PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 12:19:02 +00:00
Code Issues Projects Releases Wiki Activity

Remove script ids. Scripts are identified by file name in output (just the

Browse Source 
basename without ".nse", or the full path with debugging level 2 or higher).
This includes documentation changes in scripting.xml.
This commit is contained in:
david
2008-11-05 00:52:55 +00:00
parent c72fb10acc
commit 4863d506c1
53 changed files with 164 additions and 222 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/ASN.nse
View File

@@ -1,4 +1,3 @@
id = "AS Numbers"
description = [[
Maps IP addresses to autonomous system (AS) numbers.
@@ -27,7 +26,7 @@ server (your default DNS server, or whichever you specified with the
-- @args dns The address of a recursive nameserver to use (optional).
-- @output
-- Host script results:
-- | AS Numbers:
-- | ASN:
-- | BGP: 64.13.128.0/21 | Country: US
-- | Origin AS: 10565 SVCOLO-AS - Silicon Valley Colocation, Inc.
-- | Peer AS: 3561 6461
@@ -48,7 +47,7 @@ local ipOps = require "ipOps"
local stdnse = require "stdnse"
local mutex = nmap.mutex( id )
local mutex = nmap.mutex( "ASN" )
if not nmap.registry.asn then
nmap.registry.asn = {}
nmap.registry.asn.cache = {}
@@ -216,13 +215,13 @@ function ip_to_asn( query )
-- failed to find or get a response from any dns server - fatal
if not decoded_response and ( other_response == nil or other_response == 9 ) then
stdnse.print_debug( "%s Failed to send dns query. Response from dns.query(): %s", id, other_response or "nil" )
stdnse.print_debug( "%s Failed to send dns query. Response from dns.query(): %s", filename, other_response or "nil" )
return false, nil
end
-- error codes from dns.lua
if not decoded_response and type( other_response ) == "number" then
if other_response ~= 3 then stdnse.print_debug( "%s Error from dns.query() Code: %s in response to %s", id, other_response, query ) end
if other_response ~= 3 then stdnse.print_debug( "%s Error from dns.query() Code: %s in response to %s", filename, other_response, query ) end
return false, err_code[other_response] or "Unknown Error"
end

3
scripts/HTTPAuth.nse
View File

@@ -1,4 +1,3 @@
id = "HTTP Auth"
description = [[
Gets the authentication scheme and realm of a web service that requires
authentication.
@@ -6,7 +5,7 @@ authentication.
---
-- @output
-- | HTTP Auth: HTTP Service requires authentication
-- | HTTPAuth: HTTP Service requires authentication
-- |_ Auth type: Basic, realm = DSL Router
-- HTTP authentication information gathering script

1
scripts/HTTP_open_proxy.nse
View File

@@ -1,4 +1,3 @@
id="Open Proxy Test"
description=[[
Checks if an HTTP proxy is open.

1
scripts/HTTPpasswd.nse
View File

@@ -1,4 +1,3 @@
id = "HTTP directory traversal passwd probe"
description = [[
Checks if a web server is vulnerable to directory traversal by attempting to
retrieve /etc/passwd.

3
scripts/HTTPtrace.nse
View File

@@ -1,4 +1,3 @@
id = "HTTP TRACE"
description = [[
Sends an HTTP TRACE request and shows header fields that were modified in the
response.
@@ -7,7 +6,7 @@ response.
---
-- @output
-- 80/tcp open http
-- | HTTP TRACE: Response differs from request. First 5 additional lines:
-- | HTTPtrace: Response differs from request. First 5 additional lines:
-- | Cookie: UID=d4287aa38d02f409841b4e0c0050c13148a85d01c0c0a154d4ef56dfc2b4fc1b0
-- | Country: us
-- | Ip_is_advertise_combined: yes

1
scripts/MSSQLm.nse
View File

@@ -1,4 +1,3 @@
id = "MS SQL"
description = [[
Attempts to extract information from Microsoft SQL Server.
]]

3
scripts/MySQLinfo.nse
View File

@@ -1,4 +1,3 @@
id = "MySQL Server Information"
description = [[
Connects to a MySQL server and prints information such as the protocol and
version numbers, thread ID, status, capabilities, and the password salt.
@@ -11,7 +10,7 @@ running this script (see the portrule).
---
--@output
-- 3306/tcp open mysql
-- | MySQL Server Information: Protocol: 10
-- | MySQLinfo: Protocol: 10
-- | Version: 5.0.51a-3ubuntu5.1
-- | Thread ID: 7
-- | Some Capabilities: Connect with DB, Compress, Transactions, Secure Connection

1
scripts/PPTPversion.nse
View File

@@ -1,4 +1,3 @@
id = "PPTP"
description = [[
Attempts to extract system information from the PPTP service.
]]

1
scripts/RealVNC_auth_bypass.nse
View File

@@ -1,4 +1,3 @@
id = "RealVNC Authentication Bypass"
description = [[
Checks if a VNC server is vulnerable to the RealVNC authentication bypass
(CVE-2006-2369).

1
scripts/SMTP_openrelay_test.nse
View File

@@ -1,4 +1,3 @@
id = "Open Relay SMTP"
description = [[
Checks if an SMTP server is an open relay.
]]

1
scripts/SMTPcommands.nse
View File

@@ -1,4 +1,3 @@
id = "SMTPcommands"
description = [[
Attempts to use EHLO and HELP to gather the Extended commands supported by an
SMTP server.

1
scripts/SNMPcommunitybrute.nse
View File

@@ -1,4 +1,3 @@
id = "SNMPv1-communitybrute"
description = [[
Attempts to find an SNMP community string by brute force.
]]

3
scripts/SNMPsysdescr.nse
View File

@@ -1,11 +1,10 @@
id = "SNMPv1"
description = [[
Attempts to extract system information from an SNMP version 1 service.
]]
---
-- @output
-- | SNMPv1: HP ETHERNET MULTI-ENVIRONMENT,ROM A.25.80,JETDIRECT,JD117,EEPROM V.28.22,CIDATE 08/09/2006
-- | SNMPsysdescr: HP ETHERNET MULTI-ENVIRONMENT,ROM A.25.80,JETDIRECT,JD117,EEPROM V.28.22,CIDATE 08/09/2006
-- |_ System uptime: 28 days, 17:18:59 (248153900 timeticks)
author = "Thomas Buchanan <tbuchanan@thecompassgrp.net>"

5
scripts/SQLInject.nse
View File

@@ -1,4 +1,3 @@
id = "sql-inject"
description = [[
Spiders an HTTP server looking for URLs containing queries vulnerable to an SQL
injection attack.
@@ -54,7 +53,7 @@ local function get_page(host, port, httpurl)
try(soc:connect(host.ip, port.number))
httpurl = string.gsub(httpurl, "&amp;", "&")
--print(id .. ": " .. httpurl)
--print(filename .. ": " .. httpurl)
-- request page
local query = strbuf.new()
@@ -232,7 +231,7 @@ action = function(host, port)
end
if #injectable > 0 then
stdnse.print_debug(1, "%s: Testing %d suspicious URLs", id, #injectable )
stdnse.print_debug(1, "%s: Testing %d suspicious URLs", filename, #injectable )
end
-- test all potentially vulnerable queries

15
scripts/SSH-hostkey.nse
View File

@@ -1,4 +1,3 @@
id = "SSH Hostkey"
description = [[
Shows SSH hostkeys.
@@ -22,9 +21,9 @@ the output with the <code>ssh_hostkey</code> script argument.
--
--@output
-- 22/tcp open ssh
-- | SSH Hostkey: 2048 f0:58:ce:f4:aa:a4:59:1c:8e:dd:4d:07:44:c8:25:11 (RSA)
-- | SSH-hostkey: 2048 f0:58:ce:f4:aa:a4:59:1c:8e:dd:4d:07:44:c8:25:11 (RSA)
-- 22/tcp open ssh
-- | SSH Hostkey: 2048 f0:58:ce:f4:aa:a4:59:1c:8e:dd:4d:07:44:c8:25:11 (RSA)
-- | SSH-hostkey: 2048 f0:58:ce:f4:aa:a4:59:1c:8e:dd:4d:07:44:c8:25:11 (RSA)
-- | +--[ RSA 2048]----+
-- | | .E*+ |
-- | | oo |
@@ -37,7 +36,7 @@ the output with the <code>ssh_hostkey</code> script argument.
-- | | o . |
-- |_ +-----------------+
-- 22/tcp open ssh
-- | SSH Hostkey: 2048 xuvah-degyp-nabus-zegah-hebur-nopig-bubig-difeg-hisym-rumef-cuxex (RSA)
-- | SSH-hostkey: 2048 xuvah-degyp-nabus-zegah-hebur-nopig-bubig-difeg-hisym-rumef-cuxex (RSA)
-- |_ ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwVuv2gcr0maaKQ69VVIEv2ob4OxnuI64fkeOnCXD1lUx5tTA+vefXUWEMxgMuA7iX4irJHy2zer0NQ3Z3yJvr5scPgTYIaEOp5Uo/eGFG9Agpk5wE8CoF0e47iCAPHqzlmP2V7aNURLMODb3jVZuI07A2ZRrMGrD8d888E2ORVORv1rYeTYCqcMMoVFmX9l3gWEdk4yx3w5sD8v501Iuyd1v19mPfyhrI5E1E1nl/Xjp5N0/xP2GUBrdkDMxKaxqTPMie/f0dXBUPQQN697a5q+5lBRPhKYOtn6yQKCd9s1Q22nxn72Jmi1RzbMyYJ52FosDT755Qmb46GLrDMaZMQ==
author = "Sven Klemm <sven@c3d2.de>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
@@ -52,7 +51,7 @@ if pcall(require,"openssl") then
require("ssh2")
else
action = function()
stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.", id )
stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.", filename )
end
end
@@ -63,9 +62,9 @@ portrule = shortport.port_or_service(22, "ssh")
--@param host nmap host table
--@param key host key table
local add_key_to_registry = function( host, key )
nmap.registry[id] = nmap.registry[id] or {}
nmap.registry[id][host.ip] = nmap.registry[id][host.ip] or {}
table.insert( nmap.registry[id][host.ip], key )
nmap.registry.sshhostkey = nmap.registry.sshhostkey or {}
nmap.registry.sshhostkey[host.ip] = nmap.registry.sshhostkey[host.ip] or {}
table.insert( nmap.registry.sshhostkey[host.ip], key )
end
action = action or function(host, port)

1
scripts/SSHv1-support.nse
View File

@@ -1,4 +1,3 @@
id = "SSH Protocol Version 1"
description = [[
Checks if an SSH server supports SSH Protocol Version 1.
]]

3
scripts/SSLv2-support.nse
View File

@@ -1,4 +1,3 @@
id = "SSLv2"
description = [[
Determines whether the server (still) supports SSL-v2, and what ciphers it
offers.
@@ -7,7 +6,7 @@ offers.
---
--@output
-- 443/tcp open https syn-ack
-- | SSLv2: server still supports SSLv2
-- | SSLv2-support: server still supports SSLv2
-- | SSL2_RC4_128_WITH_MD5
-- | SSL2_DES_192_EDE3_CBC_WITH_MD5
-- | SSL2_RC2_CBC_128_CBC_WITH_MD5

3
scripts/UPnP-info.nse
View File

@@ -1,11 +1,10 @@
id = "UPnP"
description = [[
Attempts to extract system information from the UPnP service.
]]
---
-- @output
-- | UPnP: System/1.0 UPnP/1.0 IGD/1.0
-- | UPnP-info: System/1.0 UPnP/1.0 IGD/1.0
-- |_ Location: http://192.168.1.1:80/UPnP/IGD.xml
author = "Thomas Buchanan <tbuchanan@thecompassgrp.net>"

3
scripts/anonFTP.nse
View File

@@ -1,11 +1,10 @@
id = "Anonymous FTP"
description = [[
Checks if an FTP server allows anonymous logins.
]]
---
-- @output
-- |_ Anonymous FTP: Anonymous login allowed
-- |_ anonFTP: Anonymous login allowed
author = "Eddie Bell <ejlbell@gmail.com>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

1
scripts/brutePOP3.nse
View File

@@ -1,4 +1,3 @@
id = "POP3 brute force"
description = [[
Tries to log into a POP3 account by guessing usernames and passwords.
]]

2
scripts/bruteTelnet.nse
View File

@@ -65,7 +65,7 @@ local new_auth_iter = function()
end
i = i + 1
stdnse.print_debug(3, "%s %s:%s", id, userpass[i-1][1], escape_cred(userpass[i-1][2]))
stdnse.print_debug(3, "%s %s:%s", filename, userpass[i-1][1], escape_cred(userpass[i-1][2]))
return userpass[i-1][1], userpass[i-1][2]
end
end

1
scripts/daytimeTest.nse
View File

@@ -1,4 +1,3 @@
id = "Daytime"
description = [[
Retrieves the day and time from the UDP Daytime service.
]]

1
scripts/dns-safe-recursion-port.nse
View File

@@ -1,4 +1,3 @@
id = "DNS source port randomness"
description = [[
Checks a DNS server for the predictable-port recursion vulnerability.
Predictable source ports can make a DNS server vulnerable to cache poisoning

1
scripts/dns-safe-recursion-txid.nse
View File

@@ -1,4 +1,3 @@
id = "DNS TXID randomness"
description = [[
Checks a DNS server for the predictable-TXID DNS recursion

1
scripts/dns-test-open-recursion.nse
View File

@@ -1,4 +1,3 @@
id = "Nameserver open recursive queries"
description = [[
Checks if a DNS server allows queries for third-party names.

1
scripts/finger.nse
View File

@@ -1,4 +1,3 @@
id = "Finger Results"
description = [[
Attempts to get a list of usernames via the finger service.
]]

1
scripts/ftpbounce.nse
View File

@@ -1,4 +1,3 @@
id="FTP bounce check"
description=[[
Checks to see if an FTP server allows port scanning using the FTP bounce method.
]]

1
scripts/iax2Detect.nse
View File

@@ -1,4 +1,3 @@
id = "IAX2 Service Detection"
description = [[
Detects the UDP IAX2 service.

3
scripts/ircServerInfo.nse
View File

@@ -1,4 +1,3 @@
id = "IRC Server Info"
description = [[
Gathers information from an IRC server.
@@ -8,7 +7,7 @@ It uses STATS, LUSERS, and other queries to obtain this information.
---
-- @output
-- 6665/tcp open irc
-- | IRC Server Info: Server: foo.bar.net
-- | ircServerInfo: Server: foo.bar.net
-- | Version: hyperion-1.0.2b(381). foo.bar.net
-- | Lservers/Lusers: 0/4204
-- | Uptime: 106 days, 2:46:30

1
scripts/ircZombieTest.nse
View File

@@ -1,4 +1,3 @@
id = "IRC zombie"
description = [[
Checks for an IRC zombie.

5
scripts/nbstat.nse
View File

@@ -1,4 +1,3 @@
id = "NBSTAT"
description = [[
Attempt's to get the target's NetBIOS names and MAC address.
@@ -13,10 +12,10 @@ owns.
--
-- @output
-- (no verbose)\n
-- |_ NBSTAT: NetBIOS name: TEST1, NetBIOS user: RON, NetBIOS MAC: 00:0c:29:f9:d9:28\n
-- |_ nbstat: NetBIOS name: TEST1, NetBIOS user: RON, NetBIOS MAC: 00:0c:29:f9:d9:28\n
--\n
-- (verbose)\n
-- | NBSTAT: NetBIOS name: TEST1, NetBIOS user: RON, NetBIOS MAC: 00:0c:29:f9:d9:28\n
-- | nbstat: NetBIOS name: TEST1, NetBIOS user: RON, NetBIOS MAC: 00:0c:29:f9:d9:28\n
-- | Name: TEST1<00> Flags: <unique><active>\n
-- | Name: TEST1<20> Flags: <unique><active>\n
-- | Name: WORKGROUP<00> Flags: <group><active>\n

3
scripts/popcapa.nse
View File

@@ -1,4 +1,3 @@
id = "POP3 Capabilites"
description = [[
Retrieves POP3 server capabilities.
]]
@@ -6,7 +5,7 @@ Retrieves POP3 server capabilities.
---
-- @output
-- 110/tcp open pop3
-- |_ POP3 Capabilites: USER CAPA RESP-CODES UIDL PIPELINING STLS TOP SASL(PLAIN)
-- |_ popcapa: USER CAPA RESP-CODES UIDL PIPELINING STLS TOP SASL(PLAIN)
author = "Philip Pickering <pgpickering@gmail.com>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

1
scripts/promiscuous.nse
View File

@@ -1,4 +1,3 @@
id = "Promiscuous detection"
description = [[
Checks if a target on a local Ethernet has its network card in promiscuous mode.

1
scripts/ripeQuery.nse
View File

@@ -1,4 +1,3 @@
id = "RIPE query"
description = [[
Connects to the RIPE database and displays the <code>role:</code> entry for the
target's IP address.

3
scripts/robots.nse
View File

@@ -1,4 +1,3 @@
id = "robots.txt"
description = [[
Checks for disallowed entries in <code>robots.txt</code>.
@@ -8,7 +7,7 @@ The higher the verbosity or debug level, the more disallowed entries are shown.
---
--@output
-- 80/tcp open http syn-ack
-- | robots.txt: has 156 disallowed entries (40 shown)
-- | robots: has 156 disallowed entries (40 shown)
-- | /news?output=xhtml& /search /groups /images /catalogs
-- | /catalogues /news /nwshp /news?btcid=*& /news?btaid=*&
-- | /setnewsprefs? /index.html? /? /addurl/image? /pagead/ /relpage/

1
scripts/rpcinfo.nse
View File

@@ -1,4 +1,3 @@
id = "rpcinfo"
description = [[
Connects to portmapper and fetches a list of all registered programs.
]]

3
scripts/showHTMLTitle.nse
View File

@@ -1,4 +1,3 @@
id = "HTML title"
description = [[
Shows the title of the default page of a web server.
@@ -11,7 +10,7 @@ original target.
---
--@output
-- 80/tcp open http syn-ack
-- |_ HTML title: Foo.
-- |_ showHTMLTitle: Foo.
author = "Diman Todorov <diman.todorov@gmail.com>"

1
scripts/showOwner.nse
View File

@@ -1,4 +1,3 @@
id = "Service owner"
description = [[
Attempts to find the owner of a scanned port.

1
scripts/skype_v2-version.nse
View File

@@ -1,4 +1,3 @@
id = "Skype v2"
description = [[
Detects the Skype version 2 service.
]]

3
scripts/smb-enumdomains.nse
View File

@@ -1,4 +1,3 @@
id = "MSRPC: List of domains"
description = [[
Attempts to enumerate domains on a system, along with their policies. This will likely only work without credentials against Windows 2000.
@@ -18,7 +17,7 @@ After the initial <code>bind()</code> to SAMR, the sequence of calls is:
--
--@output
-- Host script results:
-- | MSRPC: List of domains:
-- | smb-enumdomains:
-- | Domain: LOCALSYSTEM
-- | |_ SID: S-1-5-21-2956463495-2656032972-1271678565
-- | |_ Users: Administrator, Guest, SUPPORT_388945a0

3
scripts/smb-enumsessions.nse
View File

@@ -1,4 +1,3 @@
id = "MSRPC: NetSessEnum()"
description = [[
Enumerates the users logged into a system either locally, through a remote desktop client (terminal
services), or through a SMB share.
@@ -31,7 +30,7 @@ idea to write this one.
--
--@output
-- Host script results:
-- | MSRPC: NetSessEnum():
-- | smb-enumsessions:
-- | Users logged in:
-- | |_ TESTBOX\Administrator since 2008-10-21 08:17:14
-- | |_ DOMAIN\rbowes since 2008-10-20 09:03:23

5
scripts/smb-enumshares.nse
View File

@@ -1,4 +1,3 @@
id = "MSRPC: List of shares"
description = [[
Attempts to list shares using the <code>srvsvc.NetShareEnumAll()</code> MSRPC function, then
retrieve more information about each share using <code>srvsvc.NetShareGetInfo()</code>.
@@ -28,13 +27,13 @@ doing an authenticated test.
--
--@output
-- Standard:
-- | MSRPC: List of shares:
-- | smb-enumshares:
-- | Anonymous shares: IPC$
-- |_ Restricted shares: F$, ADMIN$, C$
--
-- Verbose:
-- Host script results:
-- | MSRPC: List of shares:
-- | smb-enumshares:
-- | Anonymous shares:
-- | IPC$
-- | |_ Type: STYPE_IPC_HIDDEN

5
scripts/smb-enumusers.nse
View File

@@ -1,4 +1,3 @@
id = "MSRPC: List of user accounts"
description = [[
Attempts to enumerate the users on a remote Windows system, with as much
information as possible, through a variety of techniques (over SMB and MSRPC,
@@ -73,11 +72,11 @@ the code I wrote for this is largely based on the techniques used by them.
--
-- @output
-- Host script results:
-- | MSRPC: List of user accounts:
-- | smb-enumusers:
-- |_ TESTBOX\Administrator, EXTERNAL\DnsAdmins, TESTBOX\Guest, EXTERNAL\HelpServicesGroup, EXTERNAL\PARTNERS$, TESTBOX\SUPPORT_388945a0
--
-- Host script results:
-- | MSRPC: List of user accounts:
-- | smb-enumusers:
-- | Administrator
-- | |_ Type: User
-- | |_ Domain: LOCALSYSTEM

3
scripts/smb-os-discovery.nse
View File

@@ -1,4 +1,3 @@
id = "OS from SMB"
description = [[
Attempts to determine the operating system over the SMB protocol (ports 445 and
139).
@@ -13,7 +12,7 @@ they likely won't change the outcome in any meaningful way.
-- sudo nmap -sU -sS --script smb-os-discovery.nse -p U:137,T:139 127.0.0.1
--
--@output
-- | OS from SMB: Windows 2000
-- | smb-os-discovery: Windows 2000
-- | LAN Manager: Windows 2000 LAN Manager
-- | Name: WORKGROUP\TEST1
-- |_ System time: 2008-09-09 20:55:55 UTC-5

7
scripts/smb-security-mode.nse
View File

@@ -1,4 +1,3 @@
id = "SMB Security"
description = [[
Returns information about the SMB security level determined by SMB.
@@ -44,9 +43,9 @@ set the username and password, etc.), but it probably won't ever require them.
-- sudo nmap -sU -sS --script smb-security-mode.nse -p U:137,T:139 127.0.0.1
--
--@output
-- | SMB Security: User-level authentication
-- | SMB Security: Challenge/response passwords supported
-- |_ SMB Security: Message signing supported
-- | smb-security-mode: User-level authentication
-- | smb-security-mode: Challenge/response passwords supported
-- |_ smb-security-mode: Message signing supported
--
-- @args smb* This script supports the <code>smbusername</code>,
-- <code>smbpassword</code>, <code>smbhash</code>, <code>smbguest</code>, and

3
scripts/smb-serverstats.nse
View File

@@ -1,4 +1,3 @@
id = "MSRPC: Server statistics"
description = [[
Attempts to grab the server's statistics over SMB and MSRPC, which uses TCP
ports 445 or 139.
@@ -17,7 +16,7 @@ the numbers that Windows returns. Take the values here with a grain of salt.
--
-- @output
-- Host script results:
-- | MSRPC: Server statistics:
-- | smb-serverstats:
-- | Server statistics collected since 2008-10-17 09:32:41 (4d0h24m29s):
-- | |_ Traffic 133467 bytes (0.38b/s) sent, 167696 bytes (0.48b/s) received
-- | |_ Failed logins: 5

3
scripts/smb-systeminfo.nse
View File

@@ -1,4 +1,3 @@
id = "System info"
description = [[
Pulls back information about the remote system from the registry. Getting all
@@ -17,7 +16,7 @@ I don't know it), so this doesn't support Vista at all.
--
-- @output
-- Host script results:
-- | System info:
-- | smb-systeminfo:
-- | OS Details
-- | |_ Microsoft Windows Server 2003 Service Pack 2 (ServerNT 5.2 build 3790)
-- | |_ Installed on 2007-11-26 23:40:40

3
scripts/strangeSMTPport.nse
View File

@@ -1,4 +1,3 @@
id = "Unexpected SMTP"
description = [[
Checks if SMTP is running on a non-standard port.
@@ -9,7 +8,7 @@ system to send spam or control your machine.
---
-- @output
-- 22/tcp open ssh
-- |_ Unexpected SMTP: Warning: smtp is running on a strange port
-- |_ strangeSMTPport: Warning: smtp is running on a strange port
author = "Diman Todorov <diman.todorov@gmail.com>"

129
scripts/whois.nse
View File

@@ -1,4 +1,3 @@
id = "Whois"
description = [[
Queries the WHOIS services of Regional Internet Registries (RIR) and attempts to retrieve information about the IP Address
Assignment which contains the Target IP Address.
@@ -67,7 +66,7 @@ the RIRs.
-- nmap target --script whois --script-args whois={whodb=nocache}
-- @output
-- Host script results:
-- | Whois: Record found at whois.arin.net
-- | whois: Record found at whois.arin.net
-- | netrange: 64.13.134.0 - 64.13.134.63
-- | netname: NET-64-13-143-0-26
-- | orgname: Titan Networks
@@ -97,7 +96,7 @@ hostrule = function( host )
local is_private, err = ipOps.isPrivate( host.ip )
if err then
stdnse.print_debug( "%s Error in Hostrule: %s.", id, err )
stdnse.print_debug( "%s Error in Hostrule: %s.", filename, err )
return false
end
@@ -143,7 +142,7 @@ action = function( host )
end
-- script initialisation - threads must wait until this has been completed before continuing
local mutex = nmap.mutex( id )
local mutex = nmap.mutex( "whois" )
mutex "lock"
if not nmap.registry.whois.init_done then
script_init( host.ip )
@@ -192,7 +191,7 @@ action = function( host )
status, retval = pcall( get_next_action, tracking, host.ip )
if not status then
stdnse.print_debug( "%s %s pcall caught an exception in get_next_action: %s.", id, ip, retval )
stdnse.print_debug( "%s %s pcall caught an exception in get_next_action: %s.", filename, ip, retval )
else tracking = retval end
if tracking.this_db then
@@ -203,13 +202,13 @@ action = function( host )
-- analyse data
status, retval = pcall( analyse_response, tracking, host.ip, response, data )
if not status then
stdnse.print_debug( "%s %s pcall caught an exception in analyse_response: %s.", id, ip, retval )
stdnse.print_debug( "%s %s pcall caught an exception in analyse_response: %s.", filename, ip, retval )
else data = retval end
-- get next action
status, retval = pcall( get_next_action, tracking, host.ip )
if not status then
stdnse.print_debug( "%s %s pcall caught an exception in get_next_action: %s.", id, ip, retval )
stdnse.print_debug( "%s %s pcall caught an exception in get_next_action: %s.", filename, ip, retval )
if not tracking.last_db then tracking.last_db, tracking.this_db = tracking.this_db or tracking.next_db, nil end
else tracking = retval end
end
@@ -342,7 +341,7 @@ function check_response_cache( ip )
-- record found in cache
return true, nil
else
stdnse.print_debug( 1, "%s %s Error in check_response_cache: %s.", id, ip, err )
stdnse.print_debug( 1, "%s %s Error in check_response_cache: %s.", filename, ip, err )
end
return false, nil
@@ -463,7 +462,7 @@ function get_db_from_assignments( ip )
end
if not nmap.registry.whois.local_assignments_data or not nmap.registry.whois.local_assignments_data[af] then
stdnse.print_debug( 1, "%s Error in get_db_from_assignments: Missing assignments data in registry.", id )
stdnse.print_debug( 1, "%s Error in get_db_from_assignments: Missing assignments data in registry.", filename )
return nil
end
@@ -490,14 +489,14 @@ end
function do_query(db, ip)
if type( db ) ~= "string" or not nmap.registry.whois.whoisdb[db] then
stdnse.print_debug("%s %s Error in do_query: %s is not a defined Whois service.", id, ip, db)
stdnse.print_debug("%s %s Error in do_query: %s is not a defined Whois service.", filename, ip, db)
return nil
end
local service = nmap.registry.whois.whoisdb[db]
if type( service.hostname ) ~= "string" or service.hostname == "" then
stdnse.print_debug("%s %s Error in do_query: Invalid hostname for %s.", id, ip, db)
stdnse.print_debug("%s %s Error in do_query: Invalid hostname for %s.", filename, ip, db)
return nil
end
@@ -513,7 +512,7 @@ function do_query(db, ip)
local socket = nmap.new_socket()
local catch = function()
stdnse.print_debug( "%s %s Connection to %s failed or was aborted! No Output for this Target.", id, ip, db )
stdnse.print_debug( "%s %s Connection to %s failed or was aborted! No Output for this Target.", filename, ip, db )
nmap.registry.whois.mutex[db] "done"
socket:close()
end
@@ -536,7 +535,7 @@ function do_query(db, ip)
socket:close()
stdnse.print_debug(3, "%s %s Ended Query at %s.", id, ip, db)
stdnse.print_debug(3, "%s %s Ended Query at %s.", filename, ip, db)
if #result == 0 then
return nil
@@ -588,13 +587,13 @@ function analyse_response( tracking, ip, response, data )
if type( meta ) == "table" and type( meta.fieldreq ) == "table" and type( meta.fieldreq.ob_exist ) == "string" then
have_objects = response:match( meta.fieldreq.ob_exist )
else
stdnse.print_debug( 2, "%s %s Could not check for objects, problem with meta data.", id, ip )
stdnse.print_debug( 2, "%s %s Could not check for objects, problem with meta data.", filename, ip )
have_objects = false
end
-- if we do not recognise objects check for an known error/non-object message
if not have_objects then
stdnse.print_debug( 4, "%s %s %s has not responded with the expected objects.", id, ip, this_db )
stdnse.print_debug( 4, "%s %s %s has not responded with the expected objects.", filename, ip, this_db )
local tmp, msg
-- may have found our record saying something similar to "No Record Found"
for _, pattern in ipairs( nmap.registry.whois.m_none ) do
@@ -602,7 +601,7 @@ function analyse_response( tracking, ip, response, data )
pattern_u = pattern:gsub( "$addr", ip:upper() )
msg = response:match( pattern_l ) or response:match( pattern_u )
if msg then
stdnse.print_debug( 4, "%s %s %s responded with a message which is assumed to be authoritative (but may not be).", id, ip, this_db )
stdnse.print_debug( 4, "%s %s %s responded with a message which is assumed to be authoritative (but may not be).", filename, ip, this_db )
break
end
end
@@ -611,7 +610,7 @@ function analyse_response( tracking, ip, response, data )
for _, pattern in ipairs( nmap.registry.whois.m_err ) do
msg = response:match( pattern )
if msg then
stdnse.print_debug( 4, "%s %s %s responded with an ERROR message.", id, ip, this_db )
stdnse.print_debug( 4, "%s %s %s responded with an ERROR message.", filename, ip, this_db )
break
end
end
@@ -630,7 +629,7 @@ function analyse_response( tracking, ip, response, data )
for setname, set in pairs( nmap.registry.whois.fields_meta ) do
if set ~= nmap.registry.whois.whoisdb[this_db].fieldreq and response:match(set.ob_exist) then
foreign_obj = setname
stdnse.print_debug( 4, "%s %s %s seems to have responded using the set of objects named: %s.", id, ip, this_db, foreign_obj )
stdnse.print_debug( 4, "%s %s %s seems to have responded using the set of objects named: %s.", filename, ip, this_db, foreign_obj )
break
end
end
@@ -639,7 +638,7 @@ function analyse_response( tracking, ip, response, data )
meta = nmap.registry.whois.whoisdb.ripe
meta.redirects = nil
have_objects = true
stdnse.print_debug( 4, "%s %s %s will use the display properties of ripe.", id, ip, this_db )
stdnse.print_debug( 4, "%s %s %s will use the display properties of ripe.", filename, ip, this_db )
elseif foreign_obj then
-- find a display to match the objects.
for some_db, db_props in pairs( nmap.registry.whois.whoisdb ) do
@@ -648,7 +647,7 @@ function analyse_response( tracking, ip, response, data )
meta = nmap.registry.whois.whoisdb[some_db]
meta.redirects = nil
have_objects = true
stdnse.print_debug( 4, "%s %s %s will use the display properties of %s.", id, ip, this_db, some_db )
stdnse.print_debug( 4, "%s %s %s will use the display properties of %s.", filename, ip, this_db, some_db )
break
end
end
@@ -657,7 +656,7 @@ function analyse_response( tracking, ip, response, data )
-- extract fields from the entire response for record/redirect discovery
if have_objects then
stdnse.print_debug( 4, "%s %s Parsing Query response from %s.", id, ip, this_db )
stdnse.print_debug( 4, "%s %s Parsing Query response from %s.", filename, ip, this_db )
data[this_db] = extract_objects_from_response( response, this_db, ip, meta )
end
@@ -665,7 +664,7 @@ function analyse_response( tracking, ip, response, data )
-- do record/redirect discovery, cache found redirect
if not nmap.registry.whois.nofollow and have_objects and meta.redirects then
stdnse.print_debug( 4, "%s %s Testing response for redirection.", id, ip )
stdnse.print_debug( 4, "%s %s Testing response for redirection.", filename, ip )
found, nextdb, data.iana = redirection_rules( this_db, ip, data, meta )
end
@@ -673,7 +672,7 @@ function analyse_response( tracking, ip, response, data )
-- modify the data table depending on whether we're redirecting or quitting
if have_objects then
stdnse.print_debug( 5, "%s %s Extracting Fields from response.", id, ip )
stdnse.print_debug( 5, "%s %s Extracting Fields from response.", filename, ip )
-- optionally constrain response to a more focused area
-- discarding previous extraction
@@ -685,7 +684,7 @@ function analyse_response( tracking, ip, response, data )
end
if offset > 1 and meta.unordered then
-- fetch an object immediately in front of inetnum
stdnse.print_debug( 5, "%s %s %s Searching for an object group immediately before this range.", id, ip, this_db )
stdnse.print_debug( 5, "%s %s %s Searching for an object group immediately before this range.", filename, ip, this_db )
-- split objects from the record, up to offset. Last object should be the one we want.
local obj_sel = stdnse.strsplit( "\r?\n\r?\n", response:sub( 1, offset ) )
response_chunk = "\n" .. obj_sel[#obj_sel] .. "\n"
@@ -717,10 +716,10 @@ function analyse_response( tracking, ip, response, data )
end
-- DEBUG
stdnse.print_debug( 6, "%s %s %s Fields captured :", id, ip, this_db )
stdnse.print_debug( 6, "%s %s %s Fields captured :", filename, ip, this_db )
for ob, t in pairs( data[this_db] ) do
for fieldname, fieldvalue in pairs( t ) do
stdnse.print_debug( 6, "%s %s %s %s.%s %s.", id, ip, this_db, ob, fieldname, fieldvalue )
stdnse.print_debug( 6, "%s %s %s %s.%s %s.", filename, ip, this_db, ob, fieldname, fieldvalue )
end
end
@@ -806,15 +805,15 @@ function extract_objects_from_response( response_string, db, ip, meta, specific_
-- we either receive a table for one object or for all objects
if type( specific_object ) == "string" and meta.fieldreq[specific_object] then
objects_to_extract[specific_object] = meta.fieldreq[specific_object]
stdnse.print_debug( 5, "%s %s Extracting a single object: %s.", id, ip, specific_object )
stdnse.print_debug( 5, "%s %s Extracting a single object: %s.", filename, ip, specific_object )
else
stdnse.print_debug( 5, "%s %s Extracting all objects.", id, ip )
stdnse.print_debug( 5, "%s %s Extracting all objects.", filename, ip )
objects_to_extract = meta.fieldreq
end
for object_name, object in pairs( objects_to_extract ) do
if object_name and object_name ~= "ob_exist" then
stdnse.print_debug(5, "%s %s Seeking object group: %s.", id, ip, object_name)
stdnse.print_debug(5, "%s %s Seeking object group: %s.", filename, ip, object_name)
extracted_objects[object_name] = {}
extracted_objects[object_name].for_compare = {} -- this will allow us to compare two tables
-- get a substr of response_string that corresponds to a single object
@@ -823,7 +822,7 @@ function extract_objects_from_response( response_string, db, ip, meta, specific_
-- if we could not find the end, make the end EOF
ob_end = ob_end or -1
if ob_start and ob_end then
stdnse.print_debug(5, "%s %s Capturing: %s with indices %s and %s.", id, ip, object_name, ob_start, ob_end )
stdnse.print_debug(5, "%s %s Capturing: %s with indices %s and %s.", filename, ip, object_name, ob_start, ob_end )
local obj_string = response_string:sub( ob_start, ob_end )
for fieldname, pattern in pairs( object ) do
if fieldname ~= "ob_start" and fieldname ~= "ob_end" then
@@ -896,19 +895,19 @@ function redirection_rules( db, ip, data, meta )
-- arin record points to iana so we won't follow and we assume we have our record
if directed_to == iana and directed_from == arin then
stdnse.print_debug( 4, "%s %s %s Accept arin record (matched IANA).", id, ip, directed_from )
stdnse.print_debug( 4, "%s %s %s Accept arin record (matched IANA).", filename, ip, directed_from )
return true, nil, ( icnt+1 )
end
-- non-arin record points to iana so we query arin next
if directed_to == iana then
stdnse.print_debug( 4, "%s %s Redirecting to arin (matched IANA).", id, ip )
stdnse.print_debug( 4, "%s %s Redirecting to arin (matched IANA).", filename, ip )
return false, arin, ( icnt+1 )
end
-- a redirect, but not to iana or to self, so we follow it.
if directed_to ~= nmap.registry.whois.whoisdb[directed_from].id then
stdnse.print_debug( 4, "%s %s %s redirects us to %s.", id, ip, directed_from, directed_to )
stdnse.print_debug( 4, "%s %s %s redirects us to %s.", filename, ip, directed_from, directed_to )
return false, directed_to, icnt
end
@@ -924,14 +923,14 @@ function redirection_rules( db, ip, data, meta )
-- if a field has been captured for the given redirect info
if data[db][obj] and data[db][obj][fld] then
stdnse.print_debug( 5, "%s %s Seek redirect in object: %s.%s for %s.", id, ip, obj, fld, pattern )
stdnse.print_debug( 5, "%s %s Seek redirect in object: %s.%s for %s.", filename, ip, obj, fld, pattern )
-- iterate over nmap.registry.whois.whoisdb to find pattern (from each service) in the designated field
for member, mem_properties in pairs( nmap.registry.whois.whoisdb ) do
-- if pattern if found in the field, we have a redirect to member
if type( mem_properties[pattern] ) == "string" and string.lower( data[db][obj][fld] ):match( mem_properties[pattern] ) then
stdnse.print_debug( 5, "%s %s Matched %s in %s.%s.", id, ip, pattern, obj, fld )
stdnse.print_debug( 5, "%s %s Matched %s in %s.%s.", filename, ip, pattern, obj, fld )
return redirection_validation( nmap.registry.whois.whoisdb[member].id, db, iana_count )
elseif type( mem_properties[pattern] ) == "table" then
@@ -939,7 +938,7 @@ function redirection_rules( db, ip, data, meta )
-- pattern is an array of patterns
for _, pattn in ipairs( mem_properties[pattern] ) do
if type( pattn ) == "string" and string.lower( data[db][obj][fld] ):match( pattn ) then
stdnse.print_debug( 5, "%s %s Matched %s in %s.%s.", id, ip, pattern, obj, fld )
stdnse.print_debug( 5, "%s %s Matched %s in %s.%s.", filename, ip, pattern, obj, fld )
return redirection_validation( nmap.registry.whois.whoisdb[member].id, db, iana_count )
end
end
@@ -993,7 +992,7 @@ function constrain_response( response, db, ip, meta )
if # mptr > 1 then
-- find the closest one to host.ip and constrain the response to it
stdnse.print_debug( 5, "%s %s %s Focusing on the smallest of %s address ranges.", id, ip, db, #mptr )
stdnse.print_debug( 5, "%s %s %s Focusing on the smallest of %s address ranges.", filename, ip, db, #mptr )
-- sort the table mptr into nets ascending
table.sort( mptr, smallest_range )
-- select the first net that includes host.ip
@@ -1011,15 +1010,15 @@ function constrain_response( response, db, ip, meta )
if mptr[index+1] and ( mptr[index+1].pointer > mptr[index].pointer ) then
bound = mptr[index+1].pointer
end
stdnse.print_debug(5, "%s %s %s Smallest range containing target IP addr. is %s.", id, ip, db, trim( str_net ) )
stdnse.print_debug(5, "%s %s %s Smallest range containing target IP addr. is %s.", filename, ip, db, trim( str_net ) )
local dbg = "%s %s %s smallest range is offset from %s to %s."
-- isolate inetnum and associated objects
if bound then
stdnse.print_debug(5, dbg, id, ip, db, ptr, bound)
stdnse.print_debug(5, dbg, filename, ip, db, ptr, bound)
-- get from pointer to bound
return response:sub(ptr,bound), ptr
else
stdnse.print_debug(5, dbg, id, ip, db, ptr, "the end")
stdnse.print_debug(5, dbg, filename, ip, db, ptr, "the end")
-- or get the whole thing from the pointer onwards
return response:sub(ptr), ptr
end
@@ -1061,7 +1060,7 @@ function not_short_prefix( ip, range, redirect )
first, last, err[#err+1] = ipOps.get_ips_from_range( range )
if #err > 0 then
stdnse.print_debug( 1, "%s Error in not_short_prefix: s%.", id, table.concat( err, " " ) )
stdnse.print_debug( 1, "%s Error in not_short_prefix: s%.", filename, table.concat( err, " " ) )
return nil
end
@@ -1105,7 +1104,7 @@ function add_to_cache( ip, range, redirect, data )
-- we need to cache some range so we'll cache the small assignment that includes ip.
if type( range ) ~= "string" or type( get_prefix_length( range ) ) ~= "number" then
range = get_assignment( ip, longest_prefix )
stdnse.print_debug(5, "%s %s Caching an assumed Range: %s", id, ip, range)
stdnse.print_debug(5, "%s %s Caching an assumed Range: %s", filename, ip, range)
end
nmap.registry.whois.cache[ip] = {} -- destroy any previous cache entry for this target.
@@ -1195,13 +1194,13 @@ function output( ip, services_queried )
end
if type( services_queried ) ~= "table" then
stdnse.print_debug( "%s %s Error in output(): No data found.", id, ip )
stdnse.print_debug( "%s %s Error in output(): No data found.", filename, ip )
return nil
elseif #services_queried == 0 then
stdnse.print_debug( "%s %s Error in output(): No data found, no queries were completed.", id, ip )
stdnse.print_debug( "%s %s Error in output(): No data found, no queries were completed.", filename, ip )
return nil
elseif #services_queried > 0 then
stdnse.print_debug( "%s %s Error in output(): No data found - could not understand query responses.", id, ip )
stdnse.print_debug( "%s %s Error in output(): No data found - could not understand query responses.", filename, ip )
return nil
end
@@ -1222,7 +1221,7 @@ function get_output_from_cache( ip )
local ip_key = get_cache_key( ip )
if not ip_key then
stdnse.print_debug( 1, "%s %s Error in get_output_from_cache().", id, ip )
stdnse.print_debug( 1, "%s %s Error in get_output_from_cache().", filename, ip )
return nil
end
@@ -1669,7 +1668,7 @@ function get_args()
nmap.registry.whois.using_cache = false
elseif ( db == "nofile" ) then
nmap.registry.whois.using_local_assignments_file = false
stdnse.print_debug( 2, "%s: Not using local assignments data.", id )
stdnse.print_debug( 2, "%s: Not using local assignments data.", filename )
end
elseif not ( string.match( table.concat( t, " " ), db ) ) then
-- we have a unique valid whois db
@@ -1680,18 +1679,18 @@ function get_args()
if ( #t > 0 ) and nmap.registry.whois.using_local_assignments_file then
-- "nofile" was not explicitly supplied, but it is implied by supplying custom whoisdb_default_order
nmap.registry.whois.using_local_assignments_file = false
stdnse.print_debug(3, "%s: Not using local assignments data because custom whoisdb_default_order was supplied.", id)
stdnse.print_debug(3, "%s: Not using local assignments data because custom whoisdb_default_order was supplied.", filename)
end
if ( #t > 1 ) and nmap.registry.whois.nofollow then
-- using nofollow, we do not follow redirects and can only accept what we find as a record therefore we only accept the first db supplied
t = {t[1]}
stdnse.print_debug( 1, "%s: Too many args supplied with 'nofollow', only using %s.", id, t[1] )
stdnse.print_debug( 1, "%s: Too many args supplied with 'nofollow', only using %s.", filename, t[1] )
end
if ( #t > 0 ) then
nmap.registry.whois.whoisdb_default_order = t
stdnse.print_debug( 2, "%s: whoisdb_default_order: %s.", id, table.concat( t, " " ) )
stdnse.print_debug( 2, "%s: whoisdb_default_order: %s.", filename, table.concat( t, " " ) )
end
end
@@ -1720,7 +1719,7 @@ function get_local_assignments_data()
local fetchfile = "nmap-services"
local directory_path, err = get_parentpath( fetchfile )
if err then
stdnse.print_debug( 1, "%s: Nmap.fetchfile() failed to get a path to %s: %s.", id, fetchfile, err )
stdnse.print_debug( 1, "%s: Nmap.fetchfile() failed to get a path to %s: %s.", filename, fetchfile, err )
return nil, err
end
@@ -1736,10 +1735,10 @@ function get_local_assignments_data()
local file, exists = directory_path .. assignment_data_spec.local_resource
exists, err = file_exists( file )
if not exists and err then
stdnse.print_debug( 1, "%s: Error accessing %s: %s.", id, file, err )
stdnse.print_debug( 1, "%s: Error accessing %s: %s.", filename, file, err )
elseif not exists then
update_required = true
stdnse.print_debug( 2, "%s: %s does not exist or is empty. Fetching it now...", id, file )
stdnse.print_debug( 2, "%s: %s does not exist or is empty. Fetching it now...", filename, file )
elseif exists then
update_required, modified_date, entity_tag = requires_updating( file )
end
@@ -1748,7 +1747,7 @@ function get_local_assignments_data()
-- read an existing and up-to-date file into file_content.
if exists and not update_required then
stdnse.print_debug( 2, "%s: %s was cached less than %s ago. Reading...", id, file, nmap.registry.whois.local_assignments_file_expiry )
stdnse.print_debug( 2, "%s: %s was cached less than %s ago. Reading...", filename, file, nmap.registry.whois.local_assignments_file_expiry )
file_content = read_from_file( file )
end
@@ -1757,10 +1756,10 @@ function get_local_assignments_data()
if update_required then
http_response = ( conditional_download( assignment_data_spec.remote_resource, modified_date, entity_tag ) )
if not http_response or type( http_response.status ) ~= "number" then
stdnse.print_debug( 1, "%s: Failed whilst requesting %s.", id, assignment_data_spec.remote_resource )
stdnse.print_debug( 1, "%s: Failed whilst requesting %s.", filename, assignment_data_spec.remote_resource )
elseif http_response.status == 200 then
-- prepend our file header
stdnse.print_debug( 2, "%s: Retrieved %s.", id, assignment_data_spec.remote_resource )
stdnse.print_debug( 2, "%s: Retrieved %s.", filename, assignment_data_spec.remote_resource )
file_content = stdnse.strsplit( "\r?\n", http_response.body )
table.insert( file_content, 1, "** Do Not Alter This Line or The Following Line **" )
local hline = {}
@@ -1770,19 +1769,19 @@ function get_local_assignments_data()
table.insert( file_content, 2, table.concat( hline ) )
write_success, err = write_to_file( file, file_content )
if err then
stdnse.print_debug( 1, "%s: Error writing %s to %s: %s.", id, assignment_data_spec.remote_resource, file, err )
stdnse.print_debug( 1, "%s: Error writing %s to %s: %s.", filename, assignment_data_spec.remote_resource, file, err )
end
elseif http_response.status == 304 then
-- update our file header with a new timestamp
stdnse.print_debug( 1, "%s: %s is up-to-date.", id, file )
stdnse.print_debug( 1, "%s: %s is up-to-date.", filename, file )
file_content = read_from_file( file )
file_content[2] = file_content[2]:gsub("^<[\-\+]?%d+>(.*)$", "<" .. os.time() .. ">%1")
write_success, err = write_to_file( file, file_content )
if err then
stdnse.print_debug( 1, "%s: Error writing to %s: %s.", id, file, err )
stdnse.print_debug( 1, "%s: Error writing to %s: %s.", filename, file, err )
end
else
stdnse.print_debug( 1, "%s: HTTP %s whilst requesting %s.", id, http_response.status, assignment_data_spec.remote_resource )
stdnse.print_debug( 1, "%s: HTTP %s whilst requesting %s.", filename, http_response.status, assignment_data_spec.remote_resource )
end
end
@@ -1796,7 +1795,7 @@ function get_local_assignments_data()
if #t == 0 or err then
-- good header, but bad file? Kill the file!
write_to_file( file, "" )
stdnse.print_debug( 1, "%s: Problem with the data in %s.", id, file )
stdnse.print_debug( 1, "%s: Problem with the data in %s.", filename, file )
else
for i, v in pairs( t ) do
ret[address_family][#ret[address_family]+1] = v
@@ -1815,7 +1814,7 @@ function get_local_assignments_data()
for af, t in pairs( ret ) do
if #t == 0 then
ret[af] = nil
stdnse.print_debug( 1, "%s: Cannot use local assignments file for address family %s.", id, af )
stdnse.print_debug( 1, "%s: Cannot use local assignments file for address family %s.", filename, af )
end
end
@@ -1937,7 +1936,7 @@ function read_from_file( file )
local f, err, _ = io.open( file, "r" )
if not f then
stdnse.print_debug( 1, "%s: Error opening %s for reading: %s", id, file, err )
stdnse.print_debug( 1, "%s: Error opening %s for reading: %s", filename, file, err )
return nil, err
end
@@ -1995,7 +1994,7 @@ function conditional_download( url, mod_date, e_tag )
-- follow one redirection
if request_response.status ~= 304 and ( tostring( request_response.status ):match( "30%d" ) and
type( request_response.header.location ) == "string" and request_response.header.location ~= "" ) then
stdnse.print_debug( 2, "%s: HTTP Status:%d New Location: %s.", id, request_response.status, request_response.header.location )
stdnse.print_debug( 2, "%s: HTTP Status:%d New Location: %s.", filename, request_response.status, request_response.header.location )
request_response = http.get_url( request_response.header.location, request_options )
end
@@ -2024,7 +2023,7 @@ function write_to_file( file, content )
local f, err, _ = io.open( file, "w" )
if not f then
stdnse.print_debug( 1, "%s: Error opening %s for writing: %s.", id, file, err )
stdnse.print_debug( 1, "%s: Error opening %s for writing: %s.", filename, file, err )
return nil, err
end

3
scripts/xamppDefaultPass.nse
View File

@@ -1,4 +1,3 @@
id = "XAMPP default pwd"
description = [[
Check if an XAMP or XAMPP FTP server uses a default username and password.
@@ -9,7 +8,7 @@ administration.
---
-- @output
-- 21/tcp open ftp
-- |_ XAMPP default pwd: Login success with u/p: nobody/xampp
-- |_ xamppDefaultPass: Login success with u/p: nobody/xampp
author = "Diman Todorov <diman.todorov@gmail.com>"

3
scripts/zoneTrans.nse
View File

@@ -1,4 +1,3 @@
id = "zone-transfer"
description = [[
Requests a zone transfer (AXFR) from a DNS server.
@@ -21,7 +20,7 @@ Useful resources
-- @args zoneTrans.domain Domain to transfer.
-- @output
-- 53/tcp open domain
-- | zone-transfer:
-- | zoneTrans:
-- | foo.com. SOA ns2.foo.com. piou.foo.com.
-- | foo.com. TXT
-- | foo.com. NS ns1.foo.com.