Fixed errors found by nse_check_globals.

2025-12-30 11:29:01 +00:00 · 2012-06-06 22:23:02 +00:00
parent 14dc780226
commit 5ac6c7d64a
109 changed files with 196 additions and 128 deletions
--- a/nselib/isns.lua
+++ b/nselib/isns.lua
@@ -413,6 +413,7 @@ Session = {
 		local hdr = Header.parse(buf_hdr)
 				
 		-- receive the data
+		local buf_data = nil
 		status, buf_data = self.socket:receive_buf(match.numbytes(hdr.pdu_len), true)
 		if ( not(status) ) then
 			return status, buf_data
--- a/scripts/afp-brute.nse
+++ b/scripts/afp-brute.nse
@@ -50,6 +50,7 @@ action = function( host, port )
 	local result, response, status = {}, nil, nil
 	local valid_accounts, found_users = {}, {}
 	local helper
+	local usernames, passwords
 	
 	status, usernames = unpwdb.usernames()
 	if not status then return end
--- a/scripts/afp-ls.nse
+++ b/scripts/afp-ls.nse
@@ -115,6 +115,7 @@ action = function(host, port)
 			return
 		end

+    local vols
 		status, vols = afpHelper:ListShares()

 		if status then
--- a/scripts/afp-serverinfo.nse
+++ b/scripts/afp-serverinfo.nse
@@ -71,7 +71,7 @@ action = function(host, port)
  try( socket:connect(host, port) )

  -- get our data
-  afp_proto = afp.Proto:new( { socket=socket } )
+  local afp_proto = afp.Proto:new( { socket=socket } )

  local response = afp_proto:fp_get_server_info( socket )
  response = response.result
--- a/scripts/ajp-brute.nse
+++ b/scripts/ajp-brute.nse
@@ -65,7 +65,7 @@ Driver = {
 		local status, response = self.helper:get(arg_url, headers)
 		
 		if ( not(status) ) then
-			local err = brute.Error:new( data )
+			local err = brute.Error:new( response )
 			err:setRetry( true )
 			return false, err
 		elseif( response.status ~= 401 ) then
--- a/scripts/ajp-methods.nse
+++ b/scripts/ajp-methods.nse
@@ -56,6 +56,8 @@ local function filter_out(t, filter)
 	return result
 end

+local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+
 action = function(host, port)

 	local helper = ajp.Helper:new(host, port)
--- a/scripts/asn-query.nse
+++ b/scripts/asn-query.nse
@@ -404,6 +404,7 @@ function get_assignment( ip, prefix )
  local hostbits = string.sub( some_ip, prefix + 1 )
  hostbits = string.gsub( hostbits, "1", "0" )
  local first = string.sub( some_ip, 1, prefix ) .. hostbits
+  local last
  err = {}
  first, err[#err+1] = ipOps.bin_to_ip( first )
  last, err[#err+1] = ipOps.get_last_ip( ip, prefix )
--- a/scripts/backorifice-info.nse
+++ b/scripts/backorifice-info.nse
@@ -223,7 +223,7 @@ end
 local function BOunpack(packet)
 	local pos, magic = bin.unpack("A8",packet)

-	if magic ~= MAGICSTRING then return nul,TYPE.ERROR end  --received non-BO packet
+	if magic ~= MAGICSTRING then return nil,TYPE.ERROR end  --received non-BO packet

 	local packetsize, packetid, type_packet, data
 	pos, packetsize, packetid, type_packet = bin.unpack("<IIC",packet,pos)
@@ -262,7 +262,7 @@ action = function( host, port )
 	local initial_seed = stdnse.get_script_args( SCRIPT_NAME .. ".seed" )
 	local password = stdnse.get_script_args(SCRIPT_NAME .. ".password")
 	local socket = nmap.new_socket("udp")
-	try = nmap.new_try(function() socket:close() end)
+	local try = nmap.new_try(function() socket:close() end)
 	socket:set_timeout(5000)

 	local output_all={}
--- a/scripts/bittorrent-discovery.nse
+++ b/scripts/bittorrent-discovery.nse
@@ -64,7 +64,7 @@ action = function()
 	local magnet = stdnse.get_script_args(SCRIPT_NAME..".magnet")
 	local include_nodes = stdnse.get_script_args(SCRIPT_NAME..".include-nodes")
 	
-	t = bittorrent.Torrent:new()
+	local t = bittorrent.Torrent:new()
 	if filename then
 		t:load_from_file(filename)
 	elseif magnet then
--- a/scripts/broadcast-dropbox-listener.nse
+++ b/scripts/broadcast-dropbox-listener.nse
@@ -58,7 +58,7 @@ action = function()
 	local ids = {}

 	-- Initialize the output table.
-	results = tab.new(6)
+	local results = tab.new(6)
 	tab.addrow(
 		results,
 		'displayname',
--- a/scripts/broadcast-ping.nse
+++ b/scripts/broadcast-ping.nse
@@ -126,7 +126,7 @@ local icmp_packet = function(srcIP, dstIP, ttl, data_length, mtu, seqNo, icmp_id
 	local icmp_bin = bin.pack(">AA",ip_bin, icmp_msg)
 	
 	--Packet
-	icmp = packet.Packet:new(icmp_bin,#icmp_bin)
+	local icmp = packet.Packet:new(icmp_bin,#icmp_bin)
 	assert(icmp,"Mistake during ICMP packet parsing")
 	
 	icmp:ip_set_bin_src(packet.iptobin(srcIP))
@@ -153,7 +153,7 @@ local broadcast_if = function(if_table,icmp_responders)

 	-- raw IPv4 socket 
 	local dnet = nmap.new_dnet()
-	try = nmap.new_try()
+	local try = nmap.new_try()
 	try = nmap.new_try(function() dnet:ethernet_close() end)
 	
 	-- raw sniffing socket (icmp echoreply style)
--- a/scripts/broadcast-rip-discover.nse
+++ b/scripts/broadcast-rip-discover.nse
@@ -122,7 +122,7 @@ RIPv2 = {
 			tab.addrow(routes, "ip", "netmask", "nexthop", "metric")
 			
 			while( #data - pos >= 20 ) do
-				local family, address, metric, _
+				local family, address, metric, _, netmask, nexthop
 				pos, family, _, address, netmask, nexthop,
 						metric = bin.unpack(">SS<III>I", data, pos)
 				
--- a/scripts/broadcast-tellstick-discover.nse
+++ b/scripts/broadcast-tellstick-discover.nse
@@ -27,6 +27,8 @@ categories = {"broadcast", "safe"}

 prerule = function() return ( nmap.address_family() == 'inet' ) end

+local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+
 action = function()
 	local socket = nmap.new_socket("udp")
 	local host, port = { ip = "255.255.255.255" }, { number = 30303, protocol = "udp" }
--- a/scripts/broadcast-xdmcp-discover.nse
+++ b/scripts/broadcast-xdmcp-discover.nse
@@ -39,7 +39,7 @@ action = function()
 	local req = xdmcp.Packet[xdmcp.OpCode.BCAST_QUERY]:new(nil)
 	local status, err = helper:send(req)
 	if ( not(status) ) then
-		return false, response
+		return false, err
 	end
 	
 	local timeout = arg_timeout or 5
--- a/scripts/cccam-version.nse
+++ b/scripts/cccam-version.nse
@@ -46,9 +46,9 @@ end
 -- splitbits("abc", 5) --> {"01100", "00101", "10001", "00110"}
 -- Any short final group is omitted.
 local function splitbits(s, n)
-	local bits, seq
+	local seq

-	_, bits = bin.unpack("B" .. #s, s)
+	local _, bits = bin.unpack("B" .. #s, s)
 	seq = {}
 	for i = 1, #bits - n, n do
 		seq[#seq + 1] = bits:sub(i, i + n - 1)
--- a/scripts/citrix-enum-apps.nse
+++ b/scripts/citrix-enum-apps.nse
@@ -51,7 +51,7 @@ function process_pa_response(response)
    end

    -- the list of published applications starts at offset 40
-    offset = 41
+    local offset = 41

    while offset < packet_len do
        pos, app_name = bin.unpack("z", response:sub(offset))
@@ -119,7 +119,7 @@ action = function(host, port)
 	local socket = nmap.new_socket()
 	socket:set_timeout(5000)

-	try = nmap.new_try(function() socket:close() end)
+	local try = nmap.new_try(function() socket:close() end)

 	try( socket:connect(host, port) )

--- a/scripts/citrix-enum-servers.nse
+++ b/scripts/citrix-enum-servers.nse
@@ -49,7 +49,7 @@ function process_server_response(response)
    end

    -- the list of published applications starts at offset 40
-    offset = 41
+    local offset = 41

    while offset < packet_len do
        pos, server_name = bin.unpack("z", response:sub(offset))
@@ -108,7 +108,7 @@ action = function(host, port)
 	socket = nmap.new_socket()
 	socket:set_timeout(5000)

-	try = nmap.new_try(function() socket:close() end)
+	local try = nmap.new_try(function() socket:close() end)
 	try(socket:connect(host, port))

 	-- send the two first packets and never look back
--- a/scripts/couchdb-stats.nse
+++ b/scripts/couchdb-stats.nse
@@ -89,7 +89,7 @@ action = function(host, port)
 	
 	-- check that body was received
 	if not data.body or data.body == "" then
-		local msg = ("%s did not respond with any data."):format(hostrgetname or host.ip )
+		local msg = ("%s did not respond with any data."):format(host.targetname or host.ip )
 		dbg( msg ) 
 		return  msg
 	end
--- a/scripts/cvs-brute-repository.nse
+++ b/scripts/cvs-brute-repository.nse
@@ -102,7 +102,7 @@ action = function(host, port)
 		end
 	end

-	repository_iterator = function()
+	local repository_iterator = function()
 		local function next_repo()
 			for line in f:lines() do
 				if ( not(line:match("#!comment")) ) then
--- a/scripts/daap-get-library.nse
+++ b/scripts/daap-get-library.nse
@@ -68,6 +68,7 @@ function getLibraryName( host, port )
 	pos = string.find(response.body, "minm")

 	if pos > 0 then
+	  local len
 		pos = pos + 4
 		pos, len = bin.unpack( ">I", response.body, pos )
 		pos, libname = bin.unpack( "A" .. len, response.body, pos )
@@ -88,6 +89,7 @@ local function getAttributeAsInt( data, name )
 	
 	if pos and pos > 0 then
 		pos = pos + 4
+		local len
 		pos, len = bin.unpack( ">I", data, pos )
 		
 		if ( len ~= 4 ) then
--- a/scripts/db2-das-info.nse
+++ b/scripts/db2-das-info.nse
@@ -167,7 +167,6 @@ function read_db2_packet(socket)
 	local header_len = 41
 	local total_len = 0
 	local buf
-	local endian

 	local DATA_LENGTH_OFFSET = 38
 	local ENDIANESS_OFFSET = 23
@@ -188,7 +187,7 @@ function read_db2_packet(socket)
 	
 		stdnse.print_debug("db2-das-info: Got DB2DAS packet")

-		_, endian = bin.unpack( "A2", packet.header.raw, ENDIANESS_OFFSET )		
+		local _, endian = bin.unpack( "A2", packet.header.raw, ENDIANESS_OFFSET )		

 		if endian == "9z" then
 			_, packet.header.data_len = bin.unpack("I", packet.header.raw, DATA_LENGTH_OFFSET )
@@ -381,6 +380,7 @@ action = function(host, port)
 	socket:close()
 	
 	-- The next block of code is essentially the version extraction code from db2-info.nse
+	local server_version
 	if string.sub(db2response.version,1,3) == "SQL" then
 		local major_version = string.sub(db2response.version,4,5)

--- a/scripts/dns-brute.nse
+++ b/scripts/dns-brute.nse
@@ -186,6 +186,8 @@ action = function(host)
 	if not nmap.registry.bruteddomains then
 		nmap.registry.bruteddomains = {}
 	end
+
+	local dosrv
 	if(not table.contains(nmap.registry.bruteddomains,domainname)) then
 		table.insert(nmap.registry.bruteddomains, domainname)
 		stdnse.print_debug("Starting dns-brute at: "..domainname)
@@ -263,8 +265,8 @@ action = function(host)
 			end
 		end

-		response = {}
-		t_dns = {}
+		local response = {}
+		local t_dns = {}
 		t_dns['name'] = "DNS Brute-force hostnames"
 		if(#results==0) then
 			table.insert(t_dns,"No results.")
@@ -274,7 +276,7 @@ action = function(host)
 		end
 		response[#response + 1] = t_dns
 		if(dosrv) then
-			t_srv = {}
+			local t_srv = {}
 			t_srv['name'] = "SRV results"
 			if(#srvresults==0) then
 				table.insert(t_srv,"No results.")
--- a/scripts/dns-check-zone.nse
+++ b/scripts/dns-check-zone.nse
@@ -213,7 +213,7 @@ local dns_checks = {
 				end

 				if ( 0 < #result ) then
-					output = ("The following servers were found in the zone, but not in the parent: %s"):format(stdnse.strjoin(", ", result))
+					local output = ("The following servers were found in the zone, but not in the parent: %s"):format(stdnse.strjoin(", ", result))
 					return true, { status = Status.FAIL, output = output }
 				end
 				
@@ -261,7 +261,7 @@ local dns_checks = {
 				end

 				if ( 0 < #result ) then
-					output = ("The following servers were found in the parent, but not in the zone: %s"):format(stdnse.strjoin(", ", result))
+					local output = ("The following servers were found in the parent, but not in the zone: %s"):format(stdnse.strjoin(", ", result))
 					return true, { status = Status.FAIL, output = output }
 				end
 				
--- a/scripts/dns-fuzz.nse
+++ b/scripts/dns-fuzz.nse
@@ -58,7 +58,7 @@ recursiveServer = "scanme.nmap.org"
 -- @param port  The servers port
 -- @return      Bool, true if and only if the server is alive
 function pingServer (host, port, attempts)
-     local status, response
+     local status, response, result
     -- If the server doesn't respond to the first in a multiattempt probe, slow down
     local slowDown = 1
     if not recursiveOnly then
@@ -84,7 +84,7 @@ function pingServer (host, port, attempts)
     else
          -- just do a vanilla recursive lookup of scanme.nmap.org
          for i = 1, attempts do
-               status, respons = dns.query(recursiveServer, {host=host.ip, port=port.number, tries=1, timeout=math.pow(DNStimeout,slowDown)})
+               status, response = dns.query(recursiveServer, {host=host.ip, port=port.number, tries=1, timeout=math.pow(DNStimeout,slowDown)})
               if status then
                    return true
               end
--- a/scripts/domcon-cmd.nse
+++ b/scripts/domcon-cmd.nse
@@ -111,7 +111,7 @@ action = function(host, port)
 	cmds = stdnse.strsplit(";%s*", cmd)

 	socket:set_timeout(10000)
-	status = socket:connect( host.ip, port.number, "tcp")
+	local status = socket:connect( host.ip, port.number, "tcp")
 	if ( status ) then
 		socket:reconnect_ssl()
 	end
--- a/scripts/eap-info.nse
+++ b/scripts/eap-info.nse
@@ -75,7 +75,7 @@ action = function()
 	end	    
 	stdnse.print_debug(1, "iface: %s", iface.device)

-	timeout = 10 * 1000
+	local timeout = 10 * 1000
 	if arg_timeout then
 		timeout = arg_timeout * 1000
 	end
--- a/scripts/epmd-info.nse
+++ b/scripts/epmd-info.nse
@@ -45,9 +45,9 @@ action = function(host, port)
 		data = data .. tmp
 		status, tmp = socket:receive()
 	end
-	pos, realport = bin.unpack(">I", data)
-	nodestring = string.sub(data, pos, -2)
-	nodes = stdnse.strsplit("\n", nodestring)
+	local pos, realport = bin.unpack(">I", data)
+	local nodestring = string.sub(data, pos, -2)
+	local nodes = stdnse.strsplit("\n", nodestring)
 	local response = {}
 	table.insert(response, 'epmd running on port ' .. realport)
 	for _, node in ipairs(nodes) do
--- a/scripts/firewalk.nse
+++ b/scripts/firewalk.nse
@@ -931,6 +931,7 @@ local function send_next_probes(scanner)
  -- this prevents sending too much probes at the same time
  while #scanner.active_probes < MaxActiveProbes do

+    local probe
    -- perform resends
    if #scanner.pending_resends > 0 then

--- a/scripts/ftp-anon.nse
+++ b/scripts/ftp-anon.nse
@@ -48,12 +48,12 @@ local function list(socket, target, max_lines)

 	-- ask the server for a Passive Mode: it should give us a port to
 	-- listen to, where it will dump the directory listing
-	buffer = stdnse.make_buffer(socket, "\r?\n")
+	local buffer = stdnse.make_buffer(socket, "\r?\n")
 	status, err = socket:send("PASV\r\n")
 	if not status then
 		return status, err
 	end
-	code, message = ftp.read_reply(buffer)
+	local code, message = ftp.read_reply(buffer)

 	-- Compute the PASV port as given by the server
 	-- The server should answer with something like
@@ -120,7 +120,7 @@ action = function(host, port)
 	local try = nmap.new_try(err_catch)

 	try(socket:connect(host, port))
-	buffer = stdnse.make_buffer(socket, "\r?\n")
+	local buffer = stdnse.make_buffer(socket, "\r?\n")

 	-- Read banner.
 	code, message = ftp.read_reply(buffer)
--- a/scripts/ftp-brute.nse
+++ b/scripts/ftp-brute.nse
@@ -52,7 +52,7 @@ Driver = {

 	connect = function( self )
 		self.socket = nmap.new_socket()
-		status, err = self.socket:connect(self.host, self.port)
+		local status, err = self.socket:connect(self.host, self.port)
 		self.socket:set_timeout(tonumber(arg_timeout) * 1000)
 		if(not(status)) then
 			return false, brute.Error:new( "Couldn't connect to host: " .. err )
--- a/scripts/ftp-proftpd-backdoor.nse
+++ b/scripts/ftp-proftpd-backdoor.nse
@@ -68,7 +68,7 @@ action = function(host, port)
 	end

 	-- Read banner.
-	buffer = stdnse.make_buffer(sock, "\r?\n")
+	local buffer = stdnse.make_buffer(sock, "\r?\n")
 	local code, message = ftp.read_reply(buffer)
 	if not code then
 		stdnse.print_debug(1, "Can't read banner: %s", message)
--- a/scripts/http-axis2-dir-traversal.nse
+++ b/scripts/http-axis2-dir-traversal.nse
@@ -152,7 +152,7 @@ action = function(host, port)
    --if body is empty something wrong could have happened...
    if string.len(req.body) <= 0 then
      if nmap.verbosity() >= 2 then
-        print_debug(1, "%s:Response was empty. The file does not exists or the web server does not have sufficient permissions", SCRIPT_NAME)
+        stdnse.print_debug(1, "%s:Response was empty. The file does not exists or the web server does not have sufficient permissions", SCRIPT_NAME)
      end
      return
    end
--- a/scripts/http-barracuda-dir-traversal.nse
+++ b/scripts/http-barracuda-dir-traversal.nse
@@ -96,7 +96,7 @@ action = function(host, port)
 	for _, path in ipairs(paths) do

 		-- Retrieve file
-  	data = http.get(host, port, tostring(path))
+  	local data = http.get(host, port, tostring(path))
  	if data and data.status then

 			-- Check if file exists
--- a/scripts/http-cors.nse
+++ b/scripts/http-cors.nse
@@ -48,7 +48,7 @@ local function origin_ok(raw, origin)
 	if raw == "null" then
 		return false
 	end
-	allowed = stdnse.strsplit(" ", raw)
+	local allowed = stdnse.strsplit(" ", raw)
 	for _, ao in ipairs(allowed) do
 		if origin == ao then
 			return true
@@ -73,7 +73,7 @@ local function method_ok(raw, method)
 end

 local function test(host, port, method, origin)
-	header = {
+	local header = {
 		["Origin"] = origin,
 		["Access-Control-Request-Method"] = method,
 	}
--- a/scripts/http-default-accounts.nse
+++ b/scripts/http-default-accounts.nse
@@ -220,7 +220,7 @@ end
 -- the login routine is initialized to check for default credentials authentication
 ---
 action = function(host, port)
-  local fingerprintload_status, fingerprints, requests, results
+  local fingerprintload_status, status, fingerprints, requests, results
  local fingerprint_filename = stdnse.get_script_args("http-default-accounts.fingerprintfile") or "http-default-accounts-fingerprints.lua"
  local category = stdnse.get_script_args("http-default-accounts.category") or false
  local basepath = stdnse.get_script_args("http-default-accounts.basepath") or "/"
--- a/scripts/http-generator.nse
+++ b/scripts/http-generator.nse
@@ -54,7 +54,7 @@ local follow_redirects = function(host, port, path, n)

   while (response['status-line'] or ""):match(pattern) and n > 0 do
      n = n - 1
-      loc = response.header['location']
+      local loc = response.header['location']
      response = http.get_url(loc)
   end

--- a/scripts/http-gitweb-projects-enum.nse
+++ b/scripts/http-gitweb-projects-enum.nse
@@ -41,6 +41,7 @@ portrule = shortport.http
 ---
 get_owner = function(res)
 	local result=res
+	local _
 	if ( res:match('<span') ) then
 		_,_,result=string.find(res,'title="(.-)"')
 	end
--- a/scripts/http-icloud-sendmsg.nse
+++ b/scripts/http-icloud-sendmsg.nse
@@ -58,6 +58,8 @@ local function decodeString(str)
 	return str:gsub("\226\128\153", "'")
 end

+local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+
 local function listDevices(mm)
 	local status, devices = mm:getDevices()
 	if ( not(status) ) then
@@ -76,7 +78,6 @@ local function listDevices(mm)
 	end
 end

-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end

 action = function()
 	if ( not(arg_username) or not(arg_password) ) then
--- a/scripts/http-iis-webdav-vuln.nse
+++ b/scripts/http-iis-webdav-vuln.nse
@@ -159,7 +159,7 @@ action = function(host, port)

 	stdnse.print_debug(1, "http-iis-webdav-vuln: Root folder is not password protected, continuing...")

-	response = get_response(host, port, "/")
+	local response = get_response(host, port, "/")
 	if(response.status == 501) then
 		-- WebDAV is disabled
 		stdnse.print_debug(1, "http-iis-webdav-vuln: WebDAV is DISABLED (PROPFIND failed).")
--- a/scripts/http-joomla-brute.nse
+++ b/scripts/http-joomla-brute.nse
@@ -114,6 +114,7 @@ Driver = {
      stdnse.print_debug(1, "Initial check passed. Launching brute force attack")
      session_cookie_str = response.cookies[1]["name"].."="..response.cookies[1]["value"];
      if response.body then
+      local _
      _, _, security_token = string.find(response.body, '<input type="hidden" name="(%w+)" value="1" />')
      end
      if security_token then
--- a/scripts/http-majordomo2-dir-traversal.nse
+++ b/scripts/http-majordomo2-dir-traversal.nse
@@ -79,6 +79,7 @@ action = function(host, port)
      stdnse.print_debug(1, "%s:[Error] The server is not vulnerable, '%s' was not found or the web server has insufficient permissions to read it", SCRIPT_NAME, rfile)
      return
    end
+    local _
    _, _, rfile_content = string.find(response.body, '<pre>(.*)<!%-%- Majordomo help_foot format file %-%->')
    output_lines[#output_lines+1] = rfile.." was found:\n"..rfile_content
    if filewrite then
--- a/scripts/http-open-proxy.nse
+++ b/scripts/http-open-proxy.nse
@@ -112,6 +112,7 @@ function default_test(host, port)
  local hostname = "www.google.com"
  local pattern  = "^server: gws"
  get_status, get_r1, get_cstatus = proxy.test_get(host, port, "http", test_url, hostname, pattern)
+  local _
  head_status, _, head_cstatus = proxy.test_head(host, port, "http", test_url, hostname, pattern)
  conn_status = proxy.test_connect(host, port, "http", hostname)

--- a/scripts/http-proxy-brute.nse
+++ b/scripts/http-proxy-brute.nse
@@ -108,6 +108,7 @@ action = function(host, port)

 	local engine = brute.Engine:new(Driver, host, port)
 	engine.options.script_name = SCRIPT_NAME
+	local result
 	status, result = engine:start()

 	return result
--- a/scripts/http-vhosts.nse
+++ b/scripts/http-vhosts.nse
@@ -482,7 +482,7 @@ local HOSTNAMES = {
 defineDomain = function(host)
  if stdnse.get_script_args("http-vhosts.domain") then return stdnse.get_script_args("http-vhosts.domain") end

-  name = stdnse.get_hostname(host)
+  local name = stdnse.get_hostname(host)
  if name and name ~= host.ip then
    local pos = string.find (name, ".",1,true)
    if not pos then return name end
--- a/scripts/iax2-brute.nse
+++ b/scripts/iax2-brute.nse
@@ -71,6 +71,6 @@ Driver = {
 action = function(host, port)
 	local engine = brute.Engine:new(Driver, host, port)
 	engine.options.script_name = SCRIPT_NAME
-	status, result = engine:start()
+	local status, result = engine:start()
 	return result
 end
--- a/scripts/imap-brute.nse
+++ b/scripts/imap-brute.nse
@@ -134,6 +134,7 @@ action = function(host, port)
 		
 	local engine = brute.Engine:new(Driver, host, port)
 	engine.options.script_name = SCRIPT_NAME
+	local result
 	status, result = engine:start()
 	
 	for _, helper in pairs(ConnectionPool) do helper:close() end
--- a/scripts/imap-capabilities.nse
+++ b/scripts/imap-capabilities.nse
@@ -42,8 +42,8 @@ action = function(host, port)
 	table.insert(capstrings, cap)
     end
     return stdnse.strjoin(" ", capstrings)
-  elseif type(err) == "string" then
-     stdnse.print_debug(1, "%s: '%s' for %s", SCRIPT_NAME, err, host.ip)
+  elseif type(capa) == "string" then
+     stdnse.print_debug(1, "%s: '%s' for %s", SCRIPT_NAME, capa, host.ip)
     return
  else
     return "server doesn't support CAPABILITIES"
--- a/scripts/informix-tables.nse
+++ b/scripts/informix-tables.nse
@@ -91,6 +91,7 @@ action = function( host, port )
 	status, data = helper:Login(user, pass)
 	if ( not(status) ) then	return stdnse.format_output(status, data) end

+  local databases
 	status, databases = helper:GetDatabases()
 	if ( not(status) ) then
 		return "  \n  ERROR: Failed to retrieve a list of databases"
--- a/scripts/ip-geolocation-maxmind.nse
+++ b/scripts/ip-geolocation-maxmind.nse
@@ -410,7 +410,7 @@ local GeoIP = {
 		o._filehandle:seek("end",-3)
 		
 		for i=1,MaxmindDef.STRUCTURE_INFO_MAX_SIZE do
-			delim = o._filehandle:read(3)
+			local delim = o._filehandle:read(3)
 			
 			if delim == '\255\255\255' then
 				o._databaseType = o._filehandle:read(1):byte()
--- a/scripts/ipv6-node-info.nse
+++ b/scripts/ipv6-node-info.nse
@@ -102,7 +102,7 @@ local function send_queries(host)

 	dnet = nmap.new_dnet()
 	dnet:ip_open()
-	p = build_ni_query(host.bin_ip_src, host.bin_ip, QTYPE_NODEADDRESSES)
+	local p = build_ni_query(host.bin_ip_src, host.bin_ip, QTYPE_NODEADDRESSES)
 	dnet:ip_send(p)
 	p = build_ni_query(host.bin_ip_src, host.bin_ip, QTYPE_NODENAME)
 	dnet:ip_send(p)
--- a/scripts/irc-brute.nse
+++ b/scripts/irc-brute.nse
@@ -60,7 +60,7 @@ Driver = {

 	login = function(self, _, password)
 		local msg = ("PASS %s\r\nNICK nmap_brute\r\nUSER anonymous 0 * :Nmap brute\r\n"):format(password)
-		local status = self.socket:send(msg)
+		local status, data = self.socket:send(msg)
 		local success = false
 		
 		if ( not(status) ) then
@@ -136,6 +136,7 @@ action = function(host, port)
 	engine.options.script_name = SCRIPT_NAME	
    engine.options.firstonly = true
    engine.options.passonly = true
+  local result
 	status, result = engine:start()

 	return result
--- a/scripts/irc-unrealircd-backdoor.nse
+++ b/scripts/irc-unrealircd-backdoor.nse
@@ -157,7 +157,7 @@ action = function(host, port)
 	end

 	-- Get the current time so we can measure the delay
-	time = os.time(os.date('*t'))
+	local time = os.time(os.date('*t'))
 	socket:set_timeout((delay + 5) * 1000)

 	-- Accumulate the response in the 'data' string
--- a/scripts/ldap-rootdse.nse
+++ b/scripts/ldap-rootdse.nse
@@ -106,6 +106,7 @@ function action(host,port)
 	-- In order to discover what protocol to use (SSL/TCP) we need to send a few bytes to the server
 	-- An anonymous bind should do it
 	local ldap_anonymous_bind = string.char( 0x30, 0x0c, 0x02, 0x01, 0x01, 0x60, 0x07, 0x02, 0x01, 0x03, 0x04, 0x00, 0x80, 0x00 )
+	local _
 	socket, _, opt = comm.tryssl( host, port, ldap_anonymous_bind, nil )
 	
 	if not socket then
--- a/scripts/ldap-search.nse
+++ b/scripts/ldap-search.nse
@@ -121,6 +121,7 @@ function action(host,port)
 	-- In order to discover what protocol to use (SSL/TCP) we need to send a few bytes to the server
 	-- An anonymous bind should do it
 	local ldap_anonymous_bind = string.char( 0x30, 0x0c, 0x02, 0x01, 0x01, 0x60, 0x07, 0x02, 0x01, 0x03, 0x04, 0x00, 0x80, 0x00 )
+	local _
 	socket, _, opt = comm.tryssl( host, port, ldap_anonymous_bind, nil )
 	
 	if not socket then
--- a/scripts/membase-http-info.nse
+++ b/scripts/membase-http-info.nse
@@ -123,7 +123,7 @@ action = function(host, port)

 	local urls = { "/pools/default/buckets", "/pools" }
 	
-	local result
+	local status, result
 	for _, u in ipairs(urls) do
 		status, result = cmdReq(host, port, u, result)
 	end
--- a/scripts/metasploit-xmlrpc-brute.nse
+++ b/scripts/metasploit-xmlrpc-brute.nse
@@ -93,7 +93,7 @@ action = function(host, port)
 	local engine = brute.Engine:new(Driver, host, port, opts)
 	engine.options.script_name = SCRIPT_NAME
 	engine.options.firstonly = true
-	status, result = engine:start()
+	local status, result = engine:start()
 	return result
 end

--- a/scripts/modbus-discover.nse
+++ b/scripts/modbus-discover.nse
@@ -105,7 +105,7 @@ end
 local extract_slave_id = function(response)
    local byte_count = string.byte(response, 9)
    if ( byte_count == nil or byte_count == 0) then return nil end
-    offset, slave_id = bin.unpack("A"..byte_count, response, 10)
+    local offset, slave_id = bin.unpack("A"..byte_count, response, 10)
    return slave_id
 end

@@ -130,7 +130,7 @@ action = function(host, port)

    for sid = 1, 246 do
        stdnse.print_debug(3, "Sending command with sid = %d", sid)
-        rsid = form_rsid(sid, 0x11, "")
+        local rsid = form_rsid(sid, 0x11, "")

        local status, result = comm.exchange(host, port, rsid, opts)
        if ( status and (#result >= 8) ) then
--- a/scripts/mongodb-brute.nse
+++ b/scripts/mongodb-brute.nse
@@ -51,7 +51,7 @@ Driver = {
 		if ( status ) then
 			return true, brute.Account:new(username, password, creds.State.VALID)
 		elseif ( resp ~= "Authentication failed" ) then
-			local err = brute.Error:new( err )
+			local err = brute.Error:new( resp )
 			err:setRetry( true )
 			return false, err					
 		end
@@ -100,7 +100,7 @@ action = function(host, port)
 	
 	engine.options.script_name = SCRIPT_NAME
 	engine.options.firstonly = true
-	status, result = engine:start()
+	local status, result = engine:start()

 	return result
 end
--- a/scripts/mongodb-info.nse
+++ b/scripts/mongodb-info.nse
@@ -97,6 +97,7 @@ function action(host,port)
 	local status, packet = mongodb.serverStatusQuery()
 	if not status then return packet end

+	local statQResult, buildQResult
 	status,statQResult = mongodb.query(socket, packet)
 	
 	if not status then return statQResult end
--- a/scripts/ms-sql-empty-password.nse
+++ b/scripts/ms-sql-empty-password.nse
@@ -95,7 +95,7 @@ local function test_credentials( instance, helper, username, password )
 	if ( passwordIsGood ) then
 		local loginResultMessage = "Login Success"
 		if loginErrorCode then
-			loginResultMessage = mssql.LoginErrorMessage[ errorCode ] or "unknown error"
+			loginResultMessage = mssql.LoginErrorMessage[ loginErrorCode ] or "unknown error"
 		end
 		table.insert( instance.ms_sql_empty, string.format( "%s:%s => %s", username, password:len()>0 and password or "<empty>", loginResultMessage ) )
 		
--- a/scripts/ms-sql-tables.nse
+++ b/scripts/ms-sql-tables.nse
@@ -189,7 +189,7 @@ local function process_instance( instance )
 	
 				for k, v in pairs(dbs.rows) do
 					if ( not( table_contains( done_dbs, v[1] ) ) ) then
-						query = [[ SELECT so.name 'table', sc.name 'column', st.name 'type', sc.length 
+						local query = [[ SELECT so.name 'table', sc.name 'column', st.name 'type', sc.length 
 									FROM %s..syscolumns sc, %s..sysobjects so, %s..systypes st
 									WHERE so.id = sc.id AND sc.xtype=st.xtype AND
 									so.id IN (SELECT %s id FROM %s..sysobjects WHERE xtype='U') %s ORDER BY so.name, sc.name, st.name]]
@@ -218,7 +218,7 @@ local function process_instance( instance )
 		local restrict_tbl = {}
 		
 		if ( stdnse.get_script_args( {'ms-sql-tables.keywords', 'mssql-tables.keywords' } ) ) then
-			tmp = stdnse.get_script_args( {'ms-sql-tables.keywords', 'mssql-tables.keywords' } )
+			local tmp = stdnse.get_script_args( {'ms-sql-tables.keywords', 'mssql-tables.keywords' } )
 			if ( type(tmp) == 'table' ) then
 				tmp = stdnse.strjoin(',', tmp)
 			end
--- a/scripts/mysql-brute.nse
+++ b/scripts/mysql-brute.nse
@@ -49,7 +49,7 @@ Driver = {

 	connect = function( self )
 		self.socket = nmap.new_socket()
-		status, err = self.socket:connect(self.host, self.port)
+		local status, err = self.socket:connect(self.host, self.port)
 		self.socket:set_timeout(tonumber(arg_timeout) * 1000)
 		if(not(status)) then
 			return false, brute.Error:new( "Couldn't connect to host: " .. err )
@@ -58,7 +58,7 @@ Driver = {
 	end,

 	login = function (self, user, pass)
-		status, response = mysql.receiveGreeting(self.socket)
+		local status, response = mysql.receiveGreeting(self.socket)
 		if(not(status)) then
 			return false,brute.Error:new(response)
 		end
--- a/scripts/mysql-users.nse
+++ b/scripts/mysql-users.nse
@@ -84,9 +84,9 @@ action = function( host, port )
 		status, response = mysql.loginRequest( socket, { authversion = "post41", charset = response.charset }, username, password, response.salt )
 	
 		if status and response.errorcode == 0 then
-			status, rs = mysql.sqlQuery( socket, "SELECT DISTINCT user FROM mysql.user" )
+			status, rows = mysql.sqlQuery( socket, "SELECT DISTINCT user FROM mysql.user" )
 			if status then
-				result = mysql.formatResultset(rs, { noheaders = true })
+				result = mysql.formatResultset(rows, { noheaders = true })
 			end
 		end
 		socket:close()
--- a/scripts/nessus-brute.nse
+++ b/scripts/nessus-brute.nse
@@ -147,7 +147,7 @@ action = function(host, port)

 	-- the nessus service doesn't appear to do very well with multiple threads
 	engine:setMaxThreads(1)
-	status, result = engine:start()
+	local status, result = engine:start()

 	return result
 end
--- a/scripts/nessus-xmlrpc-brute.nse
+++ b/scripts/nessus-xmlrpc-brute.nse
@@ -123,6 +123,7 @@ action = function(host, port)
 		engine:setMaxThreads(arg_threads)
 	end
 	engine.options.script_name = SCRIPT_NAME
+	local result
 	status, result = engine:start()
 	return result
 end
--- a/scripts/nexpose-brute.nse
+++ b/scripts/nexpose-brute.nse
@@ -65,7 +65,7 @@ Driver =
 			stdnse.print_debug(1, "nexpose-brute: Good login: %s/%s", username, password)
 			return true, brute.Account:new(username, password, creds.State.VALID)
 		end
-		stdnse.print_debug(1, "nexpose-brute: WARNING: Unhandled response: %s", body)
+		stdnse.print_debug(1, "nexpose-brute: WARNING: Unhandled response: %s", response.body)
 		return false, brute.Error:new( "incorrect response from server" )
 	end,

@@ -76,6 +76,6 @@ action = function(host, port)
 	local engine = brute.Engine:new(Driver, host, port)
 	engine.options.script_name = SCRIPT_NAME
 	engine.options.max_guesses = tonumber(stdnse.get_script_args('brute.guesses')) or 3
-	status, result = engine:start()
+	local status, result = engine:start()
 	return result
 end
--- a/scripts/ntp-monlist.nse
+++ b/scripts/ntp-monlist.nse
@@ -617,7 +617,7 @@ function parse_monlist_1(pkt, recs)
    if #recs + #recs.peerlist >= MAX_RECORDS then
      return remaining
    end
-    pos = off + isize * (i-1) -- beginning of item
+    local pos = off + isize * (i-1) -- beginning of item
    local t = {}

    -- src and dst addresses
@@ -685,7 +685,7 @@ function parse_peerlist(pkt, recs)
    if #recs + #recs.peerlist >= MAX_RECORDS then
      return remaining
    end
-    pos = off + (i * isize) -- beginning of item
+    local pos = off + (i * isize) -- beginning of item
    local t = {}

    -- src address
@@ -1069,7 +1069,7 @@ function output_ips(t)
  local i = 1
  local limit = #t['6']
  while i <= limit do
-    work = {}
+    local work = {}
    local len = 0
    local j = i
    repeat
--- a/scripts/openvas-otp-brute.nse
+++ b/scripts/openvas-otp-brute.nse
@@ -81,6 +81,7 @@ Driver =
 		end

 		-- Create a buffer and receive the first line
+		local line
 		status, line = self.socket:receive_buf("\r?\n", false)

 		if (line == nil or string.match(line,"Bad login")) then
@@ -105,7 +106,7 @@ action = function(host, port)
 	local engine = brute.Engine:new(Driver, host, port)
 	engine:setMaxThreads(1)
 	engine.options.script_name = SCRIPT_NAME
-	status, result = engine:start()
+	local status, result = engine:start()
 	return result
 end

--- a/scripts/oracle-sid-brute.nse
+++ b/scripts/oracle-sid-brute.nse
@@ -116,6 +116,7 @@ local function process_tns_packet( packet )
 	local tnspacket = {}
 	
 	-- just pull out the bare minimum to be able to match
+	local _
 	_, tnspacket.Length, tnspacket.Checksum, tnspacket.Type = bin.unpack(">SSC", packet)
 	
 	return tnspacket
@@ -134,7 +135,7 @@ action = function(host, port)
 	socket:set_timeout(5000)

 	-- open the sid file specified by the user or fallback to the default oracle-sids file
-	sidfilename = nmap.registry.args.oraclesids or nmap.fetchfile("nselib/data/oracle-sids")
+	local sidfilename = nmap.registry.args.oraclesids or nmap.fetchfile("nselib/data/oracle-sids")
 	
 	sidfile = io.open(sidfilename)
 	
--- a/scripts/p2p-conficker.nse
+++ b/scripts/p2p-conficker.nse
@@ -498,8 +498,7 @@ local function conficker_check(ip, port, protocol)

 	-- If it's TCP, get the length and make sure we have the full packet
 	if(protocol == "tcp") then
-		local length
-		_, length = bin.unpack("<S", response, 1)
+		local _, length = bin.unpack("<S", response, 1)

 		while length > (#response - 2) do
 			local response2
@@ -577,6 +576,7 @@ action = function(host)
 	-- Reverse the IP's endianness
 	ip = ipOps.todword(ip)
 	ip = bin.pack(">I", ip)
+	local _
 	_, ip = bin.unpack("<I", ip)

 	-- Generate the ports
--- a/scripts/pgsql-brute.nse
+++ b/scripts/pgsql-brute.nse
@@ -61,7 +61,7 @@ local function connectSocket(host, port, ssl)

 	-- let's be responsible and avoid sending communication in the clear
 	if ( ssl ) then
-		status = pgsql.requestSSL(socket)
+		local status = pgsql.requestSSL(socket)
 		if ( status ) then
 			socket:reconnect_ssl()
 		end
@@ -89,6 +89,7 @@ action = function( host, port )
 		pg = pgsql.detectVersion(host, port )
 	end

+	local usernames, passwords
 	status, usernames = unpwdb.usernames()
 	if ( not(status) ) then	return end

@@ -105,7 +106,7 @@ action = function( host, port )
 		ssl_enable = not(nossl)
 		for password in passwords do
 			stdnse.print_debug( string.format("Trying %s/%s ...", username, password ) )
-			socket = connectSocket( host, port, ssl_enable )
+			local socket = connectSocket( host, port, ssl_enable )
 			status, response = pg.sendStartup(socket, username, username)
 			
 			-- if nossl is enforced by the user, we're done
--- a/scripts/pjl-ready-message.nse
+++ b/scripts/pjl-ready-message.nse
@@ -52,9 +52,10 @@ action = function(host, port)

 	local socket = nmap.new_socket()
 	socket:set_timeout(15000)
-	try = nmap.new_try(function() socket:close() end)
+	local try = nmap.new_try(function() socket:close() end)
 	try(socket:connect(host, port))
 	try(socket:send(statusmsg))		--this block gets the current display status
+	local data
 	response,data=socket:receive()  
 	if not response then			--send an initial probe. If no response, send nothing further. 
 		socket:close()
--- a/scripts/pop3-brute.nse
+++ b/scripts/pop3-brute.nse
@@ -47,7 +47,7 @@ Driver = {

    self.socket = nmap.new_socket()
    local opts = {timeout=10000, recv_before=true}
-    local best_opt, line
+    local best_opt, line, _
    self.socket, _, best_opt, line = comm.tryssl(self.host, self.port, "" , opts)

    if not self.socket then
@@ -106,6 +106,7 @@ action = function(host, port)

  --determine function we will use to login to server
  local is_apop = false
+  local login_function
  if (pMeth == "USER") then
    login_function = pop3.login_user
  elseif (pMeth == "SASL-PLAIN") then
@@ -123,6 +124,6 @@ action = function(host, port)

  local engine = brute.Engine:new(Driver, host, port, login_function, is_apop)
  engine.options.script_name = SCRIPT_NAME
-  status, accounts = engine:start()
+  local status, accounts = engine:start()
  return accounts
 end
--- a/scripts/qscan.nse
+++ b/scripts/qscan.nse
@@ -248,7 +248,7 @@ local report = function(stats)
 	tab.add(outtab, 4, "STDDEV")
 	tab.add(outtab, 5, "LOSS (%)")
 	tab.nextrow(outtab)
-
+  local port, fam, mean, stddev, loss
 	for _, j in pairs(stats) do
 		port = tostring(j.port)
 		fam = tostring(j.fam)
--- a/scripts/quake3-info.nse
+++ b/scripts/quake3-info.nse
@@ -95,7 +95,7 @@ local function parsefields(data)
 end

 local function parsename(data)
-	parts = stdnse.strsplit('"', data)
+	local parts = stdnse.strsplit('"', data)
 	if #parts ~= 3 then
 		return nil
 	end
--- a/scripts/quake3-master-getservers.nse
+++ b/scripts/quake3-master-getservers.nse
@@ -78,6 +78,7 @@ local function getservers(host, port, q3protocol)
 	local probe = bin.pack("CCCCA", 0xff, 0xff, 0xff, 0xff, string.format("getservers %s empty full\n", q3protocol))
        socket:send(probe)

+  local data
 	status, data = socket:receive() -- get some data
 	if not status then
 		return {}
@@ -85,6 +86,7 @@ local function getservers(host, port, q3protocol)
 	nmap.set_port_state(host, port, "open")

 	local magic = bin.pack("CCCCA", 0xff, 0xff, 0xff, 0xff, "getserversResponse")
+	local tmp
 	while #data < #magic do -- get header
 		status, tmp = socket:receive()
 		if status then
@@ -113,7 +115,7 @@ local function getservers(host, port, q3protocol)

 	local servers = {}
 	for _, value in ipairs(pieces) do
-		parts = {bin.unpack("CCCC>S", value)}
+		local parts = {bin.unpack("CCCC>S", value)}
 		if #parts > 5 then
 			local o1 = parts[2]
 			local o2 = parts[3]
@@ -150,6 +152,7 @@ end
 local function dropdupes(tables, stringify)
 	local unique = {}
 	local dupe = {}
+	local s
 	for _, v in ipairs(tables) do
 		s = stringify(v)
 		if not dupe[s] then
@@ -208,10 +211,10 @@ local function protocols()
 	local t = tab.new()
 	tab.addrow(t, '#', 'PROTOCOL', 'GAME', 'SERVERS')
 	for i, p in ipairs(sortable) do
-		pos = i .. '.'
-		protocol = p[1]
+		local pos = i .. '.'
+		local protocol = p[1]
 		count = p[2]
-		game = KNOWN_PROTOCOLS[protocol]
+		local game = KNOWN_PROTOCOLS[protocol]
 		if game == "unknown" then
 			game = ""
 		end
--- a/scripts/rdp-vuln-ms12-020.nse
+++ b/scripts/rdp-vuln-ms12-020.nse
@@ -198,9 +198,9 @@ action = function(host, port)
 	status, response = socket:receive_bytes(0) -- recieve another attach user confirm
 	pos,user2 = bin.unpack(">S",response:sub(10,11)) -- second user's channel - 1001
 	user2 = user2+1001 -- second user's channel
-	data4 = bin.pack(">SS",user1,user2)
-	data5 = bin.pack("H","0300000c02f08038") -- channel join request TPDU
-	channelJoinRequest = data5 .. data4
+	local data4 = bin.pack(">SS",user1,user2)
+	local data5 = bin.pack("H","0300000c02f08038") -- channel join request TPDU
+	local channelJoinRequest = data5 .. data4
 	status, err = socket:send(channelJoinRequest) -- bogus channel join request user1 requests channel of user2
 	status, response = socket:receive_bytes(0)
 	if response:sub(8,9) == bin.pack("H","3e00") then
--- a/scripts/redis-brute.nse
+++ b/scripts/redis-brute.nse
@@ -105,6 +105,7 @@ action = function(host, port)
 	engine.options.firstonly = true
 	engine.options:setOption( "passonly", true )

+	local result
 	status, result = engine:start()
 	return result
 end
--- a/scripts/rexec-brute.nse
+++ b/scripts/rexec-brute.nse
@@ -97,6 +97,6 @@ action = function(host, port)

 	local engine = brute.Engine:new(Driver, host, port, options)
 	engine.options.script_name = SCRIPT_NAME	
-	status, result = engine:start()
+	local status, result = engine:start()
 	return result
 end
--- a/scripts/rlogin-brute.nse
+++ b/scripts/rlogin-brute.nse
@@ -63,6 +63,7 @@ Driver = {
 		local srcport = math.random(513, 1024)
 		self.socket:bind(nil, srcport)
 		self.socket:set_timeout(self.timeout)
+		local err
 		status, err = self.socket:connect(self.host, self.port)

 		if ( status ) then
@@ -153,6 +154,6 @@ action = function(host, port)

 	local engine = brute.Engine:new(Driver, host, port, options)
 	engine.options.script_name = SCRIPT_NAME
-	status, result = engine:start()
+	local status, result = engine:start()
 	return result
 end
--- a/scripts/rmi-dumpregistry.nse
+++ b/scripts/rmi-dumpregistry.nse
@@ -187,7 +187,7 @@ function customDataFormatter(className, customData)
 	for k,v in ipairs(customData) do
 		if v:find("file:/") == 1 then
 			-- This is a classpath
-			cp = split(v, "; ") -- Splits into table
+			local cp = split(v, "; ") -- Splits into table
 			table.insert(retData, "Classpath")
 			table.insert(retData, cp)
 		else
--- a/scripts/rmi-vuln-classloader.nse
+++ b/scripts/rmi-vuln-classloader.nse
@@ -106,7 +106,7 @@ action = function (host, port)
    -- 0x51 : Returndata
    return false, "No return data received from server";
  end
-  data = registry.out.dis.bReader.readBuffer;
+  local data = registry.out.dis.bReader.readBuffer;

  if string.find(data, "RMI class loader disabled") == nil then
    rmi_vuln.state = vulns.STATE.VULN;
--- a/scripts/rsync-brute.nse
+++ b/scripts/rsync-brute.nse
@@ -102,6 +102,7 @@ action = function(host, port)
 	
 	local engine = brute.Engine:new(Driver, host, port, { module = mod })
 	engine.options.script_name = SCRIPT_NAME
+	local result
 	status, result = engine:start()
 	return result
 end
--- a/scripts/rtsp-url-brute.nse
+++ b/scripts/rtsp-url-brute.nse
@@ -79,6 +79,7 @@ local function processURL(host, port, url_iter, result)
 			break
 		end

+    local response
 		status, response = helper:describe(url)
 		if ( not(status) ) then
 			stdnse.print_debug(2, "ERROR: Sending DESCRIBE request to url: %s", url)
--- a/scripts/samba-vuln-cve-2012-1182.nse
+++ b/scripts/samba-vuln-cve-2012-1182.nse
@@ -94,12 +94,14 @@ from an anonymous connection.
 	samba_cve.state = vulns.STATE.NOT_VULN

 	-- create SMB session
+	local status, smbstate
 	status, smbstate = msrpc.start_smb(host, msrpc.SAMR_PATH,true)
 	if(status == false) then
 		return false, smbstate
 	end
 	
 	-- bind to SAMR service
+	local bind_result
 	status, bind_result = msrpc.bind(smbstate, msrpc.SAMR_UUID, msrpc.SAMR_VERSION, nil)
 	if(status == false) then
 		msrpc.stop_smb(smbstate)
@@ -107,14 +109,14 @@ from an anonymous connection.
 	end

 	-- create malicious packet, same as in the PoC
-	data = bin.pack("<I",4096)  -- num_sids
+	local data = bin.pack("<I",4096)  -- num_sids
 					.. "abcd" 
         ..bin.pack("<III",100
 						  ,0
 						  ,100)
 		 ..string.rep("a",1000)
 		 						
-	marshaledHandle = string.rep("X",20)
+	local marshaledHandle = string.rep("X",20)
 	status, result = msrpc.samr_getaliasmembership(smbstate,marshaledHandle, data)
 	print(status, result)
 	if(status == false and string.find(result,"Failed to receive bytes after 5 attempts") ~= nil) then
--- a/scripts/servicetags.nse
+++ b/scripts/servicetags.nse
@@ -172,9 +172,11 @@ action = function(host, port)
        get_agent(host, xport, output)

        -- Check if any other service tags are registered and enumerate them
+        local svctags_list
        status, svctags_list = get_svctag_list(host, xport, output)
        if status then
-            svctags = {}
+            local svctags = {}
+            local tag
            for _, svctag in ipairs(svctags_list) do
                svctags['name'] = "Service Tags"
                status, tag = get_svctag(host, port, svctag)
--- a/scripts/sip-brute.nse
+++ b/scripts/sip-brute.nse
@@ -53,7 +53,7 @@ Driver = {

 	login = function( self, username, password )
 		self.helper:setCredentials(username, password)
-		status, err = self.helper:register()
+		local status, err = self.helper:register()
 		if ( not(status) ) then
 			-- The 3CX System has an anti-hacking option that triggers after
 			-- a certain amount of guesses. This protection basically prevents
--- a/scripts/smb-brute.nse
+++ b/scripts/smb-brute.nse
@@ -322,6 +322,7 @@ local function check_login(hostinfo, username, password, logintype)
 	end

 	-- Determine if we have a password hash or a password
+	local status, err
 	if(#password == 32 or #password == 64 or #password == 65) then
 		-- It's a hash (note: we always use NTLM hashes)
 		status, err	  = smb.start_session(smbstate, smb.get_overrides(username, domain, nil, password, "ntlm"), false)
@@ -580,6 +581,7 @@ local function initialize(host)

 	-- Attempt to enumerate users
 	stdnse.print_debug(1, "smb-brute: Trying to get user list from server")
+	local _
 	hostinfo['have_user_list'], _, hostinfo['user_list'] = msrpc.get_user_list(host)
 	hostinfo['user_list_index'] = 1
 	if(hostinfo['have_user_list'] and #hostinfo['user_list'] == 0) then
@@ -604,6 +606,7 @@ local function initialize(host)

 	-- Start the SMB session
 	stdnse.print_debug(1, "smb-brute: Starting the initial SMB session")
+	local err
 	status, err = restart_session(hostinfo)
 	if(status == false) then
 		stop_session(hostinfo)
@@ -700,6 +703,7 @@ local function get_next_username(hostinfo)
 	
 			username = hostinfo['user_list'][index]
 			if(username ~= nil) then
+			  local _
 				_, username = split_domain(username)
 			end
 	
@@ -771,6 +775,7 @@ function test_lockouts(hostinfo)
 			stdnse.print_debug(1, "smb-brute: Detecting server lockout on '%s' with %d canaries", username, canaries)
 		end

+    local result
 		for i=1, canaries, 1 do
 			result = check_login(hostinfo, username, get_random_string(8), "ntlm")
 		end
@@ -938,6 +943,7 @@ function found_account(hostinfo, username, password, result)
 		if(hostinfo['have_user_list'] == false) then
 			-- Attempt to enumerate users
 			stdnse.print_debug(1, "smb-brute: Trying to get user list from server using newly discovered account")
+			local _
 			hostinfo['have_user_list'], _, hostinfo['user_list'] = msrpc.get_user_list(hostinfo['host'])
 			hostinfo['user_list_index'] = 1
 			if(hostinfo['have_user_list'] and #hostinfo['user_list'] == 0) then
@@ -1046,6 +1052,7 @@ local function go(host)
 				end

 				-- Find the case of the password, unless it's a hash
+				local case_password
 				if(not(#password == 32 or #password == 64 or #password == 65)) then
 					stdnse.print_debug(1, "smb-brute: Determining password's case (%s)", format_result(username, password))
 					case_password = find_password_case(hostinfo, username, password, result)
@@ -1082,6 +1089,7 @@ action = function(host)
 	local usernames = {}
 	local locked = {}
 	local i
+	local locked_result

 	status, result, locked_result = go(host)
 	if(status == false) then
--- a/scripts/smb-check-vulns.nse
+++ b/scripts/smb-check-vulns.nse
@@ -259,6 +259,7 @@ function check_conficker(host)
 	end

 	-- Try checking a valid string to find Conficker.D
+	local netpathcanonicalize_result, error_result
 	status, netpathcanonicalize_result, error_result = msrpc.srvsvc_netpathcanonicalize(smbstate, host.ip, "\\")
 	if(status == true and netpathcanonicalize_result['can_path'] == 0x5c45005c) then
 		msrpc.stop_smb(smbstate)
@@ -266,7 +267,6 @@ function check_conficker(host)
 	end

 	-- Try checking an illegal string ("\..\") to find Conficker.C and earlier
-	local error_result
 	status, netpathcanonicalize_result, error_result = msrpc.srvsvc_netpathcanonicalize(smbstate, host.ip, "\\..\\")

 	if(status == false) then
@@ -309,6 +309,7 @@ function check_winreg_Enum_crash(host)

 	local i, j
 	local elements = {}
+	local status, bind_result, smbstate

 	-- Create the SMB session
 	status, smbstate = msrpc.start_smb(host, msrpc.WINREG_PATH)
@@ -323,6 +324,7 @@ function check_winreg_Enum_crash(host)
 		return false, bind_result
 	end

+  local openhku_result
 	status, openhku_result = msrpc.winreg_openhku(smbstate)
 	if(status == false) then
 		msrpc.stop_smb(smbstate)
@@ -330,6 +332,7 @@ function check_winreg_Enum_crash(host)
 	end

 	-- Loop through the keys under HKEY_USERS and grab the names
+	local enumkey_result
 	status, enumkey_result = msrpc.winreg_enumkey(smbstate, openhku_result['handle'], 0, nil)
 	msrpc.stop_smb(smbstate)

--- a/scripts/smb-psexec.nse
+++ b/scripts/smb-psexec.nse
@@ -719,13 +719,13 @@ local function get_config(host, config)
 	-- Get information about the socket; it's a bit out of place here, but it should go before the mod loop
 	status, config.lhost, config.lport, config.rhost, config.rport, config.lmac = smb.get_socket_info(host)
 	if(status == false) then
-		return false, "Couldn't get socket information: " .. lhost
+		return false, "Couldn't get socket information: " .. config.lhost
 	end

 	-- Get the names of the files we're going to need
 	status, config.service_name, config.service_file, config.temp_output_file, config.output_file = get_service_files(host)
 	if(not(status)) then
-		return false, service_name
+		return false, config.service_name
 	end

 	-- Make sure the modules loaded properly
@@ -1001,6 +1001,7 @@ local function upload_everything(host, config)

 	-- Upload the service file
 	stdnse.print_debug(1, "smb-psexec: Uploading: %s => \\\\%s\\%s", config.local_service_file, config.share, config.service_file)
+	local status, err
 	status, err = smb.file_upload(host, config.local_service_file, config.share, "\\" .. config.service_file, overrides, is_xor_encoded)
 	if(status == false) then
 		cleanup(host, config)
@@ -1052,7 +1053,7 @@ end
 --@return status true or false
 --@return err    An error message if status is false. 
 local function create_service(host, config)
-	status, err = msrpc.service_create(host, config.service_name, config.path .. "\\" .. config.service_file)
+	local status, err = msrpc.service_create(host, config.service_name, config.path .. "\\" .. config.service_file)
 	if(status == false) then
 		stdnse.print_debug(1, "smb-psexec: Couldn't create the service: %s", err)
 		cleanup(host, config)
@@ -1109,7 +1110,7 @@ end
 --@return status true or false
 --@return err    An error message if status is false. 
 local function start_service(host, config, params)
-	status, err = msrpc.service_start(host, config.service_name, params)
+	local status, err = msrpc.service_start(host, config.service_name, params)
 	if(status == false) then
 		stdnse.print_debug(1, "smb-psexec: Couldn't start the service: %s", err)
 		return false, string.format("Couldn't start the service on the remote machine: %s", err)
@@ -1434,9 +1435,10 @@ and place it in nselib/data/psexec/ under the Nmap DATADIR.
 	end

 	-- Build the output into a nice table
+	local response
 	status, response = parse_output(config, result)
 	if(status == false) then
-		return stdnse.format_output(false, "Couldn't parse output: " .. results)
+		return stdnse.format_output(false, "Couldn't parse output: " .. response)
 	end

 	-- Add a warning if nothing was enabled
--- a/scripts/smtp-brute.nse
+++ b/scripts/smtp-brute.nse
@@ -130,6 +130,7 @@ action = function(host, port)
 	local engine = brute.Engine:new(Driver, host, port)
 	
 	engine.options.script_name = SCRIPT_NAME
+	local result
 	status, result = engine:start()
 	
 	for _, sock in pairs(ConnectionPool) do sock:close() end
--- a/scripts/smtp-commands.nse
+++ b/scripts/smtp-commands.nse
@@ -121,7 +121,7 @@ action = function(host, port)
        return result
    else
        if #result > 0 then
-            final = {}
+            local final = {}
            for index, test in ipairs(result) do
                table.insert(final, test)
            end
--- a/scripts/smtp-enum-users.nse
+++ b/scripts/smtp-enum-users.nse
@@ -214,6 +214,7 @@ issued_from = false
 -- @param domain Domain to use in the command
 -- @return Status and depending on the code, a error message
 function do_rcpt(socket, username, domain)
+    local status, response
    if not issued_from then
    -- Lets try to issue MAIL FROM command.
    status, response = smtp.query(socket, "MAIL",
--- a/scripts/smtp-open-relay.nse
+++ b/scripts/smtp-open-relay.nse
@@ -269,7 +269,7 @@ action = function(host, port)
        -- will print all the successful tests. Otherwise it will only
        -- print the conclusion.
        if #result > 0 then
-            final = {}
+            local final = {}
            table.insert(final,
                        string.format("Server is an open relay (%i/16 tests)",
                        (#result)))
--- a/scripts/smtp-vuln-cve2010-4344.nse
+++ b/scripts/smtp-vuln-cve2010-4344.nse
@@ -311,7 +311,7 @@ local function check_exim(smtp_opts)
  local heap_cve, priv_cve = 'CVE-2010-4344', 'CVE-2010-4345'
  local heap_str = "Exim heap overflow vulnerability ("..heap_cve.."):"
  local priv_str = "Exim privileges escalation vulnerability ("..priv_cve.."):"
-  local exip_heap_result, exip_priv_result = "", ""
+  local exim_heap_result, exim_priv_result = "", ""

  local socket, ret = smtp.connect(smtp_opts.host,
                          smtp_opts.port,
--- a/scripts/snmp-brute.nse
+++ b/scripts/snmp-brute.nse
@@ -143,7 +143,7 @@ local send_snmp_queries = function(socket, result, nextcommunity)

 	local request = snmp.buildGetRequest({}, "1.3.6.1.2.1.1.3.0")

-	local payload, status, response
+	local payload, status, response, err
 	local community = nextcommunity()

 	while community do
--- a/scripts/snmp-ios-config.nse
+++ b/scripts/snmp-ios-config.nse
@@ -46,6 +46,8 @@ dependencies = {"snmp-brute"}

 portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})

+local try
+
 local function sendrequest(socket, oid, setparam)
 	local payload
 	local options = {}
@@ -72,16 +74,15 @@ action = function(host, port)
 		return "ERROR: tftproot needs to end with slash"
 	end

-   	-- create the socket used for our connection
+  -- create the socket used for our connection
 	local socket = nmap.new_socket()

 	-- set a reasonable timeout value
 	socket:set_timeout(5000)

-	-- do some exception handling / cleanup
-	catch = function() socket:close() end
-	
-	try = nmap.new_try(catch)
+  -- do some exception handling / cleanup
+  local catch = function() socket:close() end
+  try = nmap.new_try(catch)
 	
 	-- connect to the potential SNMP system
 	try(socket:connect(host.ip, port.number, "udp"))
--- a/scripts/snmp-win32-shares.nse
+++ b/scripts/snmp-win32-shares.nse
@@ -83,6 +83,7 @@ action = function(host, port)
 	local try = nmap.new_try(catch)	
 	local data, snmpoid = nil, "1.3.6.1.4.1.77.1.2.27"
 	local shares = {}
+	local status

 	socket:set_timeout(5000)
 	try(socket:connect(host, port))
--- a/scripts/socks-brute.nse
+++ b/scripts/socks-brute.nse
@@ -95,6 +95,7 @@ action = function(host, port)

 	local engine = brute.Engine:new(Driver, host, port)
 	engine.options.script_name = SCRIPT_NAME
+	local result
 	status, result = engine:start()
 	return result
 end
--- a/scripts/ssl-enum-ciphers.nse
+++ b/scripts/ssl-enum-ciphers.nse
@@ -454,6 +454,7 @@ local function record_read(buffer, i)
 	elseif h["type"] == "handshake" then
 		-- Parse body.
 		j, b["type"] = bin.unpack("C", buffer, j)
+		local _
 		j, _ = bin.unpack("A3", buffer, j)

 		-- Convert to human-readable form.
@@ -799,7 +800,7 @@ local filltable = function(filename,table)

 		-- Comments takes up a whole line
 		if not l:match("#!comment:") then
-			lsplit=stdnse.strsplit("%s+", l)
+			local lsplit=stdnse.strsplit("%s+", l)
 			if cipherstrength[lsplit[2]] then
 				table[lsplit[1]] = lsplit[2]
 			else
--- a/Show More
+++ b/Show More