{} local chunk_size = 30 - local max_fetch = nmap.registry.args['domino-enum-passwords.count'] and tonumber(nmap.registry.args['domino-enum-passwords.count']) or 10 + local max_fetch = stdnse.get_script_args('domino-enum-passwords.count') and tonumber(stdnse.get_script_args('domino-enum-passwords.count')) or 10 local http_response if ( nmap.registry['credentials'] and nmap.registry['credentials']['http'] ) then diff --git a/scripts/http-favicon.nse b/scripts/http-favicon.nse index 8da00e39b..11a66ded9 100644 --- a/scripts/http-favicon.nse +++ b/scripts/http-favicon.nse @@ -57,14 +57,14 @@ action = function(host, port) return end - if(nmap.registry.args['favicon.root']) then - root = nmap.registry.args['favicon.root'] + if(stdnse.get_script_args('favicon.root')) then + root = stdnse.get_script_args('favicon.root') end - - if(nmap.registry.args['favicon.uri']) then + local favicon_uri = stdnse.get_script_args("favicon.uri") + if(favicon_uri) then -- If we got a script arg URI, always use that. - answer = http.get( host, port, root .. "/" .. nmap.registry.args['favicon.uri']) - stdnse.print_debug( 4, "Using URI %s", nmap.registry.args['favicon.uri']) + answer = http.get( host, port, root .. "/" .. favicon_uri) + stdnse.print_debug( 4, "Using URI %s", favicon_uri) else -- Otherwise, first try parsing the home page. index = http.get( host, port, root .. "/" ) diff --git a/scripts/http-majordomo2-dir-traversal.nse b/scripts/http-majordomo2-dir-traversal.nse index 9af3a2fa9..3aba03e2b 100644 --- a/scripts/http-majordomo2-dir-traversal.nse +++ b/scripts/http-majordomo2-dir-traversal.nse @@ -1,7 +1,5 @@ description = [[ -Exploits a directory traversal vulnerability existing in the -Majordomo2 mailing list manager to retrieve remote -files. (CVE-2011-0049). +Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. (CVE-2011-0049). Vulnerability originally discovered by Michael Brooks. @@ -65,9 +63,9 @@ action = function(host, port) local response, rfile, rpath, uri, evil_uri, rfile_content, filewrite local output_lines = {} - filewrite = nmap.registry.args["http-majordomo2-dir-traversal.outfile"] - uri = nmap.registry.args["http-majordomo2-dir-traversal.uri"] or MAJORDOMO2_EXPLOIT_URI - rfile = nmap.registry.args["http-majordomo2-dir-traversal.rfile"] or DEFAULT_REMOTE_FILE + filewrite = stdnse.get_script_args("http-majordomo2-dir-traversal.outfile") + uri = stdnse.get_script_args("http-majordomo2-dir-traversal.uri") or MAJORDOMO2_EXPLOIT_URI + rfile = stdnse.get_script_args("http-majordomo2-dir-traversal.rfile") or DEFAULT_REMOTE_FILE evil_uri = uri..MAJORDOMO2_EXPLOIT_QRY..rfile stdnse.print_debug(1, "HTTP GET %s%s", stdnse.get_hostname(host), evil_uri) diff --git a/scripts/http-methods.nse b/scripts/http-methods.nse index 85dd42f81..4b3fae429 100644 --- a/scripts/http-methods.nse +++ b/scripts/http-methods.nse @@ -65,8 +65,8 @@ action = function(host, port) local response, methods, options_status_line, output -- default vaules for script-args - url_path = nmap.registry.args["http-methods.url-path"] or "/" - retest_http_methods = nmap.registry.args["http-methods.retest"] ~= nil + url_path = stdnse.get_script_args("http-methods.url-path") or "/" + retest_http_methods = stdnse.get_script_args("http-methods.retest") ~= nil response = http.generic_request(host, port, "OPTIONS", url_path) if not response.status then diff --git a/scripts/http-trace.nse b/scripts/http-trace.nse index 7d9895632..2c6509fa4 100644 --- a/scripts/http-trace.nse +++ b/scripts/http-trace.nse @@ -56,7 +56,7 @@ end --MAIN --- action = function(host, port) - local path = nmap.registry.args["http-trace.path"] or "/" + local path = stdnse.get_script_args("http-trace.path") or "/" local req = http.generic_request(host, port, "TRACE", path) if (req.status == 301 or req.status == 302) and req.header["location"] then diff --git a/scripts/http-userdir-enum.nse b/scripts/http-userdir-enum.nse index 41a4531fc..cfa7989c6 100644 --- a/scripts/http-userdir-enum.nse +++ b/scripts/http-userdir-enum.nse @@ -126,7 +126,7 @@ end function init() local customlist = nmap.registry.args.users or (nmap.registry.args.userdir and nmap.registry.args.userdir.users) or - nmap.registry.args['userdir.users'] + stdnse.get_script_args('userdir.users') local read, usernames = datafiles.parse_file(customlist or "nselib/data/usernames.lst", {}) if not read then stdnse.print_debug(1, "%s %s", SCRIPT_NAME, diff --git a/scripts/informix-query.nse b/scripts/informix-query.nse index 084b806f6..a7d98c74e 100644 --- a/scripts/informix-query.nse +++ b/scripts/informix-query.nse @@ -41,14 +41,14 @@ require 'informix' portrule = shortport.port_or_service( { 1526, 9088, 9090, 9092 }, "informix", "tcp", "open") action = function( host, port ) - local instance = nmap.registry.args['informix-info.instance'] + local instance = stdnse.get_script_args('informix-info.instance') local helper local status, data local result = {} - local user = nmap.registry.args['informix-query.username'] - local pass = nmap.registry.args['informix-query.password'] - local query = nmap.registry.args['informix-query.query'] - local db = nmap.registry.args['informix-query.database'] or "sysmaster" + local user = stdnse.get_script_args('informix-query.username') + local pass = stdnse.get_script_args('informix-query.password') + local query = stdnse.get_script_args('informix-query.query') + local db = stdnse.get_script_args('informix-query.database') or "sysmaster" query = query or "SELECT FIRST 1 DBINFO('dbhostname') hostname, " .. "DBINFO('version','full') version FROM systables" @@ -86,4 +86,4 @@ action = function( host, port ) return stdnse.format_output(status, result) -end \ No newline at end of file +end diff --git a/scripts/informix-tables.nse b/scripts/informix-tables.nse index 885e23301..ae9daa51e 100644 --- a/scripts/informix-tables.nse +++ b/scripts/informix-tables.nse @@ -57,8 +57,8 @@ action = function( host, port ) local helper local status, data local result, output = {}, {} - local user = nmap.registry.args['informix-tables.username'] - local pass = nmap.registry.args['informix-tables.password'] or "" + local user = stdnse.get_script_args('informix-tables.username') + local pass = stdnse.get_script_args('informix-tables.password') or "" local query= [[ SELECT cast(tabname as char(20)) table, cast(colname as char(20)) column, cast( cast(nrows as int) as char(20)) rows FROM "informix".systables st, "informix".syscolumns sc @@ -112,4 +112,4 @@ action = function( host, port ) helper:Close() return stdnse.format_output( true, result ) -end \ No newline at end of file +end diff --git a/scripts/irc-unrealircd-backdoor.nse b/scripts/irc-unrealircd-backdoor.nse index 91b9ffc61..0d96b24a3 100644 --- a/scripts/irc-unrealircd-backdoor.nse +++ b/scripts/irc-unrealircd-backdoor.nse @@ -90,8 +90,8 @@ action = function(host, port) -- Set up an extra command, if the user requested one local command_extra = "" - if(nmap.registry.args['irc-unrealircd-backdoor.command']) then - command_extra = nmap.registry.args['irc-unrealircd-backdoor.command'] + if(stdnse.get_script_args('irc-unrealircd-backdoor.command')) then + command_extra = stdnse.get_script_args('irc-unrealircd-backdoor.command') -- Replace "%IP%" with the ip address command_extra = string.gsub(command_extra, '%%IP%%', host.ip) end @@ -109,8 +109,8 @@ action = function(host, port) local full_command = string.format("%s;%s;%s;%s;%s", trigger, unique, command_linux, command_windows, command_extra) -- wait time: get rid of fast reconnecting annoyance - if(nmap.registry.args['irc-unrealircd-backdoor.wait']) then - local waittime = nmap.registry.args['irc-unrealircd-backdoor.wait'] + if(stdnse.get_script_args('irc-unrealircd-backdoor.wait')) then + local waittime = stdnse.get_script_args('irc-unrealircd-backdoor.wait') stdnse.print_debug(1, "irc-unrealircd-backdoor: waiting for %i seconds", waittime) stdnse.sleep(waittime) end @@ -182,7 +182,7 @@ action = function(host, port) -- Determine whether or not the vulnerability is present if(elapsed > (delay - delay_fudge)) then -- Check if the user wants to kill the server. - if(nmap.registry.args['irc-unrealircd-backdoor.kill']) then + if(stdnse.get_script_args('irc-unrealircd-backdoor.kill')) then stdnse.print_debug(1, "irc-unrealircd-backdoor: Attempting to kill the Trojanned UnrealIRCd server...") local linux_kill = "kill `ps -e | grep ircd | awk '{ print $1 }'`" diff --git a/scripts/ldap-brute.nse b/scripts/ldap-brute.nse index a4775ee59..387a8488e 100644 --- a/scripts/ldap-brute.nse +++ b/scripts/ldap-brute.nse @@ -103,7 +103,7 @@ action = function( host, port ) local ldap_anonymous_bind = string.char( 0x30, 0x0c, 0x02, 0x01, 0x01, 0x60, 0x07, 0x02, 0x01, 0x03, 0x04, 0x00, 0x80, 0x00 ) local socket, _, opt = comm.tryssl( host, port, ldap_anonymous_bind, nil ) - local base_dn = nmap.registry.args['ldap.base'] + local base_dn = stdnse.get_script_args('ldap.base') if not socket then return diff --git a/scripts/ldap-search.nse b/scripts/ldap-search.nse index 04f3b5959..a099e06a2 100644 --- a/scripts/ldap-search.nse +++ b/scripts/ldap-search.nse @@ -73,14 +73,14 @@ function action(host,port) local status local socket, opt local args = nmap.registry.args - local username = args['ldap.username'] - local password = args['ldap.password'] - local qfilter = args['ldap.qfilter'] - local base = args['ldap.base'] - local attribs = args['ldap.attrib'] + local username = stdnse.get_script_args('ldap.username') + local password = stdnse.get_script_args('ldap.password') + local qfilter = stdnse.get_script_args('ldap.qfilter') + local base = stdnse.get_script_args('ldap.base') + local attribs = stdnse.get_script_args('ldap.attrib') local accounts local objCount = 0 - local maxObjects = nmap.registry.args['ldap.maxobjects'] and tonumber(nmap.registry.args['ldap.maxobjects']) or 20 + local maxObjects = stdnse.get_script_args('ldap.maxobjects') and tonumber(stdnse.get_script_args('ldap.maxobjects')) or 20 -- In order to discover what protocol to use (SSL/TCP) we need to send a few bytes to the server -- An anonymous bind should do it diff --git a/scripts/sql-injection.nse b/scripts/sql-injection.nse index a0acd7371..15e18a923 100644 --- a/scripts/sql-injection.nse +++ b/scripts/sql-injection.nse @@ -210,15 +210,15 @@ action = function(host, port) injectable = {} -- start at the root - if nmap.registry.args['sql-injection.start'] then - table.insert(urllist, "/" .. nmap.registry.args['sql-injection.start']) + if stdnse.get_script_args('sql-injection.start') then + table.insert(urllist, "/" .. stdnse.get_script_args('sql-injection.start')) else table.insert(urllist, "/") end -- check for argument supplied max depth - if nmap.registry.args['sql-injection.maxdepth'] then - maxdepth = tonumber(nmap.registry.args['sql-injection.maxdepth']) + if stdnse.get_script_args('sql-injection.maxdepth') then + maxdepth = tonumber(stdnse.get_script_args('sql-injection.maxdepth')) stdnse.print_debug("maxdepth set to: " .. maxdepth) end