Merge branch 'nse-lua53'

Lua 5.3 adds several awesome features of particular interest to nmap including bitwise operators and integers, a utf8 library, and standard binary pack/unpack functions. In addition to adding Lua 5.3, this branch changes: o Complete removal of the NSE bit library (in C), It has been replaced with a new Lua library wrapping Lua 5.3's bit-wise operators. o Complete removal of the NSE bin library (in C). It has been replaced with a new Lua library wrapping Lua 5.3's string.pack|unpack functions. o The bin.pack "B" format specifier (which has never worked correctly) is unimplemented. All scripts/libraries which use it have been updated. Most usage of this option was to allow string based bit-wise operations which are no longer necessary now that Lua 5.3 provides integers and bit-wise operators. o The base32/base64 libraries have been reimplemented using Lua 5.3's new bitwise operators. (This library was the main user of the bin.pack "B" format specifier.) o A new "bits" library has been added for common bit hacks. Currently only has a reverse function. Thanks to David Fifield, Daniel Miller, Jacek Wielemborek, and Paulino Calderon for testing this branch.
2026-01-06 14:39:03 +00:00 · 2016-07-02 17:02:27 +00:00
parent 0f22680426
commit 7f5ec526fe
120 changed files with 10173 additions and 6533 deletions
--- a/scripts/dns-fuzz.nse
+++ b/scripts/dns-fuzz.nse
@@ -74,7 +74,7 @@ function pingServer (host, port, attempts)
    data = dns.encode(pkt)

    for i = 1, attempts do
-      status, result = comm.exchange(host, port, data, {timeout=math.pow(DNStimeout,slowDown)})
+      status, result = comm.exchange(host, port, data, {timeout=DNStimeout^slowDown})
      if status then
        return true
      end
@@ -85,7 +85,7 @@ function pingServer (host, port, attempts)
  else
    -- just do a vanilla recursive lookup of scanme.nmap.org
    for i = 1, attempts do
-      status, response = dns.query(recursiveServer, {host=host.ip, port=port.number, proto=port.protocol, tries=1, timeout=math.pow(DNStimeout,slowDown)})
+      status, response = dns.query(recursiveServer, {host=host.ip, port=port.number, proto=port.protocol, tries=1, timeout=DNStimeout^slowDown})
      if status then
        return true
      end
--- a/scripts/http-fileupload-exploiter.nse
+++ b/scripts/http-fileupload-exploiter.nse
@@ -301,7 +301,7 @@ action = function(host, port)

            -- Method (3).
            local inp = assert(io.open("nselib/data/pixel.gif", "rb"))
-            local image = inp:read("*all")
+            local image = inp:read("a")

            buildRequests(host, port, submission, filefield["name"], "image/gif", partofrequest, uploadspaths, image)

--- a/scripts/http-icloud-findmyiphone.nse
+++ b/scripts/http-icloud-findmyiphone.nse
@@ -74,7 +74,7 @@ action = function()
    end
    local ts
    if ( info.timestamp and 1000 < info.timestamp ) then
-      ts = os.date("%x %X", info.timestamp/1000)
+      ts = os.date("%x %X", info.timestamp//1000)
    else
      ts = "-"
    end
--- a/scripts/http-put.nse
+++ b/scripts/http-put.nse
@@ -47,7 +47,7 @@ action = function( host, port )
    output.error = ("ERROR: Failed to open file: %s"):format(fname)
    return output, output.error
  end
-  local content = f:read("*all")
+  local content = f:read("a")
  f:close()

  local response = http.put(host, port, url,  nil, content)
--- a/scripts/http-slowloris-check.nse
+++ b/scripts/http-slowloris-check.nse
@@ -150,7 +150,7 @@ the http server's resources causing Denial Of Service.
    return nil
  end
  local diff = TimeWith - TimeWithout
-  stdnse.debug1("Time difference is: %d",diff)
+  stdnse.debug1("Time difference is: %.f",diff)
  -- if second connection died 10 or more seconds after the first
  -- it means that sending additional data prolonged the connection's time
  -- and the server is vulnerable to slowloris attack
--- a/scripts/http-virustotal.nse
+++ b/scripts/http-virustotal.nse
@@ -107,12 +107,11 @@ local function readFile(filename)
    return false, ("Failed to open file: %s"):format(filename)
  end

-  local str = f:read("*all")
+  local str = f:read("a")
+  f:close()
  if ( not(str) ) then
-    f:close()
    return false, "Failed to read file contents"
  end
-  f:close()
  return true, str
 end

--- a/scripts/http-vuln-cve2014-3704.nse
+++ b/scripts/http-vuln-cve2014-3704.nse
@@ -1,6 +1,5 @@
 local bit = require "bit"
 local http = require "http"
-local math = require "math"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
 local string = require "string"
@@ -162,7 +161,7 @@ end
 local function gen_passwd_hash(passwd)
  local iter = 15
  local iter_char = itoa64(iter)
-  local iter_count = math.pow(2, iter)
+  local iter_count = 1<<iter
  local salt = stdnse.generate_random_string(8)

  local md5 = openssl.md5(salt .. passwd)
--- a/scripts/ipv6-ra-flood.nse
+++ b/scripts/ipv6-ra-flood.nse
@@ -47,8 +47,6 @@ categories = {"dos", "intrusive"}

 try = nmap.new_try()

-math.randomseed(os.time())
-
 prerule = function()
  if nmap.address_family() ~= "inet6" then
    stdnse.debug1("is IPv6 compatible only.")
--- a/scripts/jdwp-exec.nse
+++ b/scripts/jdwp-exec.nse
@@ -53,7 +53,8 @@ action = function(host, port)

  -- read .class file
  local file = io.open(nmap.fetchfile("nselib/data/jdwp-class/JDWPExecCmd.class"), "rb")
-  local class_bytes = file:read("*all")
+  local class_bytes = file:read("a")
+  file:close()

  -- inject the class
  local injectedClass
--- a/scripts/jdwp-info.nse
+++ b/scripts/jdwp-info.nse
@@ -60,7 +60,7 @@ action = function(host, port)

  -- read .class file
  local file = io.open(nmap.fetchfile("nselib/data/jdwp-class/JDWPSystemInfo.class"), "rb")
-  local class_bytes = file:read("*all")
+  local class_bytes = file:read("a")

  -- inject the class
  local injectedClass
--- a/scripts/jdwp-inject.nse
+++ b/scripts/jdwp-inject.nse
@@ -54,7 +54,8 @@ action = function(host, port)
    return stdnse.format_output(false, "This script requires a .class file to inject.")
  end
  local file = io.open(nmap.fetchfile(filename) or filename, "rb")
-  local class_bytes = file:read("*all")
+  local class_bytes = file:read("a")
+  file:close()

  -- inject the class
  local injectedClass
--- a/scripts/ldap-brute.nse
+++ b/scripts/ldap-brute.nse
@@ -290,7 +290,7 @@ action = function( host, port )
    passwords("reset")
  end

-  stdnse.debug1( "Finished brute against LDAP, total tries: %d, tps: %d", tot_tries, ( tot_tries / ( ( nmap.clock_ms() - clock_start ) / 1000 ) ) )
+  stdnse.debug1( "Finished brute against LDAP, total tries: %d, tps: %.f", tot_tries, ( tot_tries / ( ( nmap.clock_ms() - clock_start ) / 1000 ) ) )

  if ( invalid_account_cnt == user_cnt and base_dn ~= nil ) then
    return "WARNING: All usernames were invalid. Invalid LDAP base?"
--- a/scripts/smb-brute.nse
+++ b/scripts/smb-brute.nse
@@ -1,5 +1,4 @@
 local bit = require "bit"
-local math = require "math"
 local msrpc = require "msrpc"
 local nmap = require "nmap"
 local smb = require "smb"
@@ -470,7 +469,7 @@ local function find_password_case(hostinfo, username, password)
  end

  -- Figure out how many possibilities exist
-  local max = math.pow(2, #password) - 1
+  local max = (1 << #password) - 1

  -- Create an array of them, starting with all the values whose binary representation has no ones, then one one, then two ones, etc.
  local ordered = {}
--- a/scripts/smb-print-text.nse
+++ b/scripts/smb-print-text.nse
@@ -54,7 +54,8 @@ action = function(host,port)
  else
    -- read text from file
    local file = io.open(filename, "rb")
-    text_to_print = file:read("*all")
+    text_to_print = file:read("a")
+    file:close()
  end
  status, smbstate = msrpc.start_smb(host, msrpc.SPOOLSS_PATH,true)
  if(status == false) then
--- a/scripts/smtp-vuln-cve2010-4344.nse
+++ b/scripts/smtp-vuln-cve2010-4344.nse
@@ -226,7 +226,7 @@ local function exploit_heap(socket, smtp_opts)
    return status, msg
  end

-  stdnse.debug1("sending forged mail, size: %dMB", msg_len / (1024*1024))
+  stdnse.debug1("sending forged mail, size: %.fMB", msg_len / (1024*1024))

  -- use low socket level functions.
  status, ret = socket:send(hdrs)
--- a/scripts/snmp-interfaces.nse
+++ b/scripts/snmp-interfaces.nse
@@ -145,13 +145,13 @@ function get_if_speed( speed )

  -- GigE or 10GigE speeds
  if speed >= 1000000000 then
-    result = string.format( "%d Gbps", speed / 1000000000)
+    result = string.format( "%.f Gbps", speed / 1000000000)
  -- Common for 10 or 100 Mbit ethernet
  elseif speed >= 1000000 then
-    result = string.format( "%d Mbps", speed / 1000000)
+    result = string.format( "%.f Mbps", speed / 1000000)
  -- Anything slower report in Kbps
  else
-    result = string.format( "%d Kbps", speed / 1000)
+    result = string.format( "%.f Kbps", speed / 1000)
  end

  return result
--- a/scripts/ssl-google-cert-catalog.nse
+++ b/scripts/ssl-google-cert-catalog.nse
@@ -1,4 +1,5 @@
 local dns = require "dns"
+local math = require "math"
 local os = require "os"
 local shortport = require "shortport"
 local sslcert = require "sslcert"
@@ -34,7 +35,7 @@ categories = { "safe", "discovery", "external" }


 local format_date = function(day_num)
-    return os.date("%d %b %Y", 60 * 60 * 24 * tonumber(day_num))
+    return os.date("%d %b %Y", 60 * 60 * 24 * math.tointeger(day_num))
 end

 portrule = shortport.ssl
--- a/scripts/targets-ipv6-multicast-slaac.nse
+++ b/scripts/targets-ipv6-multicast-slaac.nse
@@ -60,7 +60,6 @@ end
 -- @return A 16-byte string of IPv6 address, and the length of the prefix.
 local function get_random_ula_prefix(local_scope)
  local ula_prefix
-  math.randomseed(os.time())
  local global_id = string.char(math.random(256)-1,math.random(256)-1,math.random(256)-1,math.random(256)-1,math.random(256)-1)

  if local_scope then
--- a/scripts/whois-ip.nse
+++ b/scripts/whois-ip.nse
@@ -1970,8 +1970,8 @@ function requires_updating( file )
  local f, err, _ = io.open( file, "r" )
  if not f then return true, nil end

-  local _ = f:read("*line")
-  local stamp = f:read("*line")
+  local _ = f:read()
+  local stamp = f:read()
  f:close()
  if not stamp then return true, nil end