PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 06:01:28 +00:00
Code Issues Projects Releases Wiki Activity

Gets arguments with stdnse.get_script_args instead of reading them from nmap.registry

Browse Source
This commit is contained in:
paulino
2011-07-27 03:28:13 +00:00
parent 338ed74779
commit 26dc09ad43
19 changed files with 63 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/dns-brute.nse
View File

@@ -162,7 +162,7 @@ local function srv_main(domainname, srvresults, srv_iter)
end end
action = function(host) action = function(host)
local domainname = nmap.registry.args['dns-brute.domain'] local domainname = stdnse.get_script_args('dns-brute.domain')
if not domainname then if not domainname then
domainname = guess_domain(host) domainname = guess_domain(host)
end end
@@ -176,10 +176,10 @@ action = function(host)
if(not table.contains(nmap.registry.bruteddomains,domainname)) then if(not table.contains(nmap.registry.bruteddomains,domainname)) then
table.insert(nmap.registry.bruteddomains, domainname) table.insert(nmap.registry.bruteddomains, domainname)
stdnse.print_debug("Starting dns-brute at: "..domainname) stdnse.print_debug("Starting dns-brute at: "..domainname)
local max_threads = nmap.registry.args['dns-brute.threads'] and tonumber( nmap.registry.args['dns-brute.threads'] ) or 5 local max_threads = stdnse.get_script_args('dns-brute.threads') and tonumber( stdnse.get_script_args('dns-brute.threads') ) or 5
dosrv = stdnse.get_script_args("dns-brute.srv") or false dosrv = stdnse.get_script_args("dns-brute.srv") or false
stdnse.print_debug("THREADS: "..max_threads) stdnse.print_debug("THREADS: "..max_threads)
local fileName = nmap.registry.args['dns-brute.hostlist'] local fileName = stdnse.get_script_args('dns-brute.hostlist')
local commFile = fileName and nmap.fetchfile(fileName) local commFile = fileName and nmap.fetchfile(fileName)
local hostlist local hostlist
if commFile then if commFile then

8
scripts/domcon-cmd.nse
View File

@@ -96,9 +96,9 @@ action = function(host, port)
local socket = nmap.new_socket() local socket = nmap.new_socket()
local result_part, result, cmds = {}, {}, {} local result_part, result, cmds = {}, {}, {}
local user = nmap.registry.args['domcon-cmd.user'] local user = stdnse.get_script_args('domcon-cmd.user')
local pass = nmap.registry.args['domcon-cmd.pass'] local pass = stdnse.get_script_args('domcon-cmd.pass')
local cmd = nmap.registry.args['domcon-cmd.cmd'] local cmd = stdnse.get_script_args('domcon-cmd.cmd')
if( not(cmd) ) then return " \n ERROR: No command supplied (see domcon-cmd.cmd)" end if( not(cmd) ) then return " \n ERROR: No command supplied (see domcon-cmd.cmd)" end
if( not(user)) then return " \n ERROR: No username supplied (see domcon-cmd.user)" end if( not(user)) then return " \n ERROR: No username supplied (see domcon-cmd.user)" end
@@ -131,4 +131,4 @@ action = function(host, port)
socket:close() socket:close()
return stdnse.format_output( true, result ) return stdnse.format_output( true, result )
end end

10
scripts/domino-enum-users.nse
View File

@@ -66,18 +66,18 @@ action = function(host, port)
local helper = nrpc.Helper:new( host, port ) local helper = nrpc.Helper:new( host, port )
local status, data, usernames, err local status, data, usernames, err
local path = nmap.registry.args['domino-enum-users.path'] local path = stdnse.get_script_args('domino-enum-users.path')
local result = {} local result = {}
local save_file = false local save_file = false
local counter = 0 local counter = 0
local domino_username = stdnse.get_script_args("domino-enum-users.username")
if ( nmap.registry.args['domino-enum-users.username'] ) then if ( domino_username ) then
usernames = ( function() usernames = ( function()
local b = true local b = true
return function() return function()
if ( b ) then if ( b ) then
b=false; b=false;
return nmap.registry.args['domino-enum-users.username'] return domino_username
end end
end end
end )() end )()
@@ -127,4 +127,4 @@ action = function(host, port)
end end
return result return result
end end

4
scripts/drda-brute.nse
View File

@@ -128,9 +128,9 @@ action = function( host, port )
local result, response, status = {}, nil, nil local result, response, status = {}, nil, nil
local valid_accounts, threads = {}, {} local valid_accounts, threads = {}, {}
local usernames, passwords, creds local usernames, passwords, creds
local database = nmap.registry.args['drda-brute.dbname'] or "SAMPLE" local database = stdnse.get_script_args('drda-brute.dbname') or "SAMPLE"
local condvar = nmap.condvar( valid_accounts ) local condvar = nmap.condvar( valid_accounts )
local max_threads = nmap.registry.args['drda-brute.threads'] and tonumber( nmap.registry.args['drda-brute.threads'] ) or 10 local max_threads = stdnse.get_script_args('drda-brute.threads') and tonumber( stdnse.get_script_args('drda-brute.threads') ) or 10
-- Check if the DB specified is valid -- Check if the DB specified is valid
if( not(isValidDb(host, port, database)) ) then if( not(isValidDb(host, port, database)) ) then

2
scripts/ftp-anon.nse
View File

@@ -98,7 +98,7 @@ action = function(host, port)
socket:close() socket:close()
end end
local max_list = nmap.registry.args[SCRIPT_NAME .. ".maxlist"] local max_list = stdnse.get_script_args("ftp-anon.maxlist")
if not max_list then if not max_list then
if nmap.verbosity() == 0 then if nmap.verbosity() == 0 then
max_list = 20 max_list = 20

2
scripts/gopher-ls.nse
View File

@@ -42,7 +42,7 @@ end
action = function( host, port ) action = function( host, port )
local INFO = "i" local INFO = "i"
local maxfiles = nmap.registry.args[SCRIPT_NAME .. ".maxfiles"] local maxfiles = stdnse.get_script_args(SCRIPT_NAME..".maxfiles")
if not maxfiles then if not maxfiles then
maxfiles = 10 maxfiles = 10
else else

6
scripts/http-default-accounts.nse
View File

@@ -215,9 +215,9 @@ end
--- ---
action = function(host, port) action = function(host, port)
local fingerprintload_status, fingerprints, requests, results local fingerprintload_status, fingerprints, requests, results
local fingerprint_filename = nmap.registry.args["http-default-accounts.fingerprintfile"] or "http-defaul-accounts-fingerprints.lua" local fingerprint_filename = stdnse.get_script_args("http-default-accounts.fingerprintfile") or "http-defaul-accounts-fingerprints.lua"
local category = nmap.registry.args["http-default-accounts.category"] or false local category = stdnse.get_script_args("http-default-accounts.category") or false
local basepath = nmap.registry.args["http-default-accounts.basepath"] or "/" local basepath = stdnse.get_script_args("http-default-accounts.basepath") or "/"
local output_lns = {} local output_lns = {}
--Load fingerprint data or abort --Load fingerprint data or abort

10
scripts/http-domino-enum-passwords.nse
View File

@@ -208,14 +208,14 @@ end
action = function(host, port) action = function(host, port)
local path = "/names.nsf" local path = "/names.nsf"
local download_path = nmap.registry.args['domino-enum-passwords.idpath'] local download_path = stdnse.get_script_args('domino-enum-passwords.idpath')
local vhost= nmap.registry.args['domino-enum-passwords.hostname'] local vhost= stdnse.get_script_args('domino-enum-passwords.hostname')
local user = nmap.registry.args['domino-enum-passwords.username'] local user = stdnse.get_script_args('domino-enum-passwords.username')
local pass = nmap.registry.args['domino-enum-passwords.password'] local pass = stdnse.get_script_args('domino-enum-passwords.password')
local creds, pos, pager local creds, pos, pager
local links, result, hashes,legacyHashes, id_files = {}, {}, {}, {},{} local links, result, hashes,legacyHashes, id_files = {}, {}, {}, {},{}
local chunk_size = 30 local chunk_size = 30
local max_fetch = nmap.registry.args['domino-enum-passwords.count'] and tonumber(nmap.registry.args['domino-enum-passwords.count']) or 10 local max_fetch = stdnse.get_script_args('domino-enum-passwords.count') and tonumber(stdnse.get_script_args('domino-enum-passwords.count')) or 10
local http_response local http_response
if ( nmap.registry['credentials'] and nmap.registry['credentials']['http'] ) then if ( nmap.registry['credentials'] and nmap.registry['credentials']['http'] ) then

12
scripts/http-favicon.nse
View File

@@ -57,14 +57,14 @@ action = function(host, port)
return return
end end
if(nmap.registry.args['favicon.root']) then if(stdnse.get_script_args('favicon.root')) then
root = nmap.registry.args['favicon.root'] root = stdnse.get_script_args('favicon.root')
end end
local favicon_uri = stdnse.get_script_args("favicon.uri")
if(nmap.registry.args['favicon.uri']) then if(favicon_uri) then
-- If we got a script arg URI, always use that. -- If we got a script arg URI, always use that.
answer = http.get( host, port, root .. "/" .. nmap.registry.args['favicon.uri']) answer = http.get( host, port, root .. "/" .. favicon_uri)
stdnse.print_debug( 4, "Using URI %s", nmap.registry.args['favicon.uri']) stdnse.print_debug( 4, "Using URI %s", favicon_uri)
else else
-- Otherwise, first try parsing the home page. -- Otherwise, first try parsing the home page.
index = http.get( host, port, root .. "/" ) index = http.get( host, port, root .. "/" )

10
scripts/http-majordomo2-dir-traversal.nse
View File

@@ -1,7 +1,5 @@
description = [[ description = [[
Exploits a directory traversal vulnerability existing in the Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. (CVE-2011-0049).
Majordomo2 mailing list manager to retrieve remote
files. (CVE-2011-0049).
Vulnerability originally discovered by Michael Brooks. Vulnerability originally discovered by Michael Brooks.
@@ -65,9 +63,9 @@ action = function(host, port)
local response, rfile, rpath, uri, evil_uri, rfile_content, filewrite local response, rfile, rpath, uri, evil_uri, rfile_content, filewrite
local output_lines = {} local output_lines = {}
filewrite = nmap.registry.args["http-majordomo2-dir-traversal.outfile"] filewrite = stdnse.get_script_args("http-majordomo2-dir-traversal.outfile")
uri = nmap.registry.args["http-majordomo2-dir-traversal.uri"] or MAJORDOMO2_EXPLOIT_URI uri = stdnse.get_script_args("http-majordomo2-dir-traversal.uri") or MAJORDOMO2_EXPLOIT_URI
rfile = nmap.registry.args["http-majordomo2-dir-traversal.rfile"] or DEFAULT_REMOTE_FILE rfile = stdnse.get_script_args("http-majordomo2-dir-traversal.rfile") or DEFAULT_REMOTE_FILE
evil_uri = uri..MAJORDOMO2_EXPLOIT_QRY..rfile evil_uri = uri..MAJORDOMO2_EXPLOIT_QRY..rfile
stdnse.print_debug(1, "HTTP GET %s%s", stdnse.get_hostname(host), evil_uri) stdnse.print_debug(1, "HTTP GET %s%s", stdnse.get_hostname(host), evil_uri)

4
scripts/http-methods.nse
View File

@@ -65,8 +65,8 @@ action = function(host, port)
local response, methods, options_status_line, output local response, methods, options_status_line, output
-- default vaules for script-args -- default vaules for script-args
url_path = nmap.registry.args["http-methods.url-path"] or "/" url_path = stdnse.get_script_args("http-methods.url-path") or "/"
retest_http_methods = nmap.registry.args["http-methods.retest"] ~= nil retest_http_methods = stdnse.get_script_args("http-methods.retest") ~= nil
response = http.generic_request(host, port, "OPTIONS", url_path) response = http.generic_request(host, port, "OPTIONS", url_path)
if not response.status then if not response.status then

2
scripts/http-trace.nse
View File

@@ -56,7 +56,7 @@ end
--MAIN --MAIN
--- ---
action = function(host, port) action = function(host, port)
local path = nmap.registry.args["http-trace.path"] or "/" local path = stdnse.get_script_args("http-trace.path") or "/"
local req = http.generic_request(host, port, "TRACE", path) local req = http.generic_request(host, port, "TRACE", path)
if (req.status == 301 or req.status == 302) and req.header["location"] then if (req.status == 301 or req.status == 302) and req.header["location"] then

2
scripts/http-userdir-enum.nse
View File

@@ -126,7 +126,7 @@ end
function init() function init()
local customlist = nmap.registry.args.users or local customlist = nmap.registry.args.users or
(nmap.registry.args.userdir and nmap.registry.args.userdir.users) or (nmap.registry.args.userdir and nmap.registry.args.userdir.users) or
nmap.registry.args['userdir.users'] stdnse.get_script_args('userdir.users')
local read, usernames = datafiles.parse_file(customlist or "nselib/data/usernames.lst", {}) local read, usernames = datafiles.parse_file(customlist or "nselib/data/usernames.lst", {})
if not read then if not read then
stdnse.print_debug(1, "%s %s", SCRIPT_NAME, stdnse.print_debug(1, "%s %s", SCRIPT_NAME,

12
scripts/informix-query.nse
View File

@@ -41,14 +41,14 @@ require 'informix'
portrule = shortport.port_or_service( { 1526, 9088, 9090, 9092 }, "informix", "tcp", "open") portrule = shortport.port_or_service( { 1526, 9088, 9090, 9092 }, "informix", "tcp", "open")
action = function( host, port ) action = function( host, port )
local instance = nmap.registry.args['informix-info.instance'] local instance = stdnse.get_script_args('informix-info.instance')
local helper local helper
local status, data local status, data
local result = {} local result = {}
local user = nmap.registry.args['informix-query.username'] local user = stdnse.get_script_args('informix-query.username')
local pass = nmap.registry.args['informix-query.password'] local pass = stdnse.get_script_args('informix-query.password')
local query = nmap.registry.args['informix-query.query'] local query = stdnse.get_script_args('informix-query.query')
local db = nmap.registry.args['informix-query.database'] or "sysmaster" local db = stdnse.get_script_args('informix-query.database') or "sysmaster"
query = query or "SELECT FIRST 1 DBINFO('dbhostname') hostname, " .. query = query or "SELECT FIRST 1 DBINFO('dbhostname') hostname, " ..
"DBINFO('version','full') version FROM systables" "DBINFO('version','full') version FROM systables"
@@ -86,4 +86,4 @@ action = function( host, port )
return stdnse.format_output(status, result) return stdnse.format_output(status, result)
end end

6
scripts/informix-tables.nse
View File

@@ -57,8 +57,8 @@ action = function( host, port )
local helper local helper
local status, data local status, data
local result, output = {}, {} local result, output = {}, {}
local user = nmap.registry.args['informix-tables.username'] local user = stdnse.get_script_args('informix-tables.username')
local pass = nmap.registry.args['informix-tables.password'] or "" local pass = stdnse.get_script_args('informix-tables.password') or ""
local query= [[ local query= [[
SELECT cast(tabname as char(20)) table, cast(colname as char(20)) column, cast( cast(nrows as int) as char(20)) rows SELECT cast(tabname as char(20)) table, cast(colname as char(20)) column, cast( cast(nrows as int) as char(20)) rows
FROM "informix".systables st, "informix".syscolumns sc FROM "informix".systables st, "informix".syscolumns sc
@@ -112,4 +112,4 @@ action = function( host, port )
helper:Close() helper:Close()
return stdnse.format_output( true, result ) return stdnse.format_output( true, result )
end end

10
scripts/irc-unrealircd-backdoor.nse
View File

@@ -90,8 +90,8 @@ action = function(host, port)
-- Set up an extra command, if the user requested one -- Set up an extra command, if the user requested one
local command_extra = "" local command_extra = ""
if(nmap.registry.args['irc-unrealircd-backdoor.command']) then if(stdnse.get_script_args('irc-unrealircd-backdoor.command')) then
command_extra = nmap.registry.args['irc-unrealircd-backdoor.command'] command_extra = stdnse.get_script_args('irc-unrealircd-backdoor.command')
-- Replace "%IP%" with the ip address -- Replace "%IP%" with the ip address
command_extra = string.gsub(command_extra, '%%IP%%', host.ip) command_extra = string.gsub(command_extra, '%%IP%%', host.ip)
end end
@@ -109,8 +109,8 @@ action = function(host, port)
local full_command = string.format("%s;%s;%s;%s;%s", trigger, unique, command_linux, command_windows, command_extra) local full_command = string.format("%s;%s;%s;%s;%s", trigger, unique, command_linux, command_windows, command_extra)
-- wait time: get rid of fast reconnecting annoyance -- wait time: get rid of fast reconnecting annoyance
if(nmap.registry.args['irc-unrealircd-backdoor.wait']) then if(stdnse.get_script_args('irc-unrealircd-backdoor.wait')) then
local waittime = nmap.registry.args['irc-unrealircd-backdoor.wait'] local waittime = stdnse.get_script_args('irc-unrealircd-backdoor.wait')
stdnse.print_debug(1, "irc-unrealircd-backdoor: waiting for %i seconds", waittime) stdnse.print_debug(1, "irc-unrealircd-backdoor: waiting for %i seconds", waittime)
stdnse.sleep(waittime) stdnse.sleep(waittime)
end end
@@ -182,7 +182,7 @@ action = function(host, port)
-- Determine whether or not the vulnerability is present -- Determine whether or not the vulnerability is present
if(elapsed > (delay - delay_fudge)) then if(elapsed > (delay - delay_fudge)) then
-- Check if the user wants to kill the server. -- Check if the user wants to kill the server.
if(nmap.registry.args['irc-unrealircd-backdoor.kill']) then if(stdnse.get_script_args('irc-unrealircd-backdoor.kill')) then
stdnse.print_debug(1, "irc-unrealircd-backdoor: Attempting to kill the Trojanned UnrealIRCd server...") stdnse.print_debug(1, "irc-unrealircd-backdoor: Attempting to kill the Trojanned UnrealIRCd server...")
local linux_kill = "kill `ps -e | grep ircd | awk '{ print $1 }'`" local linux_kill = "kill `ps -e | grep ircd | awk '{ print $1 }'`"

2
scripts/ldap-brute.nse
View File

@@ -103,7 +103,7 @@ action = function( host, port )
local ldap_anonymous_bind = string.char( 0x30, 0x0c, 0x02, 0x01, 0x01, 0x60, 0x07, 0x02, 0x01, 0x03, 0x04, 0x00, 0x80, 0x00 ) local ldap_anonymous_bind = string.char( 0x30, 0x0c, 0x02, 0x01, 0x01, 0x60, 0x07, 0x02, 0x01, 0x03, 0x04, 0x00, 0x80, 0x00 )
local socket, _, opt = comm.tryssl( host, port, ldap_anonymous_bind, nil ) local socket, _, opt = comm.tryssl( host, port, ldap_anonymous_bind, nil )
local base_dn = nmap.registry.args['ldap.base'] local base_dn = stdnse.get_script_args('ldap.base')
if not socket then if not socket then
return return

12
scripts/ldap-search.nse
View File

@@ -73,14 +73,14 @@ function action(host,port)
local status local status
local socket, opt local socket, opt
local args = nmap.registry.args local args = nmap.registry.args
local username = args['ldap.username'] local username = stdnse.get_script_args('ldap.username')
local password = args['ldap.password'] local password = stdnse.get_script_args('ldap.password')
local qfilter = args['ldap.qfilter'] local qfilter = stdnse.get_script_args('ldap.qfilter')
local base = args['ldap.base'] local base = stdnse.get_script_args('ldap.base')
local attribs = args['ldap.attrib'] local attribs = stdnse.get_script_args('ldap.attrib')
local accounts local accounts
local objCount = 0 local objCount = 0
local maxObjects = nmap.registry.args['ldap.maxobjects'] and tonumber(nmap.registry.args['ldap.maxobjects']) or 20 local maxObjects = stdnse.get_script_args('ldap.maxobjects') and tonumber(stdnse.get_script_args('ldap.maxobjects')) or 20
-- In order to discover what protocol to use (SSL/TCP) we need to send a few bytes to the server -- In order to discover what protocol to use (SSL/TCP) we need to send a few bytes to the server
-- An anonymous bind should do it -- An anonymous bind should do it

8
scripts/sql-injection.nse
View File

@@ -210,15 +210,15 @@ action = function(host, port)
injectable = {} injectable = {}
-- start at the root -- start at the root
if nmap.registry.args['sql-injection.start'] then if stdnse.get_script_args('sql-injection.start') then
table.insert(urllist, "/" .. nmap.registry.args['sql-injection.start']) table.insert(urllist, "/" .. stdnse.get_script_args('sql-injection.start'))
else else
table.insert(urllist, "/") table.insert(urllist, "/")
end end
-- check for argument supplied max depth -- check for argument supplied max depth
if nmap.registry.args['sql-injection.maxdepth'] then if stdnse.get_script_args('sql-injection.maxdepth') then
maxdepth = tonumber(nmap.registry.args['sql-injection.maxdepth']) maxdepth = tonumber(stdnse.get_script_args('sql-injection.maxdepth'))
stdnse.print_debug("maxdepth set to: " .. maxdepth) stdnse.print_debug("maxdepth set to: " .. maxdepth)
end end