Sergey's GSOC 2016 brute.lua improvements. Closes #518

CHANGELOG

@@ -1,5 +1,11 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE][GH#518] Brute scripts are faster and more accurate. New feedback and
+  adaptivity mechanisms in brute.lua help brute scripts use resources more
+  efficiently, dynamically changing number of threads based on protocol
+  messages like FTP 421 errors, network errors like timeouts, etc.
+  [Sergey Khegay]
+
 o [GH#353] New option --defeat-icmp-ratelimit dramatically reduces UDP scan
   times in exchange for labeling unresponsive (and possibly open) ports as
   "closed|filtered". Ports which give a UDP protocol response to one of Nmap's

nse_nsock.cc

@@ -1065,6 +1065,19 @@ static int l_pcap_receive (lua_State *L)
   return yield(L, nu, "PCAP RECEIVE", FROM, 0, NULL);
 }
 
+/* This function also has a binding in stdnse.lua */
+static int l_get_stats (lua_State *L) {
+  lua_newtable(L);
+  int idx = lua_gettop(L);
+
+  /* the only field so far is
+     connect_waiting - number of threads waiting for connection */
+  lua_pushinteger(L, nseU_tablen(L, CONNECT_WAITING));
+  lua_setfield(L, idx, "connect_waiting");
+
+  return 1;
+}
+
 LUALIB_API int luaopen_nsock (lua_State *L)
 {
   static const luaL_Reg metatable_index[] = {
@@ -1092,6 +1105,7 @@ LUALIB_API int luaopen_nsock (lua_State *L)
     {"new", l_new},
     {"sleep", l_sleep},
     {"parse_ssl_certificate", l_parse_ssl_certificate},
+    {"get_stats", l_get_stats},
     {NULL, NULL}
   };
 

scripts/ftp-brute.nse

@@ -9,6 +9,8 @@ description = [[
 Performs brute force password auditing against FTP servers.
 
 Based on old ftp-brute.nse script by Diman Todorov, Vlatko Kosturjak and Ron Bowes.
+
+06.08.16 - Modified by Sergey Khegay to support new brute.lua adaptability mechanism.
 ]]
 
 ---
@@ -52,7 +54,7 @@ Driver = {
   end,
 
   connect = function( self )
-    self.socket = nmap.new_socket()
+    self.socket = brute.new_socket()
     local status, err = self.socket:connect(self.host, self.port)
     self.socket:set_timeout(arg_timeout)
     if(not(status)) then
@@ -65,7 +67,6 @@ Driver = {
     local status, err
     local res = ""
 
-
     status, err = self.socket:send("USER " .. user .. "\r\n")
     if(not(status)) then
       return false, brute.Error:new("Couldn't send login: " .. err)
@@ -87,7 +88,11 @@ Driver = {
         stdnse.debug1("Successful login: %s/%s", user, pass)
         return true, creds.Account:new( user, pass, creds.State.VALID)
       elseif(string.match(line, "^530")) then
-        return false,  brute.Error:new( "Incorrect password" )
+        return false, brute.Error:new( "Incorrect password" )
+      elseif(string.match(line, "^421")) then
+        local err = brute.Error:new("Too many connections")
+        err:setReduce(true)
+        return false, err
       elseif(string.match(line, "^220")) then
       elseif(string.match(line, "^331")) then
       else
@@ -108,18 +113,13 @@ Driver = {
     self.socket:close()
     return true
   end
-
-
 }
 
 action = function( host, port )
-
   local status, result
   local engine = brute.Engine:new(Driver, host, port)
   engine.options.script_name = SCRIPT_NAME
 
-
   status, result = engine:start()
-
   return result
 end