diff --git a/docs/scripting.xml b/docs/scripting.xml
index dc7f526ea..a93e74a0a 100644
--- a/docs/scripting.xml
+++ b/docs/scripting.xml
@@ -145,11 +145,11 @@ The reference manual is also
on the other hand, run no more than once against each target IP
and produce results below the port table. shows a typical script scan. Examples of
- service scripts producing output are: SSH protocol
- version 1, saying that SSH-1 is supported;
- and HTML Title,
+ service scripts producing output are:
+ SSHv1-support.nse, saying that SSH-1 is supported;
+ and showHTMLTitle.nse,
which simply grabs the title of the root path of any web servers
- found. A sample host script is RIPE Query,
+ found. A sample host script is ripeQuery.nse,
which looks up and reports target IP ownership
information.script names, examples of
@@ -164,14 +164,14 @@ Starting Nmap ( http://nmap.org )
Interesting ports on localhost (127.0.0.1):
PORT STATE SERVICE
22/tcp open ssh
-|_ SSH protocol version 1: Server supports SSHv1
+|_ SSHv1-support: Server supports SSHv1
23/tcp closed telnet
80/tcp open http
-|_ HTML title:Test Page for Apache Installation
+|_ showHTMLTitle: Test Page for Apache Installation
113/tcp closed auth
Host script results:
-|_ RIPE Query: IP belongs to: Internet Assigned Numbers Authority
+|_ ripeQuery: IP belongs to: Internet Assigned Numbers Authority
Nmap done: 1 IP address (1 host up) scanned in 0.91 seconds
@@ -223,9 +223,10 @@ Nmap done: 1 IP address (1 host up) scanned in 0.91 seconds
remote sysadmins. Of course (as with all other Nmap
features) we cannot guarantee that they won't ever cause
adverse reactions. Most of these perform general
- network discovery. Examples are SSH-hostkey (gets an SSH
- host key) and showHTMLTitle (grabs the
- title from a web page).
+ network discovery. Examples are
+ SSH-hostkey.nse (gets an SSH host key) and
+ showHTMLTitle.nse (grabs the title from a
+ web page).
@@ -518,8 +519,8 @@ $ nmap -sC --script-args user=foo,pass=bar,anonFTP={pass=ftp@foobar.com}
inside your script as
local username= nmap.registry.args.user.
As a general rule the subtables used to override
- options for scripts should be named as the script's
- id, otherwise scripts won't know where to
+ options for scripts should be named after the script,
+ otherwise scripts won't know where to
retrieve their arguments.
@@ -559,21 +560,8 @@ $ nmap -sC --script-args user=foo,pass=bar,anonFTP={pass=ftp@foobar.com}
Script Format
- NSE scripts consist of six descriptive fields along with either a port or host rule defining when the script should be executed and an action block containing the actual script instructions. Values can be assigned to these fields just as you would assign any other Lua variables. Their names must be lowercase as shown here.
+ NSE scripts consist of five descriptive fields along with either a port or host rule defining when the script should be executed and an action block containing the actual script instructions. Values can be assigned to these fields just as you would assign any other Lua variables. Their names must be lowercase as shown here.
-
- <literal>id</literal> Field
- “id” script variable
-
- The script's id field is displayed in the Nmap output
- table if the script produces any output. It should be unique so users
- can identify exactly which script file produced a message. IDs
- should be kept short to conserve space in Nmap output, while
- still being meaningful enough for users to recognize. Some
- good examples are RIPE query, HTML
- title, and Kibuv worm.script names, examples of
-
-
<literal>description</literal> Field
“description” script variable
@@ -686,7 +674,7 @@ or unfilteredunfilterednil or a string. If a string is returned by a service script, the string and script ID are printed in the Nmap port table output. A string returned by a host script is printed below the port table. No output is produced if the
+rule and can return either nil or a string. If a string is returned by a service script, the string and script's filename are printed in the Nmap port table output. A string returned by a host script is printed below the port table. No output is produced if the
script returns nil. For an example of an NSE
action refer to .
@@ -1252,8 +1240,8 @@ socket:close()
on an object. Threads waiting to work on this object are put in the
waiting queue until they can get a "lock" on the mutex. A solution for
the whois.nse problem above is to have each thread
- block on a mutex for script's ID field
- , thus ensuring only one thread is working so its results can
+ block on a mutex using a common string,
+ thus ensuring only one thread is working so its results can
be shared with other scripts which may not need to run and so queries
to the whois servers are staggered.
@@ -1317,9 +1305,7 @@ socket:close()
Mutex manipulation
-id = "My Script's Unique ID";
-
-local mutex = nmap.mutex(id);
+local mutex = nmap.mutex("My Script's Unique ID");
function action(host, port)
mutex "lock";
-- do stuff
@@ -1480,27 +1466,16 @@ try(socket:send(result))
The head of the script is essentially its meta information. This
includes the
- fields: id, description, categories, runlevel, author
+ fields: description, categories, runlevel, author
and license. We are not going to change the
run level, or worry about the author and license fields for now.
- The id of a script should uniquely identify
- it. If it is absent, the path to the script will be used as an
- id. We recommend to choose an id which concisely identifies the
- purpose of the script, since the ID is printed before the
- script's results in Nmap output.
-“Service Owner” script
-“id” script variable
-
-id = "Service owner"
-
-
-
The description field should contain a sentence or two describing what the script does. If anything about the script results might confuse or mislead users, and you can't eliminate the issue by improving the script or results text, it should be documented in the description string.
+showOwner.nse
“description” script variable
description = [[
@@ -1787,7 +1762,6 @@ local localip, localport = try(client_service:get_info())
An NSEDoc comment for a script
-id = "AS Numbers"
description = [[
Maps IP addresses to autonomous system (AS) numbers.
@@ -1997,7 +1971,6 @@ categories = {"discovery", "external"}
-id = "Skype v2"
description = [[
Detects the Skype version 2 service.
]]
@@ -2079,18 +2052,16 @@ end
Example Script
- “Finger Results” script
+ finger.nse
The finger script (finger.nse) is a perfect
example of how short typical NSE scripts are.
- First the information fields are filled out, note that the
-id field is kept short, this is important since it is
-printed in Nmap's output. A detailed description of what the script
+ First the information fields are filled out.
+A detailed description of what the script
actually does should go in the description field.
-id = "Finger Results"“id” script variable
description = [[
Attempts to get a list of usernames via the finger service.
]]“description” script variable
@@ -2275,7 +2246,7 @@ thread running against a host will have only a hostrule passed to the action clo
a thread running against a port will have both a hostrule and portrule passed. Each thread
is stored with information relevant to the thread. This information
includes the runlevel, target, target port (if applicable), host and port tables
-(passed to action), its type (running against a host or port), and its id.
+(passed to action), and its type (running against a host or port).
The mainloop function will work on each runlevel grouping of threads in order.
diff --git a/nse_main.cc b/nse_main.cc
index cb233d070..12ab8853d 100644
--- a/nse_main.cc
+++ b/nse_main.cc
@@ -1,6 +1,7 @@
#include "nse_main.h"
#include "nse_init.h"
+#include "nse_fs.h"
#include "nse_nsock.h"
#include "nse_nmaplib.h"
#include "nse_debug.h"
@@ -535,27 +536,47 @@ int process_waiting2running(lua_State* L, int resume_arguments) {
return SCRIPT_ENGINE_SUCCESS;
}
-/* Tries to get the script id and store it in the script scan result structure
- * if no 'id' field is found, the filename field is used which we set in the
- * setup phase. If someone changed the filename field to a nonstring we complain
- * */
+/* Gets the basename of a script filename and removes any ".nse" extension. */
+static char *abbreviate_script_filename(const char *filename) {
+ char *abbrev;
+
+ abbrev = path_get_basename(filename);
+ if (abbrev == NULL)
+ return NULL;
+ if (nse_check_extension(SCRIPT_ENGINE_EXTENSION, abbrev)) {
+ abbrev[strlen(abbrev) - strlen(SCRIPT_ENGINE_EXTENSION)] = '\0';
+ }
+
+ return abbrev;
+}
+
+/* Tries to get the script id and store it in the script scan result structure.
+ * If someone changed the filename field to a nonstring we complain. */
int process_getScriptId(lua_State* L, ScriptResult *sr) {
+ const char *filename;
- lua_getfield(L, 1, ID);
lua_getfield(L, 1, FILENAME);
-
- if(lua_isstring(L, -2)) {
- sr->set_id(lua_tostring (L, -2));
- } else if(lua_isstring(L, -1)) {
- sr->set_id(lua_tostring (L, -1));
- } else {
- error("%s: The script has no 'id' entry, the 'filename' entry was changed to:",
+ filename = lua_tostring(L, -1);
+ if (filename == NULL) {
+ error("%s: The script's 'filename' entry was changed to:",
SCRIPT_ENGINE);
l_dumpValue(L, -1);
return SCRIPT_ENGINE_ERROR;
}
+ lua_pop(L, 1);
- lua_pop(L, 2);
+ if (o.debugging > 1) {
+ sr->set_id(filename);
+ } else {
+ /* Abbreviate the filename with low or no debugging. */
+ char *id = abbreviate_script_filename(filename);
+ if (id == NULL) {
+ sr->set_id(filename);
+ } else {
+ sr->set_id(id);
+ free(id);
+ }
+ }
return SCRIPT_ENGINE_SUCCESS;
}
diff --git a/scripts/ASN.nse b/scripts/ASN.nse
index 5f56da3ff..cca4e796d 100644
--- a/scripts/ASN.nse
+++ b/scripts/ASN.nse
@@ -1,4 +1,3 @@
-id = "AS Numbers"
description = [[
Maps IP addresses to autonomous system (AS) numbers.
@@ -27,7 +26,7 @@ server (your default DNS server, or whichever you specified with the
-- @args dns The address of a recursive nameserver to use (optional).
-- @output
-- Host script results:
--- | AS Numbers:
+-- | ASN:
-- | BGP: 64.13.128.0/21 | Country: US
-- | Origin AS: 10565 SVCOLO-AS - Silicon Valley Colocation, Inc.
-- | Peer AS: 3561 6461
@@ -48,7 +47,7 @@ local ipOps = require "ipOps"
local stdnse = require "stdnse"
-local mutex = nmap.mutex( id )
+local mutex = nmap.mutex( "ASN" )
if not nmap.registry.asn then
nmap.registry.asn = {}
nmap.registry.asn.cache = {}
@@ -216,13 +215,13 @@ function ip_to_asn( query )
-- failed to find or get a response from any dns server - fatal
if not decoded_response and ( other_response == nil or other_response == 9 ) then
- stdnse.print_debug( "%s Failed to send dns query. Response from dns.query(): %s", id, other_response or "nil" )
+ stdnse.print_debug( "%s Failed to send dns query. Response from dns.query(): %s", filename, other_response or "nil" )
return false, nil
end
-- error codes from dns.lua
if not decoded_response and type( other_response ) == "number" then
- if other_response ~= 3 then stdnse.print_debug( "%s Error from dns.query() Code: %s in response to %s", id, other_response, query ) end
+ if other_response ~= 3 then stdnse.print_debug( "%s Error from dns.query() Code: %s in response to %s", filename, other_response, query ) end
return false, err_code[other_response] or "Unknown Error"
end
diff --git a/scripts/HTTPAuth.nse b/scripts/HTTPAuth.nse
index 7660896ea..d4a41413c 100644
--- a/scripts/HTTPAuth.nse
+++ b/scripts/HTTPAuth.nse
@@ -1,4 +1,3 @@
-id = "HTTP Auth"
description = [[
Gets the authentication scheme and realm of a web service that requires
authentication.
@@ -6,7 +5,7 @@ authentication.
---
-- @output
--- | HTTP Auth: HTTP Service requires authentication
+-- | HTTPAuth: HTTP Service requires authentication
-- |_ Auth type: Basic, realm = DSL Router
-- HTTP authentication information gathering script
diff --git a/scripts/HTTP_open_proxy.nse b/scripts/HTTP_open_proxy.nse
index cb753c5da..c77a0efca 100644
--- a/scripts/HTTP_open_proxy.nse
+++ b/scripts/HTTP_open_proxy.nse
@@ -1,4 +1,3 @@
-id="Open Proxy Test"
description=[[
Checks if an HTTP proxy is open.
diff --git a/scripts/HTTPpasswd.nse b/scripts/HTTPpasswd.nse
index c6e893d74..793e68fa1 100644
--- a/scripts/HTTPpasswd.nse
+++ b/scripts/HTTPpasswd.nse
@@ -1,4 +1,3 @@
-id = "HTTP directory traversal passwd probe"
description = [[
Checks if a web server is vulnerable to directory traversal by attempting to
retrieve /etc/passwd.
diff --git a/scripts/HTTPtrace.nse b/scripts/HTTPtrace.nse
index f80e6e1cd..b51fc1a20 100644
--- a/scripts/HTTPtrace.nse
+++ b/scripts/HTTPtrace.nse
@@ -1,4 +1,3 @@
-id = "HTTP TRACE"
description = [[
Sends an HTTP TRACE request and shows header fields that were modified in the
response.
@@ -7,7 +6,7 @@ response.
---
-- @output
-- 80/tcp open http
--- | HTTP TRACE: Response differs from request. First 5 additional lines:
+-- | HTTPtrace: Response differs from request. First 5 additional lines:
-- | Cookie: UID=d4287aa38d02f409841b4e0c0050c13148a85d01c0c0a154d4ef56dfc2b4fc1b0
-- | Country: us
-- | Ip_is_advertise_combined: yes
diff --git a/scripts/MSSQLm.nse b/scripts/MSSQLm.nse
index 8e551da1b..5559f3ba7 100644
--- a/scripts/MSSQLm.nse
+++ b/scripts/MSSQLm.nse
@@ -1,4 +1,3 @@
-id = "MS SQL"
description = [[
Attempts to extract information from Microsoft SQL Server.
]]
diff --git a/scripts/MySQLinfo.nse b/scripts/MySQLinfo.nse
index aee2adc4a..194c1f326 100644
--- a/scripts/MySQLinfo.nse
+++ b/scripts/MySQLinfo.nse
@@ -1,4 +1,3 @@
-id = "MySQL Server Information"
description = [[
Connects to a MySQL server and prints information such as the protocol and
version numbers, thread ID, status, capabilities, and the password salt.
@@ -11,7 +10,7 @@ running this script (see the portrule).
---
--@output
-- 3306/tcp open mysql
--- | MySQL Server Information: Protocol: 10
+-- | MySQLinfo: Protocol: 10
-- | Version: 5.0.51a-3ubuntu5.1
-- | Thread ID: 7
-- | Some Capabilities: Connect with DB, Compress, Transactions, Secure Connection
diff --git a/scripts/PPTPversion.nse b/scripts/PPTPversion.nse
index 375d0cec7..87ab8d333 100644
--- a/scripts/PPTPversion.nse
+++ b/scripts/PPTPversion.nse
@@ -1,4 +1,3 @@
-id = "PPTP"
description = [[
Attempts to extract system information from the PPTP service.
]]
diff --git a/scripts/RealVNC_auth_bypass.nse b/scripts/RealVNC_auth_bypass.nse
index a1c6cc52f..1c982622b 100644
--- a/scripts/RealVNC_auth_bypass.nse
+++ b/scripts/RealVNC_auth_bypass.nse
@@ -1,4 +1,3 @@
-id = "RealVNC Authentication Bypass"
description = [[
Checks if a VNC server is vulnerable to the RealVNC authentication bypass
(CVE-2006-2369).
diff --git a/scripts/SMTP_openrelay_test.nse b/scripts/SMTP_openrelay_test.nse
index c11abac3e..2abbe9486 100644
--- a/scripts/SMTP_openrelay_test.nse
+++ b/scripts/SMTP_openrelay_test.nse
@@ -1,4 +1,3 @@
-id = "Open Relay SMTP"
description = [[
Checks if an SMTP server is an open relay.
]]
diff --git a/scripts/SMTPcommands.nse b/scripts/SMTPcommands.nse
index 10930ddff..1c3b36238 100644
--- a/scripts/SMTPcommands.nse
+++ b/scripts/SMTPcommands.nse
@@ -1,4 +1,3 @@
-id = "SMTPcommands"
description = [[
Attempts to use EHLO and HELP to gather the Extended commands supported by an
SMTP server.
diff --git a/scripts/SNMPcommunitybrute.nse b/scripts/SNMPcommunitybrute.nse
index 7511ebbf0..bb2ef73ba 100644
--- a/scripts/SNMPcommunitybrute.nse
+++ b/scripts/SNMPcommunitybrute.nse
@@ -1,4 +1,3 @@
-id = "SNMPv1-communitybrute"
description = [[
Attempts to find an SNMP community string by brute force.
]]
diff --git a/scripts/SNMPsysdescr.nse b/scripts/SNMPsysdescr.nse
index 11792b035..3a0988cd4 100644
--- a/scripts/SNMPsysdescr.nse
+++ b/scripts/SNMPsysdescr.nse
@@ -1,11 +1,10 @@
-id = "SNMPv1"
description = [[
Attempts to extract system information from an SNMP version 1 service.
]]
---
-- @output
--- | SNMPv1: HP ETHERNET MULTI-ENVIRONMENT,ROM A.25.80,JETDIRECT,JD117,EEPROM V.28.22,CIDATE 08/09/2006
+-- | SNMPsysdescr: HP ETHERNET MULTI-ENVIRONMENT,ROM A.25.80,JETDIRECT,JD117,EEPROM V.28.22,CIDATE 08/09/2006
-- |_ System uptime: 28 days, 17:18:59 (248153900 timeticks)
author = "Thomas Buchanan "
diff --git a/scripts/SQLInject.nse b/scripts/SQLInject.nse
index 05573ed57..a98fac303 100644
--- a/scripts/SQLInject.nse
+++ b/scripts/SQLInject.nse
@@ -1,4 +1,3 @@
-id = "sql-inject"
description = [[
Spiders an HTTP server looking for URLs containing queries vulnerable to an SQL
injection attack.
@@ -54,7 +53,7 @@ local function get_page(host, port, httpurl)
try(soc:connect(host.ip, port.number))
httpurl = string.gsub(httpurl, "&", "&")
- --print(id .. ": " .. httpurl)
+ --print(filename .. ": " .. httpurl)
-- request page
local query = strbuf.new()
@@ -232,7 +231,7 @@ action = function(host, port)
end
if #injectable > 0 then
- stdnse.print_debug(1, "%s: Testing %d suspicious URLs", id, #injectable )
+ stdnse.print_debug(1, "%s: Testing %d suspicious URLs", filename, #injectable )
end
-- test all potentially vulnerable queries
diff --git a/scripts/SSH-hostkey.nse b/scripts/SSH-hostkey.nse
index 39622a2fe..69701c170 100644
--- a/scripts/SSH-hostkey.nse
+++ b/scripts/SSH-hostkey.nse
@@ -1,4 +1,3 @@
-id = "SSH Hostkey"
description = [[
Shows SSH hostkeys.
@@ -22,9 +21,9 @@ the output with the ssh_hostkey script argument.
--
--@output
-- 22/tcp open ssh
--- | SSH Hostkey: 2048 f0:58:ce:f4:aa:a4:59:1c:8e:dd:4d:07:44:c8:25:11 (RSA)
+-- | SSH-hostkey: 2048 f0:58:ce:f4:aa:a4:59:1c:8e:dd:4d:07:44:c8:25:11 (RSA)
-- 22/tcp open ssh
--- | SSH Hostkey: 2048 f0:58:ce:f4:aa:a4:59:1c:8e:dd:4d:07:44:c8:25:11 (RSA)
+-- | SSH-hostkey: 2048 f0:58:ce:f4:aa:a4:59:1c:8e:dd:4d:07:44:c8:25:11 (RSA)
-- | +--[ RSA 2048]----+
-- | | .E*+ |
-- | | oo |
@@ -37,7 +36,7 @@ the output with the ssh_hostkey script argument.
-- | | o . |
-- |_ +-----------------+
-- 22/tcp open ssh
--- | SSH Hostkey: 2048 xuvah-degyp-nabus-zegah-hebur-nopig-bubig-difeg-hisym-rumef-cuxex (RSA)
+-- | SSH-hostkey: 2048 xuvah-degyp-nabus-zegah-hebur-nopig-bubig-difeg-hisym-rumef-cuxex (RSA)
-- |_ ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwVuv2gcr0maaKQ69VVIEv2ob4OxnuI64fkeOnCXD1lUx5tTA+vefXUWEMxgMuA7iX4irJHy2zer0NQ3Z3yJvr5scPgTYIaEOp5Uo/eGFG9Agpk5wE8CoF0e47iCAPHqzlmP2V7aNURLMODb3jVZuI07A2ZRrMGrD8d888E2ORVORv1rYeTYCqcMMoVFmX9l3gWEdk4yx3w5sD8v501Iuyd1v19mPfyhrI5E1E1nl/Xjp5N0/xP2GUBrdkDMxKaxqTPMie/f0dXBUPQQN697a5q+5lBRPhKYOtn6yQKCd9s1Q22nxn72Jmi1RzbMyYJ52FosDT755Qmb46GLrDMaZMQ==
author = "Sven Klemm "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
@@ -52,7 +51,7 @@ if pcall(require,"openssl") then
require("ssh2")
else
action = function()
- stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.", id )
+ stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.", filename )
end
end
@@ -63,9 +62,9 @@ portrule = shortport.port_or_service(22, "ssh")
--@param host nmap host table
--@param key host key table
local add_key_to_registry = function( host, key )
- nmap.registry[id] = nmap.registry[id] or {}
- nmap.registry[id][host.ip] = nmap.registry[id][host.ip] or {}
- table.insert( nmap.registry[id][host.ip], key )
+ nmap.registry.sshhostkey = nmap.registry.sshhostkey or {}
+ nmap.registry.sshhostkey[host.ip] = nmap.registry.sshhostkey[host.ip] or {}
+ table.insert( nmap.registry.sshhostkey[host.ip], key )
end
action = action or function(host, port)
diff --git a/scripts/SSHv1-support.nse b/scripts/SSHv1-support.nse
index accb1c8c9..b0f43f789 100644
--- a/scripts/SSHv1-support.nse
+++ b/scripts/SSHv1-support.nse
@@ -1,4 +1,3 @@
-id = "SSH Protocol Version 1"
description = [[
Checks if an SSH server supports SSH Protocol Version 1.
]]
diff --git a/scripts/SSLv2-support.nse b/scripts/SSLv2-support.nse
index bd523f8ac..f305dc32b 100644
--- a/scripts/SSLv2-support.nse
+++ b/scripts/SSLv2-support.nse
@@ -1,4 +1,3 @@
-id = "SSLv2"
description = [[
Determines whether the server (still) supports SSL-v2, and what ciphers it
offers.
@@ -7,7 +6,7 @@ offers.
---
--@output
-- 443/tcp open https syn-ack
--- | SSLv2: server still supports SSLv2
+-- | SSLv2-support: server still supports SSLv2
-- | SSL2_RC4_128_WITH_MD5
-- | SSL2_DES_192_EDE3_CBC_WITH_MD5
-- | SSL2_RC2_CBC_128_CBC_WITH_MD5
diff --git a/scripts/UPnP-info.nse b/scripts/UPnP-info.nse
index 942d25a80..fb45be4ca 100644
--- a/scripts/UPnP-info.nse
+++ b/scripts/UPnP-info.nse
@@ -1,11 +1,10 @@
-id = "UPnP"
description = [[
Attempts to extract system information from the UPnP service.
]]
---
-- @output
--- | UPnP: System/1.0 UPnP/1.0 IGD/1.0
+-- | UPnP-info: System/1.0 UPnP/1.0 IGD/1.0
-- |_ Location: http://192.168.1.1:80/UPnP/IGD.xml
author = "Thomas Buchanan "
diff --git a/scripts/anonFTP.nse b/scripts/anonFTP.nse
index 11928f32d..159a98f84 100644
--- a/scripts/anonFTP.nse
+++ b/scripts/anonFTP.nse
@@ -1,11 +1,10 @@
-id = "Anonymous FTP"
description = [[
Checks if an FTP server allows anonymous logins.
]]
---
-- @output
--- |_ Anonymous FTP: Anonymous login allowed
+-- |_ anonFTP: Anonymous login allowed
author = "Eddie Bell "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
diff --git a/scripts/brutePOP3.nse b/scripts/brutePOP3.nse
index 6a3bcc5f4..5ad35cfeb 100644
--- a/scripts/brutePOP3.nse
+++ b/scripts/brutePOP3.nse
@@ -1,4 +1,3 @@
-id = "POP3 brute force"
description = [[
Tries to log into a POP3 account by guessing usernames and passwords.
]]
diff --git a/scripts/bruteTelnet.nse b/scripts/bruteTelnet.nse
index cb8953e85..28e576d72 100644
--- a/scripts/bruteTelnet.nse
+++ b/scripts/bruteTelnet.nse
@@ -65,7 +65,7 @@ local new_auth_iter = function()
end
i = i + 1
- stdnse.print_debug(3, "%s %s:%s", id, userpass[i-1][1], escape_cred(userpass[i-1][2]))
+ stdnse.print_debug(3, "%s %s:%s", filename, userpass[i-1][1], escape_cred(userpass[i-1][2]))
return userpass[i-1][1], userpass[i-1][2]
end
end
diff --git a/scripts/daytimeTest.nse b/scripts/daytimeTest.nse
index 462e0f095..536d1bd51 100644
--- a/scripts/daytimeTest.nse
+++ b/scripts/daytimeTest.nse
@@ -1,4 +1,3 @@
-id = "Daytime"
description = [[
Retrieves the day and time from the UDP Daytime service.
]]
diff --git a/scripts/dns-safe-recursion-port.nse b/scripts/dns-safe-recursion-port.nse
index adb2121c5..853dd8e1e 100644
--- a/scripts/dns-safe-recursion-port.nse
+++ b/scripts/dns-safe-recursion-port.nse
@@ -1,4 +1,3 @@
-id = "DNS source port randomness"
description = [[
Checks a DNS server for the predictable-port recursion vulnerability.
Predictable source ports can make a DNS server vulnerable to cache poisoning
diff --git a/scripts/dns-safe-recursion-txid.nse b/scripts/dns-safe-recursion-txid.nse
index 80105469e..d6fe9df9d 100644
--- a/scripts/dns-safe-recursion-txid.nse
+++ b/scripts/dns-safe-recursion-txid.nse
@@ -1,4 +1,3 @@
-id = "DNS TXID randomness"
description = [[
Checks a DNS server for the predictable-TXID DNS recursion
diff --git a/scripts/dns-test-open-recursion.nse b/scripts/dns-test-open-recursion.nse
index 7d4bdb4d9..df153425a 100644
--- a/scripts/dns-test-open-recursion.nse
+++ b/scripts/dns-test-open-recursion.nse
@@ -1,4 +1,3 @@
-id = "Nameserver open recursive queries"
description = [[
Checks if a DNS server allows queries for third-party names.
diff --git a/scripts/finger.nse b/scripts/finger.nse
index 793b35c7b..fda3f68fc 100644
--- a/scripts/finger.nse
+++ b/scripts/finger.nse
@@ -1,4 +1,3 @@
-id = "Finger Results"
description = [[
Attempts to get a list of usernames via the finger service.
]]
diff --git a/scripts/ftpbounce.nse b/scripts/ftpbounce.nse
index ebc7a8e92..e14bd66a7 100644
--- a/scripts/ftpbounce.nse
+++ b/scripts/ftpbounce.nse
@@ -1,4 +1,3 @@
-id="FTP bounce check"
description=[[
Checks to see if an FTP server allows port scanning using the FTP bounce method.
]]
diff --git a/scripts/iax2Detect.nse b/scripts/iax2Detect.nse
index 6042d9848..8c03d280c 100644
--- a/scripts/iax2Detect.nse
+++ b/scripts/iax2Detect.nse
@@ -1,4 +1,3 @@
-id = "IAX2 Service Detection"
description = [[
Detects the UDP IAX2 service.
diff --git a/scripts/ircServerInfo.nse b/scripts/ircServerInfo.nse
index d252946a3..875c27f64 100644
--- a/scripts/ircServerInfo.nse
+++ b/scripts/ircServerInfo.nse
@@ -1,4 +1,3 @@
-id = "IRC Server Info"
description = [[
Gathers information from an IRC server.
@@ -8,7 +7,7 @@ It uses STATS, LUSERS, and other queries to obtain this information.
---
-- @output
-- 6665/tcp open irc
--- | IRC Server Info: Server: foo.bar.net
+-- | ircServerInfo: Server: foo.bar.net
-- | Version: hyperion-1.0.2b(381). foo.bar.net
-- | Lservers/Lusers: 0/4204
-- | Uptime: 106 days, 2:46:30
diff --git a/scripts/ircZombieTest.nse b/scripts/ircZombieTest.nse
index b25afbcba..38dcf5e05 100644
--- a/scripts/ircZombieTest.nse
+++ b/scripts/ircZombieTest.nse
@@ -1,4 +1,3 @@
-id = "IRC zombie"
description = [[
Checks for an IRC zombie.
diff --git a/scripts/nbstat.nse b/scripts/nbstat.nse
index 641641ffc..e58d0cf0f 100644
--- a/scripts/nbstat.nse
+++ b/scripts/nbstat.nse
@@ -1,4 +1,3 @@
-id = "NBSTAT"
description = [[
Attempt's to get the target's NetBIOS names and MAC address.
@@ -13,10 +12,10 @@ owns.
--
-- @output
-- (no verbose)\n
--- |_ NBSTAT: NetBIOS name: TEST1, NetBIOS user: RON, NetBIOS MAC: 00:0c:29:f9:d9:28\n
+-- |_ nbstat: NetBIOS name: TEST1, NetBIOS user: RON, NetBIOS MAC: 00:0c:29:f9:d9:28\n
--\n
-- (verbose)\n
--- | NBSTAT: NetBIOS name: TEST1, NetBIOS user: RON, NetBIOS MAC: 00:0c:29:f9:d9:28\n
+-- | nbstat: NetBIOS name: TEST1, NetBIOS user: RON, NetBIOS MAC: 00:0c:29:f9:d9:28\n
-- | Name: TEST1<00> Flags: \n
-- | Name: TEST1<20> Flags: \n
-- | Name: WORKGROUP<00> Flags: \n
diff --git a/scripts/popcapa.nse b/scripts/popcapa.nse
index b61ded39c..66b667977 100644
--- a/scripts/popcapa.nse
+++ b/scripts/popcapa.nse
@@ -1,4 +1,3 @@
-id = "POP3 Capabilites"
description = [[
Retrieves POP3 server capabilities.
]]
@@ -6,7 +5,7 @@ Retrieves POP3 server capabilities.
---
-- @output
-- 110/tcp open pop3
--- |_ POP3 Capabilites: USER CAPA RESP-CODES UIDL PIPELINING STLS TOP SASL(PLAIN)
+-- |_ popcapa: USER CAPA RESP-CODES UIDL PIPELINING STLS TOP SASL(PLAIN)
author = "Philip Pickering "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
diff --git a/scripts/promiscuous.nse b/scripts/promiscuous.nse
index e662c0a41..8bf02b86e 100644
--- a/scripts/promiscuous.nse
+++ b/scripts/promiscuous.nse
@@ -1,4 +1,3 @@
-id = "Promiscuous detection"
description = [[
Checks if a target on a local Ethernet has its network card in promiscuous mode.
diff --git a/scripts/ripeQuery.nse b/scripts/ripeQuery.nse
index dc42f56f2..f232fb8ec 100644
--- a/scripts/ripeQuery.nse
+++ b/scripts/ripeQuery.nse
@@ -1,4 +1,3 @@
-id = "RIPE query"
description = [[
Connects to the RIPE database and displays the role: entry for the
target's IP address.
diff --git a/scripts/robots.nse b/scripts/robots.nse
index ba473760d..7711155ee 100644
--- a/scripts/robots.nse
+++ b/scripts/robots.nse
@@ -1,4 +1,3 @@
-id = "robots.txt"
description = [[
Checks for disallowed entries in robots.txt.
@@ -8,7 +7,7 @@ The higher the verbosity or debug level, the more disallowed entries are shown.
---
--@output
-- 80/tcp open http syn-ack
--- | robots.txt: has 156 disallowed entries (40 shown)
+-- | robots: has 156 disallowed entries (40 shown)
-- | /news?output=xhtml& /search /groups /images /catalogs
-- | /catalogues /news /nwshp /news?btcid=*& /news?btaid=*&
-- | /setnewsprefs? /index.html? /? /addurl/image? /pagead/ /relpage/
diff --git a/scripts/rpcinfo.nse b/scripts/rpcinfo.nse
index ee8622f3e..0aebb8abe 100644
--- a/scripts/rpcinfo.nse
+++ b/scripts/rpcinfo.nse
@@ -1,4 +1,3 @@
-id = "rpcinfo"
description = [[
Connects to portmapper and fetches a list of all registered programs.
]]
diff --git a/scripts/showHTMLTitle.nse b/scripts/showHTMLTitle.nse
index e92631618..d395188bc 100644
--- a/scripts/showHTMLTitle.nse
+++ b/scripts/showHTMLTitle.nse
@@ -1,4 +1,3 @@
-id = "HTML title"
description = [[
Shows the title of the default page of a web server.
@@ -11,7 +10,7 @@ original target.
---
--@output
-- 80/tcp open http syn-ack
--- |_ HTML title: Foo.
+-- |_ showHTMLTitle: Foo.
author = "Diman Todorov "
diff --git a/scripts/showOwner.nse b/scripts/showOwner.nse
index 5061e6ae6..2c4dfaec8 100644
--- a/scripts/showOwner.nse
+++ b/scripts/showOwner.nse
@@ -1,4 +1,3 @@
-id = "Service owner"
description = [[
Attempts to find the owner of a scanned port.
diff --git a/scripts/skype_v2-version.nse b/scripts/skype_v2-version.nse
index ac5b215dd..1c5ef0964 100644
--- a/scripts/skype_v2-version.nse
+++ b/scripts/skype_v2-version.nse
@@ -1,4 +1,3 @@
-id = "Skype v2"
description = [[
Detects the Skype version 2 service.
]]
diff --git a/scripts/smb-enumdomains.nse b/scripts/smb-enumdomains.nse
index 7be0bcb1f..b09f93d1f 100644
--- a/scripts/smb-enumdomains.nse
+++ b/scripts/smb-enumdomains.nse
@@ -1,4 +1,3 @@
-id = "MSRPC: List of domains"
description = [[
Attempts to enumerate domains on a system, along with their policies. This will likely only work without credentials against Windows 2000.
@@ -18,7 +17,7 @@ After the initial bind() to SAMR, the sequence of calls is:
--
--@output
-- Host script results:
--- | MSRPC: List of domains:
+-- | smb-enumdomains:
-- | Domain: LOCALSYSTEM
-- | |_ SID: S-1-5-21-2956463495-2656032972-1271678565
-- | |_ Users: Administrator, Guest, SUPPORT_388945a0
diff --git a/scripts/smb-enumsessions.nse b/scripts/smb-enumsessions.nse
index 8c212b4f5..56f1676d9 100644
--- a/scripts/smb-enumsessions.nse
+++ b/scripts/smb-enumsessions.nse
@@ -1,4 +1,3 @@
-id = "MSRPC: NetSessEnum()"
description = [[
Enumerates the users logged into a system either locally, through a remote desktop client (terminal
services), or through a SMB share.
@@ -31,7 +30,7 @@ idea to write this one.
--
--@output
-- Host script results:
--- | MSRPC: NetSessEnum():
+-- | smb-enumsessions:
-- | Users logged in:
-- | |_ TESTBOX\Administrator since 2008-10-21 08:17:14
-- | |_ DOMAIN\rbowes since 2008-10-20 09:03:23
diff --git a/scripts/smb-enumshares.nse b/scripts/smb-enumshares.nse
index 4e9d1bed3..eb00330cc 100644
--- a/scripts/smb-enumshares.nse
+++ b/scripts/smb-enumshares.nse
@@ -1,4 +1,3 @@
-id = "MSRPC: List of shares"
description = [[
Attempts to list shares using the srvsvc.NetShareEnumAll() MSRPC function, then
retrieve more information about each share using srvsvc.NetShareGetInfo().
@@ -28,13 +27,13 @@ doing an authenticated test.
--
--@output
-- Standard:
--- | MSRPC: List of shares:
+-- | smb-enumshares:
-- | Anonymous shares: IPC$
-- |_ Restricted shares: F$, ADMIN$, C$
--
-- Verbose:
-- Host script results:
--- | MSRPC: List of shares:
+-- | smb-enumshares:
-- | Anonymous shares:
-- | IPC$
-- | |_ Type: STYPE_IPC_HIDDEN
diff --git a/scripts/smb-enumusers.nse b/scripts/smb-enumusers.nse
index 801691f52..d93bffe21 100644
--- a/scripts/smb-enumusers.nse
+++ b/scripts/smb-enumusers.nse
@@ -1,4 +1,3 @@
-id = "MSRPC: List of user accounts"
description = [[
Attempts to enumerate the users on a remote Windows system, with as much
information as possible, through a variety of techniques (over SMB and MSRPC,
@@ -73,11 +72,11 @@ the code I wrote for this is largely based on the techniques used by them.
--
-- @output
-- Host script results:
--- | MSRPC: List of user accounts:
+-- | smb-enumusers:
-- |_ TESTBOX\Administrator, EXTERNAL\DnsAdmins, TESTBOX\Guest, EXTERNAL\HelpServicesGroup, EXTERNAL\PARTNERS$, TESTBOX\SUPPORT_388945a0
--
-- Host script results:
--- | MSRPC: List of user accounts:
+-- | smb-enumusers:
-- | Administrator
-- | |_ Type: User
-- | |_ Domain: LOCALSYSTEM
diff --git a/scripts/smb-os-discovery.nse b/scripts/smb-os-discovery.nse
index 075852865..03032954e 100644
--- a/scripts/smb-os-discovery.nse
+++ b/scripts/smb-os-discovery.nse
@@ -1,4 +1,3 @@
-id = "OS from SMB"
description = [[
Attempts to determine the operating system over the SMB protocol (ports 445 and
139).
@@ -13,7 +12,7 @@ they likely won't change the outcome in any meaningful way.
-- sudo nmap -sU -sS --script smb-os-discovery.nse -p U:137,T:139 127.0.0.1
--
--@output
--- | OS from SMB: Windows 2000
+-- | smb-os-discovery: Windows 2000
-- | LAN Manager: Windows 2000 LAN Manager
-- | Name: WORKGROUP\TEST1
-- |_ System time: 2008-09-09 20:55:55 UTC-5
diff --git a/scripts/smb-security-mode.nse b/scripts/smb-security-mode.nse
index 7260813bb..c50ac2a02 100644
--- a/scripts/smb-security-mode.nse
+++ b/scripts/smb-security-mode.nse
@@ -1,4 +1,3 @@
-id = "SMB Security"
description = [[
Returns information about the SMB security level determined by SMB.
@@ -44,9 +43,9 @@ set the username and password, etc.), but it probably won't ever require them.
-- sudo nmap -sU -sS --script smb-security-mode.nse -p U:137,T:139 127.0.0.1
--
--@output
--- | SMB Security: User-level authentication
--- | SMB Security: Challenge/response passwords supported
--- |_ SMB Security: Message signing supported
+-- | smb-security-mode: User-level authentication
+-- | smb-security-mode: Challenge/response passwords supported
+-- |_ smb-security-mode: Message signing supported
--
-- @args smb* This script supports the smbusername,
-- smbpassword, smbhash, smbguest, and
diff --git a/scripts/smb-serverstats.nse b/scripts/smb-serverstats.nse
index dd7bb5b12..ac0cebec9 100644
--- a/scripts/smb-serverstats.nse
+++ b/scripts/smb-serverstats.nse
@@ -1,4 +1,3 @@
-id = "MSRPC: Server statistics"
description = [[
Attempts to grab the server's statistics over SMB and MSRPC, which uses TCP
ports 445 or 139.
@@ -17,7 +16,7 @@ the numbers that Windows returns. Take the values here with a grain of salt.
--
-- @output
-- Host script results:
--- | MSRPC: Server statistics:
+-- | smb-serverstats:
-- | Server statistics collected since 2008-10-17 09:32:41 (4d0h24m29s):
-- | |_ Traffic 133467 bytes (0.38b/s) sent, 167696 bytes (0.48b/s) received
-- | |_ Failed logins: 5
diff --git a/scripts/smb-systeminfo.nse b/scripts/smb-systeminfo.nse
index 84430022d..b1e2b4b60 100644
--- a/scripts/smb-systeminfo.nse
+++ b/scripts/smb-systeminfo.nse
@@ -1,4 +1,3 @@
-id = "System info"
description = [[
Pulls back information about the remote system from the registry. Getting all
@@ -17,7 +16,7 @@ I don't know it), so this doesn't support Vista at all.
--
-- @output
-- Host script results:
--- | System info:
+-- | smb-systeminfo:
-- | OS Details
-- | |_ Microsoft Windows Server 2003 Service Pack 2 (ServerNT 5.2 build 3790)
-- | |_ Installed on 2007-11-26 23:40:40
diff --git a/scripts/strangeSMTPport.nse b/scripts/strangeSMTPport.nse
index 0a9d1f211..c48aaec4f 100644
--- a/scripts/strangeSMTPport.nse
+++ b/scripts/strangeSMTPport.nse
@@ -1,4 +1,3 @@
-id = "Unexpected SMTP"
description = [[
Checks if SMTP is running on a non-standard port.
@@ -9,7 +8,7 @@ system to send spam or control your machine.
---
-- @output
-- 22/tcp open ssh
--- |_ Unexpected SMTP: Warning: smtp is running on a strange port
+-- |_ strangeSMTPport: Warning: smtp is running on a strange port
author = "Diman Todorov "
diff --git a/scripts/whois.nse b/scripts/whois.nse
index 64e7de8b1..2dc9e0dd1 100644
--- a/scripts/whois.nse
+++ b/scripts/whois.nse
@@ -1,4 +1,3 @@
-id = "Whois"
description = [[
Queries the WHOIS services of Regional Internet Registries (RIR) and attempts to retrieve information about the IP Address
Assignment which contains the Target IP Address.
@@ -67,7 +66,7 @@ the RIRs.
-- nmap target --script whois --script-args whois={whodb=nocache}
-- @output
-- Host script results:
--- | Whois: Record found at whois.arin.net
+-- | whois: Record found at whois.arin.net
-- | netrange: 64.13.134.0 - 64.13.134.63
-- | netname: NET-64-13-143-0-26
-- | orgname: Titan Networks
@@ -97,7 +96,7 @@ hostrule = function( host )
local is_private, err = ipOps.isPrivate( host.ip )
if err then
- stdnse.print_debug( "%s Error in Hostrule: %s.", id, err )
+ stdnse.print_debug( "%s Error in Hostrule: %s.", filename, err )
return false
end
@@ -143,7 +142,7 @@ action = function( host )
end
-- script initialisation - threads must wait until this has been completed before continuing
- local mutex = nmap.mutex( id )
+ local mutex = nmap.mutex( "whois" )
mutex "lock"
if not nmap.registry.whois.init_done then
script_init( host.ip )
@@ -192,7 +191,7 @@ action = function( host )
status, retval = pcall( get_next_action, tracking, host.ip )
if not status then
- stdnse.print_debug( "%s %s pcall caught an exception in get_next_action: %s.", id, ip, retval )
+ stdnse.print_debug( "%s %s pcall caught an exception in get_next_action: %s.", filename, ip, retval )
else tracking = retval end
if tracking.this_db then
@@ -203,13 +202,13 @@ action = function( host )
-- analyse data
status, retval = pcall( analyse_response, tracking, host.ip, response, data )
if not status then
- stdnse.print_debug( "%s %s pcall caught an exception in analyse_response: %s.", id, ip, retval )
+ stdnse.print_debug( "%s %s pcall caught an exception in analyse_response: %s.", filename, ip, retval )
else data = retval end
-- get next action
status, retval = pcall( get_next_action, tracking, host.ip )
if not status then
- stdnse.print_debug( "%s %s pcall caught an exception in get_next_action: %s.", id, ip, retval )
+ stdnse.print_debug( "%s %s pcall caught an exception in get_next_action: %s.", filename, ip, retval )
if not tracking.last_db then tracking.last_db, tracking.this_db = tracking.this_db or tracking.next_db, nil end
else tracking = retval end
end
@@ -342,7 +341,7 @@ function check_response_cache( ip )
-- record found in cache
return true, nil
else
- stdnse.print_debug( 1, "%s %s Error in check_response_cache: %s.", id, ip, err )
+ stdnse.print_debug( 1, "%s %s Error in check_response_cache: %s.", filename, ip, err )
end
return false, nil
@@ -463,7 +462,7 @@ function get_db_from_assignments( ip )
end
if not nmap.registry.whois.local_assignments_data or not nmap.registry.whois.local_assignments_data[af] then
- stdnse.print_debug( 1, "%s Error in get_db_from_assignments: Missing assignments data in registry.", id )
+ stdnse.print_debug( 1, "%s Error in get_db_from_assignments: Missing assignments data in registry.", filename )
return nil
end
@@ -490,14 +489,14 @@ end
function do_query(db, ip)
if type( db ) ~= "string" or not nmap.registry.whois.whoisdb[db] then
- stdnse.print_debug("%s %s Error in do_query: %s is not a defined Whois service.", id, ip, db)
+ stdnse.print_debug("%s %s Error in do_query: %s is not a defined Whois service.", filename, ip, db)
return nil
end
local service = nmap.registry.whois.whoisdb[db]
if type( service.hostname ) ~= "string" or service.hostname == "" then
- stdnse.print_debug("%s %s Error in do_query: Invalid hostname for %s.", id, ip, db)
+ stdnse.print_debug("%s %s Error in do_query: Invalid hostname for %s.", filename, ip, db)
return nil
end
@@ -513,7 +512,7 @@ function do_query(db, ip)
local socket = nmap.new_socket()
local catch = function()
- stdnse.print_debug( "%s %s Connection to %s failed or was aborted! No Output for this Target.", id, ip, db )
+ stdnse.print_debug( "%s %s Connection to %s failed or was aborted! No Output for this Target.", filename, ip, db )
nmap.registry.whois.mutex[db] "done"
socket:close()
end
@@ -536,7 +535,7 @@ function do_query(db, ip)
socket:close()
- stdnse.print_debug(3, "%s %s Ended Query at %s.", id, ip, db)
+ stdnse.print_debug(3, "%s %s Ended Query at %s.", filename, ip, db)
if #result == 0 then
return nil
@@ -588,13 +587,13 @@ function analyse_response( tracking, ip, response, data )
if type( meta ) == "table" and type( meta.fieldreq ) == "table" and type( meta.fieldreq.ob_exist ) == "string" then
have_objects = response:match( meta.fieldreq.ob_exist )
else
- stdnse.print_debug( 2, "%s %s Could not check for objects, problem with meta data.", id, ip )
+ stdnse.print_debug( 2, "%s %s Could not check for objects, problem with meta data.", filename, ip )
have_objects = false
end
-- if we do not recognise objects check for an known error/non-object message
if not have_objects then
- stdnse.print_debug( 4, "%s %s %s has not responded with the expected objects.", id, ip, this_db )
+ stdnse.print_debug( 4, "%s %s %s has not responded with the expected objects.", filename, ip, this_db )
local tmp, msg
-- may have found our record saying something similar to "No Record Found"
for _, pattern in ipairs( nmap.registry.whois.m_none ) do
@@ -602,7 +601,7 @@ function analyse_response( tracking, ip, response, data )
pattern_u = pattern:gsub( "$addr", ip:upper() )
msg = response:match( pattern_l ) or response:match( pattern_u )
if msg then
- stdnse.print_debug( 4, "%s %s %s responded with a message which is assumed to be authoritative (but may not be).", id, ip, this_db )
+ stdnse.print_debug( 4, "%s %s %s responded with a message which is assumed to be authoritative (but may not be).", filename, ip, this_db )
break
end
end
@@ -611,7 +610,7 @@ function analyse_response( tracking, ip, response, data )
for _, pattern in ipairs( nmap.registry.whois.m_err ) do
msg = response:match( pattern )
if msg then
- stdnse.print_debug( 4, "%s %s %s responded with an ERROR message.", id, ip, this_db )
+ stdnse.print_debug( 4, "%s %s %s responded with an ERROR message.", filename, ip, this_db )
break
end
end
@@ -630,7 +629,7 @@ function analyse_response( tracking, ip, response, data )
for setname, set in pairs( nmap.registry.whois.fields_meta ) do
if set ~= nmap.registry.whois.whoisdb[this_db].fieldreq and response:match(set.ob_exist) then
foreign_obj = setname
- stdnse.print_debug( 4, "%s %s %s seems to have responded using the set of objects named: %s.", id, ip, this_db, foreign_obj )
+ stdnse.print_debug( 4, "%s %s %s seems to have responded using the set of objects named: %s.", filename, ip, this_db, foreign_obj )
break
end
end
@@ -639,7 +638,7 @@ function analyse_response( tracking, ip, response, data )
meta = nmap.registry.whois.whoisdb.ripe
meta.redirects = nil
have_objects = true
- stdnse.print_debug( 4, "%s %s %s will use the display properties of ripe.", id, ip, this_db )
+ stdnse.print_debug( 4, "%s %s %s will use the display properties of ripe.", filename, ip, this_db )
elseif foreign_obj then
-- find a display to match the objects.
for some_db, db_props in pairs( nmap.registry.whois.whoisdb ) do
@@ -648,7 +647,7 @@ function analyse_response( tracking, ip, response, data )
meta = nmap.registry.whois.whoisdb[some_db]
meta.redirects = nil
have_objects = true
- stdnse.print_debug( 4, "%s %s %s will use the display properties of %s.", id, ip, this_db, some_db )
+ stdnse.print_debug( 4, "%s %s %s will use the display properties of %s.", filename, ip, this_db, some_db )
break
end
end
@@ -657,7 +656,7 @@ function analyse_response( tracking, ip, response, data )
-- extract fields from the entire response for record/redirect discovery
if have_objects then
- stdnse.print_debug( 4, "%s %s Parsing Query response from %s.", id, ip, this_db )
+ stdnse.print_debug( 4, "%s %s Parsing Query response from %s.", filename, ip, this_db )
data[this_db] = extract_objects_from_response( response, this_db, ip, meta )
end
@@ -665,7 +664,7 @@ function analyse_response( tracking, ip, response, data )
-- do record/redirect discovery, cache found redirect
if not nmap.registry.whois.nofollow and have_objects and meta.redirects then
- stdnse.print_debug( 4, "%s %s Testing response for redirection.", id, ip )
+ stdnse.print_debug( 4, "%s %s Testing response for redirection.", filename, ip )
found, nextdb, data.iana = redirection_rules( this_db, ip, data, meta )
end
@@ -673,7 +672,7 @@ function analyse_response( tracking, ip, response, data )
-- modify the data table depending on whether we're redirecting or quitting
if have_objects then
- stdnse.print_debug( 5, "%s %s Extracting Fields from response.", id, ip )
+ stdnse.print_debug( 5, "%s %s Extracting Fields from response.", filename, ip )
-- optionally constrain response to a more focused area
-- discarding previous extraction
@@ -685,7 +684,7 @@ function analyse_response( tracking, ip, response, data )
end
if offset > 1 and meta.unordered then
-- fetch an object immediately in front of inetnum
- stdnse.print_debug( 5, "%s %s %s Searching for an object group immediately before this range.", id, ip, this_db )
+ stdnse.print_debug( 5, "%s %s %s Searching for an object group immediately before this range.", filename, ip, this_db )
-- split objects from the record, up to offset. Last object should be the one we want.
local obj_sel = stdnse.strsplit( "\r?\n\r?\n", response:sub( 1, offset ) )
response_chunk = "\n" .. obj_sel[#obj_sel] .. "\n"
@@ -717,10 +716,10 @@ function analyse_response( tracking, ip, response, data )
end
-- DEBUG
- stdnse.print_debug( 6, "%s %s %s Fields captured :", id, ip, this_db )
+ stdnse.print_debug( 6, "%s %s %s Fields captured :", filename, ip, this_db )
for ob, t in pairs( data[this_db] ) do
for fieldname, fieldvalue in pairs( t ) do
- stdnse.print_debug( 6, "%s %s %s %s.%s %s.", id, ip, this_db, ob, fieldname, fieldvalue )
+ stdnse.print_debug( 6, "%s %s %s %s.%s %s.", filename, ip, this_db, ob, fieldname, fieldvalue )
end
end
@@ -806,15 +805,15 @@ function extract_objects_from_response( response_string, db, ip, meta, specific_
-- we either receive a table for one object or for all objects
if type( specific_object ) == "string" and meta.fieldreq[specific_object] then
objects_to_extract[specific_object] = meta.fieldreq[specific_object]
- stdnse.print_debug( 5, "%s %s Extracting a single object: %s.", id, ip, specific_object )
+ stdnse.print_debug( 5, "%s %s Extracting a single object: %s.", filename, ip, specific_object )
else
- stdnse.print_debug( 5, "%s %s Extracting all objects.", id, ip )
+ stdnse.print_debug( 5, "%s %s Extracting all objects.", filename, ip )
objects_to_extract = meta.fieldreq
end
for object_name, object in pairs( objects_to_extract ) do
if object_name and object_name ~= "ob_exist" then
- stdnse.print_debug(5, "%s %s Seeking object group: %s.", id, ip, object_name)
+ stdnse.print_debug(5, "%s %s Seeking object group: %s.", filename, ip, object_name)
extracted_objects[object_name] = {}
extracted_objects[object_name].for_compare = {} -- this will allow us to compare two tables
-- get a substr of response_string that corresponds to a single object
@@ -823,7 +822,7 @@ function extract_objects_from_response( response_string, db, ip, meta, specific_
-- if we could not find the end, make the end EOF
ob_end = ob_end or -1
if ob_start and ob_end then
- stdnse.print_debug(5, "%s %s Capturing: %s with indices %s and %s.", id, ip, object_name, ob_start, ob_end )
+ stdnse.print_debug(5, "%s %s Capturing: %s with indices %s and %s.", filename, ip, object_name, ob_start, ob_end )
local obj_string = response_string:sub( ob_start, ob_end )
for fieldname, pattern in pairs( object ) do
if fieldname ~= "ob_start" and fieldname ~= "ob_end" then
@@ -896,19 +895,19 @@ function redirection_rules( db, ip, data, meta )
-- arin record points to iana so we won't follow and we assume we have our record
if directed_to == iana and directed_from == arin then
- stdnse.print_debug( 4, "%s %s %s Accept arin record (matched IANA).", id, ip, directed_from )
+ stdnse.print_debug( 4, "%s %s %s Accept arin record (matched IANA).", filename, ip, directed_from )
return true, nil, ( icnt+1 )
end
-- non-arin record points to iana so we query arin next
if directed_to == iana then
- stdnse.print_debug( 4, "%s %s Redirecting to arin (matched IANA).", id, ip )
+ stdnse.print_debug( 4, "%s %s Redirecting to arin (matched IANA).", filename, ip )
return false, arin, ( icnt+1 )
end
-- a redirect, but not to iana or to self, so we follow it.
if directed_to ~= nmap.registry.whois.whoisdb[directed_from].id then
- stdnse.print_debug( 4, "%s %s %s redirects us to %s.", id, ip, directed_from, directed_to )
+ stdnse.print_debug( 4, "%s %s %s redirects us to %s.", filename, ip, directed_from, directed_to )
return false, directed_to, icnt
end
@@ -924,14 +923,14 @@ function redirection_rules( db, ip, data, meta )
-- if a field has been captured for the given redirect info
if data[db][obj] and data[db][obj][fld] then
- stdnse.print_debug( 5, "%s %s Seek redirect in object: %s.%s for %s.", id, ip, obj, fld, pattern )
+ stdnse.print_debug( 5, "%s %s Seek redirect in object: %s.%s for %s.", filename, ip, obj, fld, pattern )
-- iterate over nmap.registry.whois.whoisdb to find pattern (from each service) in the designated field
for member, mem_properties in pairs( nmap.registry.whois.whoisdb ) do
-- if pattern if found in the field, we have a redirect to member
if type( mem_properties[pattern] ) == "string" and string.lower( data[db][obj][fld] ):match( mem_properties[pattern] ) then
- stdnse.print_debug( 5, "%s %s Matched %s in %s.%s.", id, ip, pattern, obj, fld )
+ stdnse.print_debug( 5, "%s %s Matched %s in %s.%s.", filename, ip, pattern, obj, fld )
return redirection_validation( nmap.registry.whois.whoisdb[member].id, db, iana_count )
elseif type( mem_properties[pattern] ) == "table" then
@@ -939,7 +938,7 @@ function redirection_rules( db, ip, data, meta )
-- pattern is an array of patterns
for _, pattn in ipairs( mem_properties[pattern] ) do
if type( pattn ) == "string" and string.lower( data[db][obj][fld] ):match( pattn ) then
- stdnse.print_debug( 5, "%s %s Matched %s in %s.%s.", id, ip, pattern, obj, fld )
+ stdnse.print_debug( 5, "%s %s Matched %s in %s.%s.", filename, ip, pattern, obj, fld )
return redirection_validation( nmap.registry.whois.whoisdb[member].id, db, iana_count )
end
end
@@ -993,7 +992,7 @@ function constrain_response( response, db, ip, meta )
if # mptr > 1 then
-- find the closest one to host.ip and constrain the response to it
- stdnse.print_debug( 5, "%s %s %s Focusing on the smallest of %s address ranges.", id, ip, db, #mptr )
+ stdnse.print_debug( 5, "%s %s %s Focusing on the smallest of %s address ranges.", filename, ip, db, #mptr )
-- sort the table mptr into nets ascending
table.sort( mptr, smallest_range )
-- select the first net that includes host.ip
@@ -1011,15 +1010,15 @@ function constrain_response( response, db, ip, meta )
if mptr[index+1] and ( mptr[index+1].pointer > mptr[index].pointer ) then
bound = mptr[index+1].pointer
end
- stdnse.print_debug(5, "%s %s %s Smallest range containing target IP addr. is %s.", id, ip, db, trim( str_net ) )
+ stdnse.print_debug(5, "%s %s %s Smallest range containing target IP addr. is %s.", filename, ip, db, trim( str_net ) )
local dbg = "%s %s %s smallest range is offset from %s to %s."
-- isolate inetnum and associated objects
if bound then
- stdnse.print_debug(5, dbg, id, ip, db, ptr, bound)
+ stdnse.print_debug(5, dbg, filename, ip, db, ptr, bound)
-- get from pointer to bound
return response:sub(ptr,bound), ptr
else
- stdnse.print_debug(5, dbg, id, ip, db, ptr, "the end")
+ stdnse.print_debug(5, dbg, filename, ip, db, ptr, "the end")
-- or get the whole thing from the pointer onwards
return response:sub(ptr), ptr
end
@@ -1061,7 +1060,7 @@ function not_short_prefix( ip, range, redirect )
first, last, err[#err+1] = ipOps.get_ips_from_range( range )
if #err > 0 then
- stdnse.print_debug( 1, "%s Error in not_short_prefix: s%.", id, table.concat( err, " " ) )
+ stdnse.print_debug( 1, "%s Error in not_short_prefix: s%.", filename, table.concat( err, " " ) )
return nil
end
@@ -1105,7 +1104,7 @@ function add_to_cache( ip, range, redirect, data )
-- we need to cache some range so we'll cache the small assignment that includes ip.
if type( range ) ~= "string" or type( get_prefix_length( range ) ) ~= "number" then
range = get_assignment( ip, longest_prefix )
- stdnse.print_debug(5, "%s %s Caching an assumed Range: %s", id, ip, range)
+ stdnse.print_debug(5, "%s %s Caching an assumed Range: %s", filename, ip, range)
end
nmap.registry.whois.cache[ip] = {} -- destroy any previous cache entry for this target.
@@ -1195,13 +1194,13 @@ function output( ip, services_queried )
end
if type( services_queried ) ~= "table" then
- stdnse.print_debug( "%s %s Error in output(): No data found.", id, ip )
+ stdnse.print_debug( "%s %s Error in output(): No data found.", filename, ip )
return nil
elseif #services_queried == 0 then
- stdnse.print_debug( "%s %s Error in output(): No data found, no queries were completed.", id, ip )
+ stdnse.print_debug( "%s %s Error in output(): No data found, no queries were completed.", filename, ip )
return nil
elseif #services_queried > 0 then
- stdnse.print_debug( "%s %s Error in output(): No data found - could not understand query responses.", id, ip )
+ stdnse.print_debug( "%s %s Error in output(): No data found - could not understand query responses.", filename, ip )
return nil
end
@@ -1222,7 +1221,7 @@ function get_output_from_cache( ip )
local ip_key = get_cache_key( ip )
if not ip_key then
- stdnse.print_debug( 1, "%s %s Error in get_output_from_cache().", id, ip )
+ stdnse.print_debug( 1, "%s %s Error in get_output_from_cache().", filename, ip )
return nil
end
@@ -1669,7 +1668,7 @@ function get_args()
nmap.registry.whois.using_cache = false
elseif ( db == "nofile" ) then
nmap.registry.whois.using_local_assignments_file = false
- stdnse.print_debug( 2, "%s: Not using local assignments data.", id )
+ stdnse.print_debug( 2, "%s: Not using local assignments data.", filename )
end
elseif not ( string.match( table.concat( t, " " ), db ) ) then
-- we have a unique valid whois db
@@ -1680,18 +1679,18 @@ function get_args()
if ( #t > 0 ) and nmap.registry.whois.using_local_assignments_file then
-- "nofile" was not explicitly supplied, but it is implied by supplying custom whoisdb_default_order
nmap.registry.whois.using_local_assignments_file = false
- stdnse.print_debug(3, "%s: Not using local assignments data because custom whoisdb_default_order was supplied.", id)
+ stdnse.print_debug(3, "%s: Not using local assignments data because custom whoisdb_default_order was supplied.", filename)
end
if ( #t > 1 ) and nmap.registry.whois.nofollow then
-- using nofollow, we do not follow redirects and can only accept what we find as a record therefore we only accept the first db supplied
t = {t[1]}
- stdnse.print_debug( 1, "%s: Too many args supplied with 'nofollow', only using %s.", id, t[1] )
+ stdnse.print_debug( 1, "%s: Too many args supplied with 'nofollow', only using %s.", filename, t[1] )
end
if ( #t > 0 ) then
nmap.registry.whois.whoisdb_default_order = t
- stdnse.print_debug( 2, "%s: whoisdb_default_order: %s.", id, table.concat( t, " " ) )
+ stdnse.print_debug( 2, "%s: whoisdb_default_order: %s.", filename, table.concat( t, " " ) )
end
end
@@ -1720,7 +1719,7 @@ function get_local_assignments_data()
local fetchfile = "nmap-services"
local directory_path, err = get_parentpath( fetchfile )
if err then
- stdnse.print_debug( 1, "%s: Nmap.fetchfile() failed to get a path to %s: %s.", id, fetchfile, err )
+ stdnse.print_debug( 1, "%s: Nmap.fetchfile() failed to get a path to %s: %s.", filename, fetchfile, err )
return nil, err
end
@@ -1736,10 +1735,10 @@ function get_local_assignments_data()
local file, exists = directory_path .. assignment_data_spec.local_resource
exists, err = file_exists( file )
if not exists and err then
- stdnse.print_debug( 1, "%s: Error accessing %s: %s.", id, file, err )
+ stdnse.print_debug( 1, "%s: Error accessing %s: %s.", filename, file, err )
elseif not exists then
update_required = true
- stdnse.print_debug( 2, "%s: %s does not exist or is empty. Fetching it now...", id, file )
+ stdnse.print_debug( 2, "%s: %s does not exist or is empty. Fetching it now...", filename, file )
elseif exists then
update_required, modified_date, entity_tag = requires_updating( file )
end
@@ -1748,7 +1747,7 @@ function get_local_assignments_data()
-- read an existing and up-to-date file into file_content.
if exists and not update_required then
- stdnse.print_debug( 2, "%s: %s was cached less than %s ago. Reading...", id, file, nmap.registry.whois.local_assignments_file_expiry )
+ stdnse.print_debug( 2, "%s: %s was cached less than %s ago. Reading...", filename, file, nmap.registry.whois.local_assignments_file_expiry )
file_content = read_from_file( file )
end
@@ -1757,10 +1756,10 @@ function get_local_assignments_data()
if update_required then
http_response = ( conditional_download( assignment_data_spec.remote_resource, modified_date, entity_tag ) )
if not http_response or type( http_response.status ) ~= "number" then
- stdnse.print_debug( 1, "%s: Failed whilst requesting %s.", id, assignment_data_spec.remote_resource )
+ stdnse.print_debug( 1, "%s: Failed whilst requesting %s.", filename, assignment_data_spec.remote_resource )
elseif http_response.status == 200 then
-- prepend our file header
- stdnse.print_debug( 2, "%s: Retrieved %s.", id, assignment_data_spec.remote_resource )
+ stdnse.print_debug( 2, "%s: Retrieved %s.", filename, assignment_data_spec.remote_resource )
file_content = stdnse.strsplit( "\r?\n", http_response.body )
table.insert( file_content, 1, "** Do Not Alter This Line or The Following Line **" )
local hline = {}
@@ -1770,19 +1769,19 @@ function get_local_assignments_data()
table.insert( file_content, 2, table.concat( hline ) )
write_success, err = write_to_file( file, file_content )
if err then
- stdnse.print_debug( 1, "%s: Error writing %s to %s: %s.", id, assignment_data_spec.remote_resource, file, err )
+ stdnse.print_debug( 1, "%s: Error writing %s to %s: %s.", filename, assignment_data_spec.remote_resource, file, err )
end
elseif http_response.status == 304 then
-- update our file header with a new timestamp
- stdnse.print_debug( 1, "%s: %s is up-to-date.", id, file )
+ stdnse.print_debug( 1, "%s: %s is up-to-date.", filename, file )
file_content = read_from_file( file )
file_content[2] = file_content[2]:gsub("^<[\-\+]?%d+>(.*)$", "<" .. os.time() .. ">%1")
write_success, err = write_to_file( file, file_content )
if err then
- stdnse.print_debug( 1, "%s: Error writing to %s: %s.", id, file, err )
+ stdnse.print_debug( 1, "%s: Error writing to %s: %s.", filename, file, err )
end
else
- stdnse.print_debug( 1, "%s: HTTP %s whilst requesting %s.", id, http_response.status, assignment_data_spec.remote_resource )
+ stdnse.print_debug( 1, "%s: HTTP %s whilst requesting %s.", filename, http_response.status, assignment_data_spec.remote_resource )
end
end
@@ -1796,7 +1795,7 @@ function get_local_assignments_data()
if #t == 0 or err then
-- good header, but bad file? Kill the file!
write_to_file( file, "" )
- stdnse.print_debug( 1, "%s: Problem with the data in %s.", id, file )
+ stdnse.print_debug( 1, "%s: Problem with the data in %s.", filename, file )
else
for i, v in pairs( t ) do
ret[address_family][#ret[address_family]+1] = v
@@ -1815,7 +1814,7 @@ function get_local_assignments_data()
for af, t in pairs( ret ) do
if #t == 0 then
ret[af] = nil
- stdnse.print_debug( 1, "%s: Cannot use local assignments file for address family %s.", id, af )
+ stdnse.print_debug( 1, "%s: Cannot use local assignments file for address family %s.", filename, af )
end
end
@@ -1937,7 +1936,7 @@ function read_from_file( file )
local f, err, _ = io.open( file, "r" )
if not f then
- stdnse.print_debug( 1, "%s: Error opening %s for reading: %s", id, file, err )
+ stdnse.print_debug( 1, "%s: Error opening %s for reading: %s", filename, file, err )
return nil, err
end
@@ -1995,7 +1994,7 @@ function conditional_download( url, mod_date, e_tag )
-- follow one redirection
if request_response.status ~= 304 and ( tostring( request_response.status ):match( "30%d" ) and
type( request_response.header.location ) == "string" and request_response.header.location ~= "" ) then
- stdnse.print_debug( 2, "%s: HTTP Status:%d New Location: %s.", id, request_response.status, request_response.header.location )
+ stdnse.print_debug( 2, "%s: HTTP Status:%d New Location: %s.", filename, request_response.status, request_response.header.location )
request_response = http.get_url( request_response.header.location, request_options )
end
@@ -2024,7 +2023,7 @@ function write_to_file( file, content )
local f, err, _ = io.open( file, "w" )
if not f then
- stdnse.print_debug( 1, "%s: Error opening %s for writing: %s.", id, file, err )
+ stdnse.print_debug( 1, "%s: Error opening %s for writing: %s.", filename, file, err )
return nil, err
end
diff --git a/scripts/xamppDefaultPass.nse b/scripts/xamppDefaultPass.nse
index f932f03a9..6fb653377 100644
--- a/scripts/xamppDefaultPass.nse
+++ b/scripts/xamppDefaultPass.nse
@@ -1,4 +1,3 @@
-id = "XAMPP default pwd"
description = [[
Check if an XAMP or XAMPP FTP server uses a default username and password.
@@ -9,7 +8,7 @@ administration.
---
-- @output
-- 21/tcp open ftp
--- |_ XAMPP default pwd: Login success with u/p: nobody/xampp
+-- |_ xamppDefaultPass: Login success with u/p: nobody/xampp
author = "Diman Todorov "
diff --git a/scripts/zoneTrans.nse b/scripts/zoneTrans.nse
index 66d778325..f54c4283d 100644
--- a/scripts/zoneTrans.nse
+++ b/scripts/zoneTrans.nse
@@ -1,4 +1,3 @@
-id = "zone-transfer"
description = [[
Requests a zone transfer (AXFR) from a DNS server.
@@ -21,7 +20,7 @@ Useful resources
-- @args zoneTrans.domain Domain to transfer.
-- @output
-- 53/tcp open domain
--- | zone-transfer:
+-- | zoneTrans:
-- | foo.com. SOA ns2.foo.com. piou.foo.com.
-- | foo.com. TXT
-- | foo.com. NS ns1.foo.com.