PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-10 09:49:05 +00:00
Code Issues Projects Releases Wiki Activity

Some string optimizations in NSE

Browse Source 
Changes fall into these categories:

1. Avoid pathological string building. Loops over x = x .. "foo" can
become very slow. Instead, use strbuf.lua, table.concat, or just one
continuous concatenation; a = x .. y .. z is one operation, better than
a = x .. y; a = a .. z

2. Use hex-escaped strings instead of string.char. I find this more
readable in many cases, and it avoids a table lookup and function call.

3. Don't duplicate code. A few libraries and scripts had re-implemented
stdnse.generate_random_string or openssl.rand_bytes.
This commit is contained in:
dmiller
2014-09-03 04:49:54 +00:00
parent 25725d369e
commit 40f36a4e3e
26 changed files with 202 additions and 243 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
scripts/tftp-enum.nse
View File

@@ -155,39 +155,8 @@ local check_file_present = function(host, port, filename)
return FILE_NOT_FOUND
end
--- Generates a random string of the requested length. This can be used to check how hosts react to
-- weird username/password combinations.
-- @param length (optional) The length of the string to return. Default: 8.
-- @param set (optional) The set of letters to choose from. Default: upper, lower, numbers, and underscore.
-- @return The random string.
local function get_random_string(length, set)
if (length == nil) then
length = 8
end
if (set == nil) then
set = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"
end
local str = ""
-- Seed the random number, if we haven't already
if (not (nmap.registry.oracle_enum_users) or not (nmap.registry.oracle_enum_users.seeded)) then
math.randomseed(os.time())
nmap.registry.oracle_enum_users = {}
nmap.registry.oracle_enum_users.seeded = true
end
for i = 1, length, 1 do
local random = math.random(#set)
str = str .. string.sub(set, random, random)
end
return str
end
local check_open_tftp = function(host, port)
local random_name = get_random_string()
local random_name = stdnse.generate_random_string(8, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_")
local ret_value = check_file_present(host, port, random_name)
if (ret_value == FILE_FOUND or ret_value == FILE_NOT_FOUND) then
return true