Patch to make require errors silent and removed evil workarounds.

Added new stdnse function stdnse.print_verbose (similar to print_debug).

nse_main.lua

@@ -67,8 +67,10 @@ local loadfile = loadfile;
 local loadstring = loadstring;
 local next = next;
 local pairs = pairs;
+local pcall = pcall;
 local rawget = rawget;
 local rawset = rawset;
+local require = require;
 local select = select;
 local setfenv = setfenv;
 local setmetatable = setmetatable;
@@ -94,6 +96,8 @@ local open = io.open;
 local math = require "math";
 local max = math.max;
 
+local package = require "package";
+
 local string = require "string";
 local byte = string.byte;
 local find = string.find;
@@ -207,6 +211,19 @@ local function tcopy (t)
   return tc;
 end
 
+local REQUIRE_ERROR = {};
+stdnse.require = require; -- add real require to stdnse so it can be called if desired
+function _G.require (...)
+  local status, mod = pcall(require, ...);
+  if not status then
+    print_debug(1, "%s", traceback(mod));
+    yield(REQUIRE_ERROR); -- use script yield
+    error(mod);
+  else
+    return mod;
+  end
+end
+
 local Script = {}; -- The Script Class, its constructor is Script.new.
 local Thread = {}; -- The Thread Class, its constructor is Script:new_thread.
 do
@@ -354,6 +371,9 @@ do
     categories = "table",
     dependencies = "table",
   };
+  local quiet_errors = {
+    [REQUIRE_ERROR] = true,
+  }
   -- script = Script.new(filename)
   -- Creates a new Script Class for the script.
   -- Arguments:
@@ -381,7 +401,11 @@ do
     setmetatable(env, {__index = _G});
     setfenv(file_closure, env);
     local co = create(file_closure); -- Create a garbage thread
-    assert(resume(co)); -- Get the globals it loads in env
+    local status, e = assert(resume(co)); -- Get the globals it loads in env
+    if quiet_errors[e] then
+      print_verbose(1, "Failed to load '%s'.", filename);
+      return nil;
+    end
     -- Check that all the required fields were set
     for f, t in pairs(required_fields) do
       local field = rawget(env, f);

nselib/stdnse.lua

@@ -53,7 +53,7 @@ c = nil
 -- sleep is a C function defined in nse_nmaplib.cc.
 
 ---
--- Prints a formatted debug message if the current verbosity level is greater
+-- Prints a formatted debug message if the current debugging level is greater
 -- than or equal to a given level.
 -- 
 -- This is a convenience wrapper around
@@ -73,6 +73,28 @@ print_debug = function(level, fmt, ...)
   end
 end
 
+---
+-- Prints a formatted verbosity message if the current verbosity level is greater
+-- than or equal to a given level.
+-- 
+-- This is a convenience wrapper around
+-- <code>nmap.log_write</code>. The first optional numeric
+-- argument, <code>level</code>, is used as the verbosity level necessary
+-- to print the message (it defaults to 1 if omitted). All remaining arguments
+-- are processed with Lua's <code>string.format</code> function.
+-- @param level Optional verbosity level.
+-- @param fmt Format string.
+-- @param ... Arguments to format.
+print_verbose = function(level, fmt, ...)
+  local l, d = tonumber(level), nmap.verbosity();
+  if l and l <= d then
+    nmap.log_write("stdout", format(fmt, ...));
+  elseif not l and 1 <= d then
+    nmap.log_write("stdout", format(level, fmt, ...));
+  end
+end
+
+
 --- Join a list of strings with a separator string.
 -- 
 -- This is Lua's <code>table.concat</code> function with the parameters
@@ -846,3 +868,12 @@ do end -- no function here, see nse_main.lua
 --@class function
 --@return coroutine Returns the base coroutine of the running script.
 do end -- no function here, see nse_main.lua
+
+--- The (Unmodified) Lua Require Function.
+--
+-- See the Lua manual for description. NSE replaces the standard function
+-- in the global namespace to improve error handling.
+--
+--@name require
+--@class function
+do end -- no function here, see nse_main.lua

scripts/firewalk.nse

@@ -77,8 +77,6 @@ require('stdnse')
 require('packet')
 require('tab')
 
-
-
 -----=  scan parameters defaults  =-----
 
 -- number of retries for unanswered probes
@@ -399,24 +397,13 @@ end
 
 --- host rule, check for requirements before to launch the script
 hostrule = function(host)
-
-  -- firewalk requires privileges to run
   if not nmap.is_privileged() then
-    if not nmap.registry['firewalk'] then
-      nmap.registry['firewalk'] = {}
+    nmap.registry[SCRIPT_NAME] = nmap.registry[SCRIPT_NAME] or {};
+    if not nmap.registry[SCRIPT_NAME].rootfail then
+      stdnse.print_verbose("%s not running for lack of privileges.", SCRIPT_NAME);
     end
-
-    if nmap.registry['firewalk']['rootfail'] then
-      return false
-    end
-
-    nmap.registry['firewalk']['rootfail'] = true
-
-    if nmap.verbosity() > 0 then
-      stdnse.print_debug("%s not running for lack of privileges.", SCRIPT_NAME)
-    end
-
-    return false
+    nmap.registry[SCRIPT_NAME].rootfail = true;
+    return nil;
   end
 
   if nmap.address_family() ~= 'inet' then

scripts/http-favicon.nse

@@ -37,6 +37,7 @@ require "http"
 require "stdnse"
 require "datafiles"
 require "nsedebug"
+require "openssl"
 
 portrule = shortport.http
 
@@ -55,12 +56,6 @@ action = function(host, port)
 	return
   end
 
-  if not pcall(require,'openssl') then
-	stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.",
-	    SCRIPT_NAME)
-	return
-  end
-
   if(nmap.registry.args['favicon.root']) then
 	root = nmap.registry.args['favicon.root']
   end

scripts/ipidseq.nse

@@ -187,18 +187,14 @@ end
 
 hostrule = function(host)
     if not nmap.is_privileged() then
-		if not nmap.registry['ipidseq'] then
-			nmap.registry['ipidseq'] = {}
+        nmap.registry[SCRIPT_NAME] = nmap.registry[SCRIPT_NAME] or {};
+        if not nmap.registry[SCRIPT_NAME].rootfail then
+            stdnse.print_verbose("%s not running for lack of privileges.", SCRIPT_NAME);
         end
-		if nmap.registry['ipidseq']['rootfail'] then
-			return false
-		end
-		nmap.registry['ipidseq']['rootfail'] = true
-		if nmap.verbosity() > 0 then
-			stdnse.print_debug("%s not running for lack of privileges.", SCRIPT_NAME)
-		end
-		return false
+        nmap.registry[SCRIPT_NAME].rootfail = true;
+        return nil;
     end
+
 	if nmap.address_family() ~= 'inet' then
 		stdnse.print_debug("%s is IPv4 compatible only.", SCRIPT_NAME)
 		return false

scripts/mysql-brute.nse

@@ -17,22 +17,13 @@ require 'shortport'
 require 'stdnse'
 require 'mysql'
 require 'unpwdb'
+require 'openssl'
 
 -- Version 0.3
 -- Created 01/15/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
 -- Revised 01/23/2010 - v0.2 - revised by Patrik Karlsson, changed username, password loop, added credential storage for other mysql scripts, added timelimit
 -- Revised 01/23/2010 - v0.3 - revised by Patrik Karlsson, fixed bug showing account passwords detected twice
 
--- ripped from ssh-hostkey.nse
--- openssl is required for this script
-if not pcall(require,"openssl") then
-	portrule = function() return false end
-  	action = function() end
-  	stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.",
-  	    SCRIPT_NAME)
-  	return;
-end
-
 portrule = shortport.port_or_service(3306, "mysql")
 
 action = function( host, port )

scripts/mysql-databases.nse

@@ -27,20 +27,10 @@ categories = {"discovery", "intrusive"}
 require 'shortport'
 require 'stdnse'
 require 'mysql'
+require 'openssl'
 
 dependencies = {"mysql-brute", "mysql-empty-password"}
 
--- ripped from ssh-hostkey.nse
--- openssl is required for this script
-if not pcall(require,"openssl") then
-	portrule = function() return false end
-  	action = function() end
-  	stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.",
-  	    SCRIPT_NAME)
-  	return;
-end
-
-
 -- Version 0.1
 -- Created 01/23/2010 - v0.1 - created by Patrik Karlsson
 

scripts/mysql-users.nse

@@ -30,22 +30,13 @@ categories = {"discovery", "intrusive"}
 require 'shortport'
 require 'stdnse'
 require 'mysql'
+require 'openssl'
 
 dependencies = {"mysql-brute", "mysql-empty-password"}
 
 -- Version 0.1
 -- Created 01/23/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
 
--- ripped from ssh-hostkey.nse
--- openssl is required for this script
-if not pcall(require,"openssl") then
-	portrule = function() return false end
-  	action = function() end
-  	stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.",
-  	    SCRIPT_NAME)
-  	return;
-end
-
 portrule = shortport.port_or_service(3306, "mysql")
 
 action = function( host, port )

scripts/mysql-variables.nse

@@ -38,23 +38,13 @@ categories = {"discovery", "intrusive"}
 require 'shortport'
 require 'stdnse'
 require 'mysql'
+require 'openssl'
 
 dependencies = {"mysql-brute", "mysql-empty-password"}
 
 -- Version 0.1
 -- Created 01/23/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
 
--- ripped from ssh-hostkey.nse
--- openssl is required for this script
-if not pcall(require,"openssl") then
-	portrule = function() return false end
-  	action = function() end
-  	stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.",
-  	    SCRIPT_NAME)
-  	return;
-end
-
-
 portrule = shortport.port_or_service(3306, "mysql")
 
 action = function( host, port )

scripts/oracle-brute.nse

@@ -37,15 +37,8 @@ categories = {"intrusive", "auth"}
 
 require 'shortport'
 require 'brute'
-if pcall(require,"openssl") then
-  require("tns")
-else
-  portrule = function() return false end
-  action = function() end
-  stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.",
-      SCRIPT_NAME)
-  return;
-end
+require 'openssl'
+require 'tns'
 
 portrule = shortport.port_or_service(1521, "oracle-tns", "tcp", "open")
 

scripts/oracle-enum-users.nse

@@ -34,15 +34,8 @@ categories = {"intrusive", "auth"}
 
 require 'shortport'
 require 'unpwdb'
-if pcall(require,"openssl") then
-  require("tns")
-else
-  portrule = function() return false end
-  action = function() end
-  stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.",
-      SCRIPT_NAME)
-  return;
-end
+require 'openssl'
+require 'tns'
 
 portrule = shortport.port_or_service(1521, 'oracle-tns' )
 

scripts/path-mtu.nse

@@ -268,18 +268,14 @@ end
 
 hostrule = function(host)
     if not nmap.is_privileged() then
-		if not nmap.registry['pathmtu'] then
-			nmap.registry['pathmtu'] = {}
+        nmap.registry[SCRIPT_NAME] = nmap.registry[SCRIPT_NAME] or {};
+        if not nmap.registry[SCRIPT_NAME].rootfail then
+            stdnse.print_verbose("%s not running for lack of privileges.", SCRIPT_NAME);
         end
-		if nmap.registry['pathmtu']['rootfail'] then
-			return false
-		end
-		nmap.registry['pathmtu']['rootfail'] = true
-		if nmap.verbosity() > 0 then
-			stdnse.print_debug("%s not running for lack of privileges.", SCRIPT_NAME)
-		end
-		return false
+        nmap.registry[SCRIPT_NAME].rootfail = true;
+        return nil;
     end
+
 	if nmap.address_family() ~= 'inet' then
 		stdnse.print_debug("%s is IPv4 compatible only.", SCRIPT_NAME)
 		return false

scripts/pgsql-brute.nse

@@ -29,6 +29,7 @@ categories = {"intrusive", "auth"}
 require 'shortport'
 require 'stdnse'
 require 'unpwdb'
+require 'openssl'
 
 -- Version 0.3
 -- Created 01/15/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
@@ -36,18 +37,6 @@ require 'unpwdb'
 -- Revised 03/04/2010 - v0.3 - added code from ssh-hostkey.nse to check for SSL support
 --                           - added support for trusted authentication method
 
--- ripped from ssh-hostkey.nse
--- openssl is required for this script
-if pcall(require,"openssl") then
-	require("pgsql")
-else
-	portrule = function() return false end
-  	action = function() end
-  	stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.",
-  	    SCRIPT_NAME)
-  	return;
-end
-
 portrule = shortport.port_or_service(5432, "postgresql")
 
 --- Connect a socket to the server with or without SSL

scripts/qscan.nse

@@ -364,21 +364,17 @@ local setreg = function(host, ports)
 end
 
 hostrule = function(host)
+    if not nmap.is_privileged() then
+        nmap.registry[SCRIPT_NAME] = nmap.registry[SCRIPT_NAME] or {};
+        if not nmap.registry[SCRIPT_NAME].rootfail then
+            stdnse.print_verbose("%s not running for lack of privileges.", SCRIPT_NAME);
+        end
+        nmap.registry[SCRIPT_NAME].rootfail = true;
+        return nil;
+    end
+
 	local numopen, numclosed = NUMOPEN, NUMCLOSED
 
-	if not nmap.is_privileged() then
-		if not nmap.registry['qscan'] then
-			nmap.registry['qscan'] = {}
-		end
-		if nmap.registry['qscan']['rootfail'] then
-			return false
-		end
-		nmap.registry['qscan']['rootfail'] = true
-		if nmap.verbosity() > 0 then
-			stdnse.print_debug("%s not running for lack of privileges.", SCRIPT_NAME)
-		end
-		return false
-	end
 	if nmap.address_family() ~= 'inet' then
 		stdnse.print_debug("%s is IPv4 compatible only.", SCRIPT_NAME)
 		return false

scripts/ssh-hostkey.nse

@@ -56,18 +56,9 @@ categories = {"safe","default","discovery"}
 
 require("shortport")
 require("stdnse")
-
--- openssl is required for this script
-if pcall(require,"openssl") then
+require("openssl")
 require("ssh1")
 require("ssh2")
-else
-  portrule = function() return false end
-  action = function() end
-  stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.",
-      SCRIPT_NAME)
-  return;
-end
 
 portrule = shortport.port_or_service(22, "ssh")
 

scripts/ssh2-enum-algos.nse

@@ -57,15 +57,7 @@ categories = {"safe", "discovery"}
 
 require "shortport"
 require "stdnse"
-if pcall(require,"openssl") then
-  require("ssh2")
-else
-  portrule = function() return false end
-  action = function() end
-  stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.",
-      SCRIPT_NAME)
-  return;
-end
+require "openssl"
 
 portrule = shortport.port_or_service(22, "ssh")