Move stdnse.generate_random_string to new rand.lua

scripts/broadcast-dhcp-discover.nse

@@ -75,17 +75,6 @@ prerule = function()
   return true
 end
 
--- Creates a random MAC address
---
--- @return mac_addr string containing a random MAC
-local function randomizeMAC()
-  local mac_addr = {}
-  for j=1, 6 do
-    mac_addr[j] = string.char(math.random(1, 255))
-  end
-  return table.concat(mac_addr)
-end
-
 -- Gets a list of available interfaces based on link and up filters
 --
 -- @param link string containing the link type to filter
@@ -162,7 +151,7 @@ action = function()
   -- randomizing the MAC could exhaust dhcp servers with small scopes
   -- if ran multiple times, so we should probably refrain from doing
   -- this?
-  local mac = "\xDE\xAD\xC0\xDE\xCA\xFE" --randomizeMAC()
+  local mac = "\xDE\xAD\xC0\xDE\xCA\xFE"
 
   local interfaces
 

scripts/broadcast-jenkins-discover.nse

@@ -3,6 +3,7 @@ local stdnse = require "stdnse"
 local string = require "string"
 local os = require "os"
 local table = require "table"
+local rand = require "rand"
 
 description = [[
 Discovers Jenkins servers on a LAN by sending a discovery broadcast probe.
@@ -46,7 +47,7 @@ action = function()
   socket:set_timeout(500)
 
   -- send two packets, just in case
-  local probe = stdnse.generate_random_string(10)
+  local probe = rand.random_string(10)
   for i=1,2 do
     local status = socket:sendto(host, port, probe)
     if ( not(status) ) then

scripts/broadcast-ping.nse

@@ -7,8 +7,8 @@ local tab = require "tab"
 local string = require "string"
 local table = require "table"
 local target = require "target"
+local rand = require "rand"
 
-local openssl = stdnse.silent_require "openssl"
 
 description = [[
 Sends broadcast pings on a selected interface using raw ethernet packets and
@@ -96,7 +96,7 @@ local icmp_packet = function(srcIP, dstIP, ttl, data_length, mtu, seqNo, icmp_id
   -- ICMP Message
   local icmp_payload = nil
   if data_length and data_length>0 then
-    icmp_payload = openssl.rand_bytes(data_length)
+    icmp_payload = rand.random_string(data_length)
   else
     icmp_payload = ""
   end
@@ -170,7 +170,7 @@ local broadcast_if = function(if_table,icmp_responders)
 
   for i = 1, num_probes do
     -- ICMP packet
-    local icmp_id = openssl.rand_bytes(2)
+    local icmp_id = rand.random_string(2)
     icmp_ids[icmp_id]=true
     local icmp = icmp_packet( source_IP, destination_IP, ttl,
     data_length, mtu, sequence_number, icmp_id)

scripts/dhcp-discover.nse

@@ -1,5 +1,5 @@
 local dhcp = require "dhcp"
-local math = require "math"
+local rand = require "rand"
 local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
@@ -110,11 +110,7 @@ local function go(host, port)
     local mac_addr = host.mac_addr_src
     if(nmap.registry.args.randomize_mac == 'true' or nmap.registry.args.randomize_mac == '1') then
       stdnse.debug2("Generating a random MAC address")
-      mac_addr = {}
-      for j=1, 6, 1 do
-        mac_addr[i] = string.char(math.random(1, 255))
-      end
-      mac_addr = table.concat(mac_addr)
+      mac_addr = rand.random_string(6)
     end
 
     local iface, err = nmap.get_interface_info(host.interface)

scripts/dns-brute.nse

@@ -7,6 +7,7 @@ local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
 local target = require "target"
+local rand = require "rand"
 
 description = [[
 Attempts to enumerate DNS hostnames by brute force guessing of common
@@ -179,8 +180,8 @@ local function srv_main(domainname, srvresults, srv_iter)
 end
 
 local function detect_wildcard(domainname, record)
-  local rand_host1 = stdnse.generate_random_string(24).."."..domainname
-  local rand_host2 = stdnse.generate_random_string(24).."."..domainname
+  local rand_host1 = rand.random_alpha(24).."."..domainname
+  local rand_host2 = rand.random_alpha(24).."."..domainname
   local res1 = resolve(rand_host1, record)
 
   stdnse.debug1("Detecting wildcard for \"%s\" records using random hostname \"%s\".", record, rand_host1)

scripts/dns-nsec3-enum.nse

@@ -5,6 +5,7 @@ local base32 = require "base32"
 local nmap = require "nmap"
 local string = require "string"
 local table = require "table"
+local rand = require "rand"
 
 local openssl = stdnse.silent_require "openssl"
 
@@ -173,7 +174,7 @@ end
 -- generate a random hash with domains suffix
 -- return both domain and its hash
 local function generate_hash(domain, iter, salt)
-  local rand_str = stdnse.generate_random_string(8, "etaoinshrdlucmfw")
+  local rand_str = rand.random_string(8, "etaoinshrdlucmfw")
   local random_domain = rand_str .. "." .. domain
   local packed_domain = {}
   for word in string.gmatch(random_domain, "[^%.]+") do
@@ -237,7 +238,7 @@ local function enum(host, port, domain)
   local todo = {}
   local dnssec, status, result = false, false, "No Answer"
   local result = {}
-  local subdomain = stdnse.generate_random_string(8, "etaoinshrdlucmfw")
+  local subdomain = rand.random_string(8, "etaoinshrdlucmfw")
   local full_domain = join({subdomain, domain})
   local iter
   local salt

scripts/http-drupal-enum.nse

@@ -6,6 +6,7 @@ local shortport = require "shortport"
 local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
+local rand = require "rand"
 
 description = [[
 Enumerates the installed Drupal modules/themes by using a list of known modules and themes.
@@ -177,7 +178,7 @@ function action (host, port)
   -- We default to HEAD requests unless the server returns
   -- non 404 (200 or other) status code
 
-  local response = http.head(host, port, modules_path .. stdnse.generate_random_string(8) .. "/LICENSE.txt")
+  local response = http.head(host, port, modules_path .. rand.random_string(8, rand.charset('a','z')) .. "/LICENSE.txt")
   if response.status ~= 404 then
     method = "GET"
   end

scripts/http-form-brute.nse

@@ -7,6 +7,7 @@ local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
 local url = require "url"
+local rand = require "rand"
 
 description = [[
 Performs brute force password auditing against http form-based authentication.
@@ -580,8 +581,8 @@ action = function (host, port)
                   }
 
   -- validate that the form submission behaves as expected
-  local username = uservar and stdnse.generate_random_string(8)
-  local password = stdnse.generate_random_string(8)
+  local username = uservar and rand.random_alpha(8)
+  local password = rand.random_alpha(8)
   local testdrv = Driver:new(host, port, options)
   local response, success = testdrv:submit_form(username, password)
   if not response then

scripts/http-form-fuzzer.nse

@@ -58,18 +58,7 @@ local stdnse = require 'stdnse'
 local string = require 'string'
 local table = require 'table'
 local url = require 'url'
-
--- generate a charset that will be used for fuzzing
-local function generate_charset(left_bound, right_bound, ...)
-  local t = ... or {}
-  if left_bound > right_bound then
-    return t
-  end
-  for i=left_bound,right_bound do
-    table.insert(t, string.char(i))
-  end
-  return t
-end
+local rand = require 'rand'
 
 -- check if the response we got indicates that fuzzing was successful
 local function check_response(response)
@@ -105,8 +94,8 @@ end
 
 -- generate a charset of characters with ascii codes from 33 to 126
 -- you can use http://www.asciitable.com/ to see which characters those actually are
-local charset = generate_charset(33,126)
-local charset_number = generate_charset(49,57) -- ascii 49 -> 1; 57 -> 9
+local charset = rand.charset(33,126)
+local charset_number = rand.charset(49,57) -- ascii 49 -> 1; 57 -> 9
 
 local function fuzz_form(form, minlen, maxlen, host, port, path)
   local affected_fields = {}
@@ -140,10 +129,10 @@ local function fuzz_form(form, minlen, maxlen, host, port, path)
       local response_number
 
       --first try to fuzz with a string
-      postdata[field["name"]] = stdnse.generate_random_string(i, charset)
+      postdata[field["name"]] = rand.random_string(i, charset)
       response_string = sending_function(postdata)
       --then with a number
-      postdata[field["name"]] = stdnse.generate_random_string(i, charset_number)
+      postdata[field["name"]] = rand.random_string(i, charset_number)
       response_number = sending_function(postdata)
 
       if check_response(response_string) then

scripts/http-jsonp-detection.nse

@@ -7,6 +7,7 @@ local json = require "json"
 local url = require "url"
 local httpspider = require "httpspider"
 local table = require "table"
+local rand = require "rand"
 
 description = [[
 Attempts to discover JSONP endpoints in web servers. JSONP endpoints can be
@@ -64,7 +65,7 @@ end
 --Checks if the callback function is controllable from URL
 local callback_url = function(host, port, target, callback_variable)
   local path, response, report
-  local value = stdnse.generate_random_string(8)
+  local value = rand.rand_alpha(8)
   if callback_variable == nil then
     callback_variable = "callback"
   end

scripts/http-method-tamper.nse

@@ -65,6 +65,7 @@ local httpspider = require "httpspider"
 local vulns = require "vulns"
 local url = require "url"
 local string = require "string"
+local rand = require "rand"
 
 portrule = shortport.http
 
@@ -83,7 +84,7 @@ local function probe_http_verbs(host, port, uri)
     return true, "POST"
   end
   --With a random generated verb we look for 400 and 501 status
-  local random_verb_req = http.generic_request(host, port, stdnse.generate_random_string(4), uri)
+  local random_verb_req = http.generic_request(host, port, rand.random_alpha(4):upper(), uri)
   local retcodes = {
     [400] = true, -- Bad Request
     [401] = true, -- Authentication needed

scripts/http-methods.nse

@@ -4,6 +4,7 @@ local shortport = require "shortport"
 local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
+local rand = require "rand"
 
 description = [[
 Finds out what options are supported by an HTTP server by sending an
@@ -171,7 +172,7 @@ action = function(host, port)
     end
   end
 
-  local random_resp = http.generic_request(host, port, stdnse.generate_random_string(4), path)
+  local random_resp = http.generic_request(host, port, rand.random_alpha(4):upper(), path)
 
   if random_resp.status then
     stdnse.debug1("Response Code to Random Method is %d", random_resp.status)

scripts/http-shellshock.nse

@@ -3,6 +3,7 @@ local shortport = require "shortport"
 local stdnse = require "stdnse"
 local string = require "string"
 local vulns = require "vulns"
+local rand = require "rand"
 
 description = [[
 Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications.
@@ -85,7 +86,7 @@ function generate_http_req(host, port, uri, custom_header, cmd)
   if cmd ~= nil then
     cmd = '() { :;}; '..cmd
  else
-    rnd = stdnse.generate_random_string(15)
+    rnd = rand.random_alpha(15)
     cmd = '() { :;}; echo; echo "'..rnd..'"'
   end
   -- Plant the payload in the HTTP headers

scripts/http-vuln-cve2011-3368.nse

@@ -4,8 +4,7 @@ local shortport = require "shortport"
 local stdnse = require "stdnse"
 local string = require "string"
 local vulns = require "vulns"
-
-local openssl = stdnse.silent_require "openssl"
+local rand = require "rand"
 
 description = [[
 Tests for the CVE-2011-3368 (Reverse Proxy Bypass) vulnerability in Apache HTTP server's reverse proxy mode.
@@ -72,7 +71,7 @@ servers to remote users who send carefully crafted requests.]],
 
   -- Take a reference chrono for a 404
   local start = os.time(os.date('*t'))
-  local random_page = stdnse.tohex(openssl.sha1(openssl.rand_pseudo_bytes(512)))
+  local random_page = rand.rand_alpha(20)
   local reference = http.get(host,port,("%s/%s.htm"):format(prefix,random_page))
   local chrono_404 = os.time(os.date('*t'))-start
 

scripts/http-vuln-cve2013-6786.nse

@@ -39,6 +39,7 @@ local nmap = require "nmap"
 local shortport = require "shortport"
 local vulns = require "vulns"
 local stdnse = require "stdnse"
+local rand = require "rand"
 
 portrule = shortport.http
 
@@ -65,7 +66,7 @@ untrusted website and XSS injection.]],
 
   local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)
   local header = { ["Referer"] = '"><script>alert("XSS")</script><"' }
-  local open_session = http.get(host, port, "/"..stdnse.generate_random_string(16), { header = header })
+  local open_session = http.get(host, port, "/"..rand.random_alpha(16), { header = header })
   if open_session and open_session.status == 404 then
     stdnse.debug2("got 404-that's good!")
     if open_session.body:match('"><script>alert%("XSS"%)</script><"') then

scripts/http-vuln-cve2014-3704.nse

@@ -6,6 +6,7 @@ local table = require "table"
 local url = require "url"
 local vulns = require "vulns"
 local openssl = require "openssl"
+local rand = require "rand"
 
 description = [[
 Exploits CVE-2014-3704 also known as 'Drupageddon' in Drupal. Versions < 7.32
@@ -162,7 +163,7 @@ local function gen_passwd_hash(passwd)
   local iter = 15
   local iter_char = itoa64(iter)
   local iter_count = 1<<iter
-  local salt = stdnse.generate_random_string(8)
+  local salt = rand.random_alpha(8)
 
   local md5 = openssl.md5(salt .. passwd)
   for i = 1, iter_count do
@@ -185,10 +186,10 @@ local function do_sql_query(host, port, uri, user)
   local query
 
   if user == nil then
-    user = stdnse.generate_random_string(10)
-    passwd = stdnse.generate_random_string(10)
+    user = rand.random_alpha(10)
+    passwd = rand.random_alpha(10)
     passHash = gen_passwd_hash(passwd)
-    email = stdnse.generate_random_string(8) .. '@' .. stdnse.generate_random_string(5) .. '.' .. stdnse.generate_random_string(3)
+    email = rand.random_alpha(8) .. '@' .. rand.random_alpha(5) .. '.' .. rand.random_alpha(3)
 
     stdnse.debug(1, string.format("adding admin user (username: '%s'; passwd: '%s')", user, passwd))
     sql_user = url.escape("insert into users (uid,name,pass,mail,status) select max(uid)+1,'" .. user .. "','" .. passHash .. "','" .. email .. "',1 from users;")
@@ -206,7 +207,7 @@ local function do_sql_query(host, port, uri, user)
     query = sql_admin .. sql_user
   end
 
-  local r = "name[0;" .. query .. "#%20%20]=" .. stdnse.generate_random_string(10) .. "&name[0]=" .. stdnse.generate_random_string(10) .. "&pass=" .. stdnse.generate_random_string(10) .. "&form_id=user_login&op=Log+in"
+  local r = "name[0;" .. query .. "#%20%20]=" .. rand.random_alpha(10) .. "&name[0]=" .. rand.random_alpha(10) .. "&pass=" .. rand.random_alpha(10) .. "&form_id=user_login&op=Log+in"
 
   local opt = {
     header = {
@@ -311,9 +312,9 @@ local function trigger_exploit(host, port, uri, session, cmd)
   local csrfToken = extract_CSRFtoken(res.body)
 
   stdnse.debug(1, string.format("%s", "calling preview article page & triggering exploit"))
-  local pattern = '"' .. stdnse.generate_random_string(5)
+  local pattern = '"' .. rand.random_alpha(5)
   local payload = "<?php echo '" .. pattern .. " '; system('" .. cmd .. "'); echo '".. pattern .. " '; ?>"
-  local boundary = stdnse.generate_random_string(16)
+  local boundary = rand.random_alpha(16)
   opt['header'] = {}
   opt['header']["Content-Type"] = "multipart/form-data" .. "; boundary=" .. boundary
 

scripts/http-vuln-cve2014-8877.nse

@@ -5,6 +5,7 @@ local string = require "string"
 local url = require "url"
 local vulns = require "vulns"
 local base64 = require "base64"
+local rand = require "rand"
 
 description = [[
 Exploits a remote code injection vulnerability (CVE-2014-8877) in Wordpress CM
@@ -61,7 +62,7 @@ function genHttpReq(host, port, uri, cmd)
   if cmd ~= nil then
     payload = '".system("'..cmd..'")."'
   else
-    rnd = stdnse.generate_random_string(15)
+    rnd = rand.random_alpha(15)
     local encRnd = base64.enc(rnd)
     payload = '".base64_decode("'..encRnd..'")."'
   end
@@ -111,7 +112,7 @@ CMDsearch parameter to cmdownloads/, which is processed by the PHP
     -- exploit the vulnerability
     if cmd ~= nil then
        -- wrap cmd with pattern which is used to filter out only relevant output from the response
-       local pattern = stdnse.generate_random_string(5)
+       local pattern = rand.random_alpha(5)
        req = genHttpReq(host, port, uri, 'echo '..pattern..';'..cmd..';echo '..pattern..';')
 
        if req.status == 200 then

scripts/http-vuln-cve2015-1427.nse

@@ -5,6 +5,7 @@ local string = require "string"
 local vulns = require "vulns"
 local json = require "json"
 local nmap = require "nmap"
+local rand = require "rand"
 
 description = [[
 This script attempts to detect a vulnerability, CVE-2015-1427, which  allows attackers
@@ -160,7 +161,7 @@ action = function(host, port)
     return report:make_output(vuln_table)
   elseif response.body == '' then
     if invasive then
-      local rand = string.lower(stdnse.generate_random_string(8))
+      local rand = rand.random_alpha(8)
       cleanup = function()
         local r = http.generic_request(host, port, "DELETE", ("/%s"):format(rand))
         if r.status ~= 200 or not r.body:match('"acknowledged":true') then

scripts/http-vuln-cve2015-1635.nse

@@ -3,6 +3,7 @@ local http = require "http"
 local stdnse = require "stdnse"
 local string = require "string"
 local vulns = require "vulns"
+local rand = require "rand"
 
 description = [[
 Checks for a remote code execution vulnerability (MS15-034) in Microsoft Windows systems (CVE2015-2015-1635).
@@ -67,7 +68,7 @@ successfully exploited this vulnerability could execute arbitrary code in the co
     }
   }
   local options = {header={}}
-  options['header']['Host'] = stdnse.generate_random_string(8)
+  options['header']['Host'] = rand.random_alpha(8)
   options['header']['Range'] = "bytes=0-18446744073709551615"
 
   local response = http.get(host, port, uri, options)

scripts/http-vuln-cve2017-5638.nse

@@ -8,6 +8,7 @@ local shortport = require "shortport"
 local vulns = require "vulns"
 local stdnse = require "stdnse"
 local string = require "string"
+local rand = require "rand"
 
 ---
 -- @usage
@@ -61,7 +62,7 @@ vulnerability via the Content-Type header.
 
   local method = stdnse.get_script_args(SCRIPT_NAME..".method") or "GET"
   local path = stdnse.get_script_args(SCRIPT_NAME..".path") or "/"
-  local value = stdnse.generate_random_string(8)
+  local value = rand.rand_alpha(8)
 
   local header = {
     ["Content-Type"] = string.format("%%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Check-Struts', '%s')}.multipart/form-data", value)

scripts/http-vuln-cve2017-5689.nse

@@ -14,6 +14,7 @@ local http = require "http"
 local shortport = require "shortport"
 local vulns = require "vulns"
 local stdnse = require "stdnse"
+local rand = require "rand"
 
 ---
 -- @usage
@@ -114,7 +115,7 @@ digest parameter.
       if www_authenticate[1]['params'] and www_authenticate[1]['params']['realm'] and www_authenticate[1]['params']['nonce'] then
         local auth_header = string.format("Digest username=\"admin\", realm=\"%s\", nonce=\"%s\", uri=\"index.htm\"," ..
           "cnonce=\"%s\", nc=1, qop=\"auth\", response=\"\"", www_authenticate[1]['params']['realm'],
-          www_authenticate[1]['params']['nonce'], stdnse.generate_random_string(10))
+          www_authenticate[1]['params']['nonce'], rand.random_alpha(10))
         local opt = { header = { ['Authorization'] = auth_header } }
         response = http.get(host, port, '/index.htm', opt)
         if response.status and response.status == 200 then

scripts/ipmi-brute.nse

@@ -4,6 +4,7 @@ local ipmi = require "ipmi"
 local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
+local rand = require "rand"
 
 description = [[
 Performs brute force password auditing against IPMI RPC server.
@@ -48,8 +49,8 @@ Driver = {
   end,
 
   login = function(self, username, password)
-    local console_session_id = stdnse.generate_random_string(4)
-    local console_random_id = stdnse.generate_random_string(16)
+    local console_session_id = rand.random_string(4)
+    local console_random_id = rand.random_string(16)
 
     local request = ipmi.session_open_request(console_session_id)
     local status, reply

scripts/ipv6-ra-flood.nse

@@ -5,6 +5,7 @@ local stdnse = require "stdnse"
 local math = require "math"
 local string = require "string"
 local os = require "os"
+local rand = require "rand"
 
 description = [[
 Generates a flood of Router Advertisements (RA) with random source MAC
@@ -81,17 +82,13 @@ end
 --- Generates random MAC address
 -- @return mac string containing random MAC address
 local function random_mac()
-
-  local mac = string.format("%02x:%02x:%02x:%02x:%02x:%02x", 00, 180, math.random(256)-1, math.random(256)-1, math.random(256)-1, math.random(256)-1)
-  return mac
+  return "\x00\xb4" .. rand.random_string(4)
 end
 
 --- Generates random IPv6 prefix
 -- @return prefix string containing random IPv6 /64 prefix
 local function get_random_prefix()
-  local prefix = string.format("2a01:%02x%02x:%02x%02x:%02x%02x::", math.random(256)-1, math.random(256)-1, math.random(256)-1, math.random(256)-1, math.random(256)-1, math.random(256)-1)
-
-  return prefix
+  return "\x2a\x01" .. rand.random_string(6) .. ("\0"):rep(8)
 end
 
 --- Build an ICMPv6 payload of Router Advertisement.
@@ -158,10 +155,10 @@ local function broadcast_on_interface(iface)
 
   while true do
 
-    local src_mac = packet.mactobin(random_mac())
+    local src_mac = random_mac()
     local src_ip6_addr = packet.mac_to_lladdr(src_mac)
 
-    local prefix = ipOps.ip_to_str(get_random_prefix())
+    local prefix = get_random_prefix()
 
     local packet = packet.Frame:new()
 

scripts/irc-botnet-channels.nse

@@ -3,6 +3,7 @@ local irc = require "irc"
 local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
+local rand = require "rand"
 
 description = [[
 Checks an IRC server for channels that are commonly used by malicious botnets.
@@ -160,10 +161,6 @@ local function irc_compose_message(prefix, command, ...)
   return stdnse.strjoin(" ", parts) .. "\r\n"
 end
 
-local function random_nick()
-  return stdnse.generate_random_string(9, "abcdefghijklmnopqrstuvwxyz")
-end
-
 local function splitlines(s)
   local lines = {}
   local _, i, j
@@ -190,7 +187,7 @@ local function irc_connect(host, port, nick, user, pass)
   if pass then
     commands[#commands + 1] = irc_compose_message(nil, "PASS", pass)
   end
-  nick = nick or random_nick()
+  nick = nick or rand.random_alpha(9)
   commands[#commands + 1] = irc_compose_message(nil, "NICK", nick)
   user = user or nick
   commands[#commands + 1] = irc_compose_message(nil, "USER", user, "8", "*", user)

scripts/irc-brute.nse

@@ -4,6 +4,7 @@ local creds = require "creds"
 local match = require "match"
 local irc = require "irc"
 local stdnse = require "stdnse"
+local rand = require "rand"
 
 description=[[
 Performs brute force password auditing against IRC (Internet Relay Chat) servers.
@@ -87,12 +88,8 @@ Driver = {
   disconnect = function(self) return self.socket:close() end,
 }
 
-local function random_nick()
-  return stdnse.generate_random_string(9, "abcdefghijklmnopqrstuvwxyz")
-end
-
 local function needsPassword(host, port)
-  local msg = ("NICK %s\r\nUSER anonymous 0 * :Nmap brute\r\n"):format(random_nick())
+  local msg = ("NICK %s\r\nUSER anonymous 0 * :Nmap brute\r\n"):format(rand.random_alpha(9))
   local s, r, opts, _ = comm.tryssl(host, port, msg, { timeout = 15000 } )
   local err, code
 

scripts/irc-info.nse

@@ -3,6 +3,7 @@ local nmap = require "nmap"
 local math = require "math"
 local irc = require "irc"
 local stdnse = require "stdnse"
+local rand = require "rand"
 
 description = [[
 Gathers information from an IRC server.
@@ -48,12 +49,8 @@ portrule = irc.portrule
 
 local banner_timeout = 60
 
-local function random_nick ()
-  return stdnse.generate_random_string(9, "abcdefghijklmnopqrstuvwxyz")
-end
-
 function action (host, port)
-  local nick = random_nick()
+  local nick = rand.random_alpha(9)
 
   local output = stdnse.output_table()
 
@@ -85,7 +82,7 @@ function action (host, port)
     -- NICK already in use
     info = line:match "^:([%w-_.]+) 433"
     if info then
-      nick = random_nick()
+      nick = rand.random_alpha(9)
       sd:send("NICK " .. nick .. "\n")
     end
 

scripts/oracle-enum-users.nse

@@ -4,6 +4,7 @@ local stdnse = require "stdnse"
 local table = require "table"
 local tns = require "tns"
 local unpwdb = require "unpwdb"
+local rand = require "rand"
 
 local openssl = stdnse.silent_require "openssl"
 
@@ -103,7 +104,7 @@ action = function( host, port )
   -- Check for some known bad accounts
   count = 0
   for i=1, 10 do
-    local user = stdnse.generate_random_string(10,
+    local user = rand.random_string(10,
       "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_")
     status, salt = checkAccount(host, port, user)
     if( not(status) ) then return salt  end

scripts/rtsp-url-brute.nse

@@ -5,6 +5,7 @@ local rtsp = require "rtsp"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
 local table = require "table"
+local rand = require "rand"
 
 description = [[
 Attempts to enumerate RTSP media URLS by testing for common paths on devices such as surveillance IP cameras.
@@ -140,7 +141,7 @@ action = function(host, port)
   -- Try to see what a nonexistent URL looks like
   local status, response = fetch_url(
     host, port, ("rtsp://%s/%s"):format(
-      stdnse.get_hostname(host), stdnse.generate_random_string(14))
+      stdnse.get_hostname(host), rand.rand_alpha(14))
     )
   local status_404 = 404
   if status then

scripts/smb-brute.nse

@@ -5,6 +5,7 @@ local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
 local unpwdb = require "unpwdb"
+local rand = require "rand"
 
 description = [[
 Attempts to guess username/password combinations over SMB, storing discovered combinations
@@ -172,9 +173,8 @@ local special_passwords = { USERNAME, USERNAME_REVERSED }
 --@param length (optional) The length of the string to return. Default: 8.
 --@param set    (optional) The set of letters to choose from. Default: upper, lower, numbers, and underscore.
 --@return The random string.
-local function get_random_string(length, set)
-  return stdnse.generate_random_string(length or 8,
-    set or "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_")
+local function get_random_string(length)
+  return rand.random_string(length, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_")
 end
 
 ---Splits a string in the form "domain\user" into domain and user.

scripts/smb-vuln-ms06-025.nse

@@ -3,6 +3,7 @@ local nmap = require "nmap"
 local smb = require "smb"
 local stdnse = require "stdnse"
 local vulns = require "vulns"
+local rand = require "rand"
 
 description = [[
 Detects Microsoft Windows systems with Ras RPC service vulnerable to MS06-025.
@@ -103,7 +104,7 @@ function check_ms06_025(host)
   req = msrpc.RRAS_marshall_RequestBuffer(
     0x01,
     msrpc.RRAS_RegTypes['GETDEVCONFIG'],
-    stdnse.generate_random_string(3000, "0123456789abcdefghijklmnoprstuvzxwyABCDEFGHIJKLMNOPRSTUVZXWY"))
+    rand.random_string(3000, "0123456789abcdefghijklmnoprstuvzxwyABCDEFGHIJKLMNOPRSTUVZXWY"))
   status, sr_result = msrpc.RRAS_SubmitRequest(smbstate, req)
   msrpc.stop_smb(smbstate)
   --sanity check

scripts/ssh-auth-methods.nse

@@ -1,6 +1,7 @@
 local shortport = require "shortport"
 local stdnse = require "stdnse"
 local libssh2_util = require "libssh2-utility"
+local rand = require "rand"
 
 description = [[
 Returns authentication methods that a SSH server supports.
@@ -24,7 +25,7 @@ author = "Devin Bjelland"
 license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
 categories = {"auth", "intrusive"}
 
-local username = stdnse.get_script_args("ssh.user") or stdnse.generate_random_string(5)
+local username = stdnse.get_script_args("ssh.user") or rand.random_alpha(5)
 portrule = shortport.port_or_service(22, 'ssh')
 
 function action (host, port)

scripts/targets-ipv6-multicast-slaac.nse

@@ -1,6 +1,5 @@
 local coroutine = require "coroutine"
 local ipOps = require "ipOps"
-local math = require "math"
 local nmap = require "nmap"
 local packet = require "packet"
 local stdnse = require "stdnse"
@@ -8,6 +7,7 @@ local string = require "string"
 local tab = require "tab"
 local table = require "table"
 local target = require "target"
+local rand = require "rand"
 
 description = [[
 Performs IPv6 host discovery by triggering stateless address auto-configuration
@@ -59,7 +59,7 @@ end
 -- @return A 16-byte string of IPv6 address, and the length of the prefix.
 local function get_random_ula_prefix(local_scope)
   local ula_prefix
-  local global_id = string.char(math.random(256)-1,math.random(256)-1,math.random(256)-1,math.random(256)-1,math.random(256)-1)
+  local global_id = rand.random_string(5)
 
   if local_scope then
     ula_prefix = ipOps.ip_to_str("fd00::")

scripts/tftp-enum.nse

@@ -4,6 +4,7 @@ local shortport = require "shortport"
 local stdnse = require "stdnse"
 local string = require "string"
 local table = require "table"
+local rand = require "rand"
 
 description = [[
 Enumerates TFTP (trivial file transfer protocol) filenames by testing
@@ -175,7 +176,7 @@ local check_file_present = function(host, port, filename)
 end
 
 local check_open_tftp = function(host, port)
-  local random_name = stdnse.generate_random_string(8, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_")
+  local random_name = rand.random_string(8, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_")
   local ret_value = check_file_present(host, port, random_name)
   if (ret_value == FILE_FOUND or ret_value == FILE_NOT_FOUND) then
     return true

scripts/tls-ticketbleed.nse

@@ -6,6 +6,7 @@ local stdnse = require("stdnse")
 local table = require("table")
 local tls = require "tls"
 local vulns = require("vulns")
+local rand = require "rand"
 
 description = [[
 Detects whether a server is vulnerable to the F5 Ticketbleed bug (CVE-2016-9244).
@@ -207,7 +208,7 @@ local function is_vuln(host, port, version)
   -- reduces the chance of a false positive caused by the server
   -- issuing us a new, valid session ID that just happens to match the
   -- random one we provided.
-  local sid_old = stdnse.generate_random_string(16)
+  local sid_old = rand.random_string(16)
 
   local hello = tls.client_hello({
     ["protocol"] = version,