Added some checks for http response's body being nil.

nselib/http.lua

@@ -1795,6 +1795,7 @@ end
 -- @return A list of forms.
 function grab_forms(body)
   local forms = {}
+  if not body then return forms end
   local form_start_expr = '<%s*[Ff][Oo][Rr][Mm]'
   local form_end_expr = '</%s*[Ff][Oo][Rr][Mm]>'
   

scripts/http-auth-finder.nse

@@ -100,7 +100,7 @@ action = function(host, port)
 			end
 			nmap.registry.auth_urls[r.url] = "HTTP"
 		-- FORM-based authentication
-		else
+		elseif r.response.body then
 			-- attempt to detect a password input form field
 			if ( r.response.body:match("<[Ii][Nn][Pp][Uu][Tt].-[Tt][Yy][Pp][Ee]%s*=\"*[Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd]") ) then
 				tab.addrow(auth_urls, r.url, "FORM")

scripts/http-email-harvest.nse

@@ -67,10 +67,12 @@ function action(host, port)
 		end
 		
 		-- Collect each e-mail address and build a unique index of them
+    if r.response.body then
       for email in r.response.body:gmatch(EMAIL_PATTERN) do
         emails[email] = true
       end
     end
+	end
 
 	-- if no email addresses were collected abort
 	if ( not(emails) ) then	return end

scripts/http-grep.nse

@@ -91,7 +91,7 @@ action = function(host, port)
 		local matches = {}
 		local body = r.response.body
 		-- try to match the url and body
-		if ( body:match( match ) or tostring(r.url):match(match) ) then
+		if body and ( body:match( match ) or tostring(r.url):match(match) ) then
 			local count = select(2, body:gsub(match, match))
 			for match in body:gmatch(match) do
 				table.insert(matches, "+ " .. shortenMatch(match))

scripts/http-unsafe-output-escaping.nse

@@ -66,7 +66,7 @@ local function getReflected(parsed, r)
 	local q = url.parse_query(parsed.query)
 	-- Check the values (and keys) and see if they are reflected in the page
 	for k,v in pairs(q) do
-		if r.response.body:find(v, 1, true) then
+		if r.response.body and r.response.body:find(v, 1, true) then
 			dbg("Reflected content %s=%s", k,v)
 			reflected_values[k] = v
 			count = count +1