Gets arguments with stdnse.get_script_args instead of reading them from nmap.registry

2025-12-09 22:21:29 +00:00 · 2011-07-27 03:28:13 +00:00
parent 338ed74779
commit 26dc09ad43
19 changed files with 63 additions and 65 deletions
--- a/scripts/dns-brute.nse
+++ b/scripts/dns-brute.nse
@@ -162,7 +162,7 @@ local function srv_main(domainname, srvresults, srv_iter)
 end
 action = function(host)
-	local domainname = nmap.registry.args['dns-brute.domain']
+	local domainname = stdnse.get_script_args('dns-brute.domain')
 	if not domainname then
 		domainname = guess_domain(host)
 	end
@@ -176,10 +176,10 @@ action = function(host)
 	if(not table.contains(nmap.registry.bruteddomains,domainname)) then
 		table.insert(nmap.registry.bruteddomains, domainname)
 		stdnse.print_debug("Starting dns-brute at: "..domainname)
-		local max_threads = nmap.registry.args['dns-brute.threads'] and tonumber( nmap.registry.args['dns-brute.threads'] ) or 5
+		local max_threads = stdnse.get_script_args('dns-brute.threads') and tonumber( stdnse.get_script_args('dns-brute.threads') ) or 5
 		dosrv = stdnse.get_script_args("dns-brute.srv") or false
 		stdnse.print_debug("THREADS: "..max_threads)
-		local fileName = nmap.registry.args['dns-brute.hostlist']
+		local fileName = stdnse.get_script_args('dns-brute.hostlist')
 		local commFile = fileName and nmap.fetchfile(fileName)
 		local hostlist
 		if commFile then
--- a/scripts/domcon-cmd.nse
+++ b/scripts/domcon-cmd.nse
@@ -96,9 +96,9 @@ action = function(host, port)
 	local socket = nmap.new_socket()
 	local result_part, result, cmds = {}, {}, {}
-	local user = nmap.registry.args['domcon-cmd.user']
+	local user = stdnse.get_script_args('domcon-cmd.user')
-	local pass = nmap.registry.args['domcon-cmd.pass']
+	local pass = stdnse.get_script_args('domcon-cmd.pass')
-	local cmd = nmap.registry.args['domcon-cmd.cmd']
+	local cmd = stdnse.get_script_args('domcon-cmd.cmd')
 	if( not(cmd) ) then	return "  \n  ERROR: No command supplied (see domcon-cmd.cmd)" end
 	if( not(user)) then return "  \n  ERROR: No username supplied (see domcon-cmd.user)" end
--- a/scripts/domino-enum-users.nse
+++ b/scripts/domino-enum-users.nse
@@ -66,18 +66,18 @@ action = function(host, port)
 	local helper = nrpc.Helper:new( host, port )
 	local status, data, usernames, err
-	local path = nmap.registry.args['domino-enum-users.path']
+	local path = stdnse.get_script_args('domino-enum-users.path')
 	local result = {}
 	local save_file = false
 	local counter = 0
-	
+	local domino_username = stdnse.get_script_args("domino-enum-users.username")
-	if ( nmap.registry.args['domino-enum-users.username'] ) then
+	if ( domino_username ) then
 		usernames = ( 	function() 
 							local b = true 
 							return function() 
 								if ( b ) then 
 									b=false; 
-									return nmap.registry.args['domino-enum-users.username']
+									return domino_username
 								end
 						 	end 
 						end )()
--- a/scripts/drda-brute.nse
+++ b/scripts/drda-brute.nse
@@ -128,9 +128,9 @@ action = function( host, port )
 	local result, response, status = {}, nil, nil
 	local valid_accounts, threads = {}, {}	
 	local usernames, passwords, creds
-	local database = nmap.registry.args['drda-brute.dbname'] or "SAMPLE"
+	local database = stdnse.get_script_args('drda-brute.dbname') or "SAMPLE"
 	local condvar = nmap.condvar( valid_accounts )
-	local max_threads = nmap.registry.args['drda-brute.threads'] and tonumber( nmap.registry.args['drda-brute.threads'] ) or 10
+	local max_threads = stdnse.get_script_args('drda-brute.threads') and tonumber( stdnse.get_script_args('drda-brute.threads') ) or 10
 	-- Check if the DB specified is valid
 	if( not(isValidDb(host, port, database)) ) then
--- a/scripts/ftp-anon.nse
+++ b/scripts/ftp-anon.nse
@@ -98,7 +98,7 @@ action = function(host, port)
 		socket:close()
 	end
-	local max_list = nmap.registry.args[SCRIPT_NAME .. ".maxlist"]
+	local max_list = stdnse.get_script_args("ftp-anon.maxlist")
 	if not max_list then
 		if nmap.verbosity() == 0 then
 			max_list = 20
--- a/scripts/gopher-ls.nse
+++ b/scripts/gopher-ls.nse
@@ -42,7 +42,7 @@ end
 action = function( host, port )
 	local INFO = "i"
-	local maxfiles = nmap.registry.args[SCRIPT_NAME .. ".maxfiles"]
+	local maxfiles = stdnse.get_script_args(SCRIPT_NAME..".maxfiles")
 	if not maxfiles then
 		maxfiles = 10
 	else
--- a/scripts/http-default-accounts.nse
+++ b/scripts/http-default-accounts.nse
@@ -215,9 +215,9 @@ end
 ---
 action = function(host, port)
  local fingerprintload_status, fingerprints, requests, results
-  local fingerprint_filename = nmap.registry.args["http-default-accounts.fingerprintfile"] or "http-defaul-accounts-fingerprints.lua"
+  local fingerprint_filename = stdnse.get_script_args("http-default-accounts.fingerprintfile") or "http-defaul-accounts-fingerprints.lua"
-  local category = nmap.registry.args["http-default-accounts.category"] or false
+  local category = stdnse.get_script_args("http-default-accounts.category") or false
-  local basepath = nmap.registry.args["http-default-accounts.basepath"] or "/"
+  local basepath = stdnse.get_script_args("http-default-accounts.basepath") or "/"
  local output_lns = {}
  --Load fingerprint data or abort 
--- a/scripts/http-domino-enum-passwords.nse
+++ b/scripts/http-domino-enum-passwords.nse
@@ -208,14 +208,14 @@ end
 action = function(host, port)
 	local path = "/names.nsf"
-	local download_path = nmap.registry.args['domino-enum-passwords.idpath']
+	local download_path = stdnse.get_script_args('domino-enum-passwords.idpath')
-	local vhost= nmap.registry.args['domino-enum-passwords.hostname']
+	local vhost= stdnse.get_script_args('domino-enum-passwords.hostname')
-	local user = nmap.registry.args['domino-enum-passwords.username']
+	local user = stdnse.get_script_args('domino-enum-passwords.username')
-	local pass = nmap.registry.args['domino-enum-passwords.password']
+	local pass = stdnse.get_script_args('domino-enum-passwords.password')
 	local creds, pos, pager
 	local links, result, hashes,legacyHashes, id_files = {}, {}, {}, {},{}
 	local chunk_size = 30
-	local max_fetch = nmap.registry.args['domino-enum-passwords.count'] and tonumber(nmap.registry.args['domino-enum-passwords.count']) or 10
+	local max_fetch = stdnse.get_script_args('domino-enum-passwords.count') and tonumber(stdnse.get_script_args('domino-enum-passwords.count')) or 10
 	local http_response
 	if ( nmap.registry['credentials'] and nmap.registry['credentials']['http'] ) then
--- a/scripts/http-favicon.nse
+++ b/scripts/http-favicon.nse
@@ -57,14 +57,14 @@ action = function(host, port)
 	return
  end
-  if(nmap.registry.args['favicon.root']) then
+  if(stdnse.get_script_args('favicon.root')) then
-	root = nmap.registry.args['favicon.root']
+	root = stdnse.get_script_args('favicon.root')
  end
-
+  local favicon_uri = stdnse.get_script_args("favicon.uri")
-  if(nmap.registry.args['favicon.uri']) then
+  if(favicon_uri) then
 	-- If we got a script arg URI, always use that.
-  	answer = http.get( host, port, root .. "/" .. nmap.registry.args['favicon.uri'])
+  	answer = http.get( host, port, root .. "/" .. favicon_uri)
-	stdnse.print_debug( 4, "Using URI %s", nmap.registry.args['favicon.uri'])
+	stdnse.print_debug( 4, "Using URI %s", favicon_uri)
  else
 	-- Otherwise, first try parsing the home page.
 	index = http.get( host, port, root .. "/" )
--- a/scripts/http-majordomo2-dir-traversal.nse
+++ b/scripts/http-majordomo2-dir-traversal.nse
@@ -1,7 +1,5 @@
 description = [[
-Exploits a directory traversal vulnerability existing in the
+Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. (CVE-2011-0049). 
 Majordomo2 mailing list manager to retrieve remote
 files. (CVE-2011-0049).
 Vulnerability originally discovered by Michael Brooks.
@@ -65,9 +63,9 @@ action = function(host, port)
  local response, rfile, rpath, uri, evil_uri, rfile_content, filewrite
  local output_lines = {}
-  filewrite = nmap.registry.args["http-majordomo2-dir-traversal.outfile"]
+  filewrite = stdnse.get_script_args("http-majordomo2-dir-traversal.outfile")
-  uri = nmap.registry.args["http-majordomo2-dir-traversal.uri"] or MAJORDOMO2_EXPLOIT_URI
+  uri = stdnse.get_script_args("http-majordomo2-dir-traversal.uri") or MAJORDOMO2_EXPLOIT_URI
-  rfile = nmap.registry.args["http-majordomo2-dir-traversal.rfile"] or DEFAULT_REMOTE_FILE
+  rfile = stdnse.get_script_args("http-majordomo2-dir-traversal.rfile") or DEFAULT_REMOTE_FILE
  evil_uri = uri..MAJORDOMO2_EXPLOIT_QRY..rfile
  stdnse.print_debug(1, "HTTP GET %s%s", stdnse.get_hostname(host), evil_uri)
--- a/scripts/http-methods.nse
+++ b/scripts/http-methods.nse
@@ -65,8 +65,8 @@ action = function(host, port)
 	local response, methods, options_status_line, output
 	-- default vaules for script-args
-	url_path = nmap.registry.args["http-methods.url-path"] or "/"
+	url_path = stdnse.get_script_args("http-methods.url-path") or "/"
-	retest_http_methods = nmap.registry.args["http-methods.retest"] ~= nil
+	retest_http_methods = stdnse.get_script_args("http-methods.retest") ~= nil
 	response = http.generic_request(host, port, "OPTIONS", url_path)
 	if not response.status then
--- a/scripts/http-trace.nse
+++ b/scripts/http-trace.nse
@@ -56,7 +56,7 @@ end
 --MAIN
 ---
 action = function(host, port)
-  local path = nmap.registry.args["http-trace.path"] or "/"
+  local path = stdnse.get_script_args("http-trace.path") or "/"
  local req = http.generic_request(host, port, "TRACE", path)
  if (req.status == 301 or req.status == 302) and req.header["location"] then
--- a/scripts/http-userdir-enum.nse
+++ b/scripts/http-userdir-enum.nse
@@ -126,7 +126,7 @@ end
 function init()
  local customlist = nmap.registry.args.users or
    (nmap.registry.args.userdir and nmap.registry.args.userdir.users) or
-    nmap.registry.args['userdir.users']
+    stdnse.get_script_args('userdir.users')
  local read, usernames = datafiles.parse_file(customlist or "nselib/data/usernames.lst", {})
  if not read then
    stdnse.print_debug(1, "%s %s", SCRIPT_NAME,
--- a/scripts/informix-query.nse
+++ b/scripts/informix-query.nse
@@ -41,14 +41,14 @@ require 'informix'
 portrule = shortport.port_or_service( { 1526, 9088, 9090, 9092 }, "informix", "tcp", "open") 
 action = function( host, port )
-	local instance = nmap.registry.args['informix-info.instance']
+	local instance = stdnse.get_script_args('informix-info.instance')
 	local helper
 	local status, data
 	local result = {}
-	local user = nmap.registry.args['informix-query.username']
+	local user = stdnse.get_script_args('informix-query.username')
-	local pass = nmap.registry.args['informix-query.password']
+	local pass = stdnse.get_script_args('informix-query.password')
-	local query = nmap.registry.args['informix-query.query']
+	local query = stdnse.get_script_args('informix-query.query')
-	local db = nmap.registry.args['informix-query.database'] or "sysmaster"
+	local db = stdnse.get_script_args('informix-query.database') or "sysmaster"
 	query = query or "SELECT FIRST 1 DBINFO('dbhostname') hostname, " ..
 					 "DBINFO('version','full') version FROM systables"
--- a/scripts/informix-tables.nse
+++ b/scripts/informix-tables.nse
@@ -57,8 +57,8 @@ action = function( host, port )
 	local helper
 	local status, data
 	local result, output = {}, {}
-	local user = nmap.registry.args['informix-tables.username']
+	local user = stdnse.get_script_args('informix-tables.username')
-	local pass = nmap.registry.args['informix-tables.password'] or ""
+	local pass = stdnse.get_script_args('informix-tables.password') or ""
 	local query= [[
 		SELECT cast(tabname as char(20)) table, cast(colname as char(20)) column, cast( cast(nrows as int) as char(20)) rows
 		FROM "informix".systables st, "informix".syscolumns sc 
--- a/scripts/irc-unrealircd-backdoor.nse
+++ b/scripts/irc-unrealircd-backdoor.nse
@@ -90,8 +90,8 @@ action = function(host, port)
 	-- Set up an extra command, if the user requested one
 	local command_extra = ""
-	if(nmap.registry.args['irc-unrealircd-backdoor.command']) then
+	if(stdnse.get_script_args('irc-unrealircd-backdoor.command')) then
-		command_extra = nmap.registry.args['irc-unrealircd-backdoor.command']
+		command_extra = stdnse.get_script_args('irc-unrealircd-backdoor.command')
 		-- Replace "%IP%" with the ip address
 		command_extra = string.gsub(command_extra, '%%IP%%', host.ip)
 	end
@@ -109,8 +109,8 @@ action = function(host, port)
 	local full_command = string.format("%s;%s;%s;%s;%s", trigger, unique, command_linux, command_windows, command_extra)
 	-- wait time: get rid of fast reconnecting annoyance
-	if(nmap.registry.args['irc-unrealircd-backdoor.wait']) then
+	if(stdnse.get_script_args('irc-unrealircd-backdoor.wait')) then
-		local waittime = nmap.registry.args['irc-unrealircd-backdoor.wait']
+		local waittime = stdnse.get_script_args('irc-unrealircd-backdoor.wait')
 		stdnse.print_debug(1, "irc-unrealircd-backdoor: waiting for %i seconds", waittime)
 		stdnse.sleep(waittime)
 	end
@@ -182,7 +182,7 @@ action = function(host, port)
 	-- Determine whether or not the vulnerability is present
 	if(elapsed > (delay - delay_fudge)) then
 		-- Check if the user wants to kill the server.
-		if(nmap.registry.args['irc-unrealircd-backdoor.kill']) then
+		if(stdnse.get_script_args('irc-unrealircd-backdoor.kill')) then
 			stdnse.print_debug(1, "irc-unrealircd-backdoor: Attempting to kill the Trojanned UnrealIRCd server...")
 			local linux_kill = "kill `ps -e | grep ircd | awk '{ print $1 }'`"
--- a/scripts/ldap-brute.nse
+++ b/scripts/ldap-brute.nse
@@ -103,7 +103,7 @@ action = function( host, port )
 	local ldap_anonymous_bind = string.char( 0x30, 0x0c, 0x02, 0x01, 0x01, 0x60, 0x07, 0x02, 0x01, 0x03, 0x04, 0x00, 0x80, 0x00 )
 	local socket, _, opt = comm.tryssl( host, port, ldap_anonymous_bind, nil )
-	local base_dn = nmap.registry.args['ldap.base']
+	local base_dn = stdnse.get_script_args('ldap.base')
 	if not socket then
 		return
--- a/scripts/ldap-search.nse
+++ b/scripts/ldap-search.nse
@@ -73,14 +73,14 @@ function action(host,port)
 	local status
 	local socket, opt	
 	local args = nmap.registry.args
-	local username = args['ldap.username']
+	local username = stdnse.get_script_args('ldap.username')
-	local password = args['ldap.password']
+	local password = stdnse.get_script_args('ldap.password')
-	local qfilter = args['ldap.qfilter']
+	local qfilter = stdnse.get_script_args('ldap.qfilter')
-	local base = args['ldap.base']
+	local base = stdnse.get_script_args('ldap.base')
-	local attribs = args['ldap.attrib']
+	local attribs = stdnse.get_script_args('ldap.attrib')
 	local accounts
 	local objCount = 0
-	local maxObjects = nmap.registry.args['ldap.maxobjects'] and tonumber(nmap.registry.args['ldap.maxobjects']) or 20
+	local maxObjects = stdnse.get_script_args('ldap.maxobjects') and tonumber(stdnse.get_script_args('ldap.maxobjects')) or 20
 	-- In order to discover what protocol to use (SSL/TCP) we need to send a few bytes to the server
 	-- An anonymous bind should do it
--- a/scripts/sql-injection.nse
+++ b/scripts/sql-injection.nse
@@ -210,15 +210,15 @@ action = function(host, port)
  injectable = {}
  -- start at the root
-  if nmap.registry.args['sql-injection.start'] then
+  if stdnse.get_script_args('sql-injection.start') then
-    table.insert(urllist, "/" .. nmap.registry.args['sql-injection.start'])
+    table.insert(urllist, "/" .. stdnse.get_script_args('sql-injection.start'))
  else
    table.insert(urllist, "/")
  end
  -- check for argument supplied max depth
-  if nmap.registry.args['sql-injection.maxdepth'] then
+  if stdnse.get_script_args('sql-injection.maxdepth') then
-    maxdepth = tonumber(nmap.registry.args['sql-injection.maxdepth'])
+    maxdepth = tonumber(stdnse.get_script_args('sql-injection.maxdepth'))
    stdnse.print_debug("maxdepth set to: " .. maxdepth)
  end