diff --git a/nselib/datafiles.lua b/nselib/datafiles.lua
index 42baccf60..4748a7cd2 100644
--- a/nselib/datafiles.lua
+++ b/nselib/datafiles.lua
@@ -183,6 +183,7 @@ function parse_lines(lines, data_struct)
       elseif type(value) == "string" or type(value) == "function" then
         ret = get_array( lines, value )
       elseif type(value) == "table" then
+        local _
         _, ret[index] = parse_lines( lines, value )
       else
         -- TEMP
diff --git a/nselib/dns.lua b/nselib/dns.lua
index ae12bcf13..a7de67e82 100644
--- a/nselib/dns.lua
+++ b/nselib/dns.lua
@@ -717,8 +717,8 @@ end
 -- @param flgStr Flags as a binary digit string.
 -- @return Table representing flags.
 local function decodeFlags(flgStr)
-   flags = {}
-   flgTbl = str2tbl(flgStr)
+   local flags = {}
+   local flgTbl = str2tbl(flgStr)
    if flgTbl[1] == '1' then flags.QR = true end
    if flgTbl[2] == '1' then flags.OC1 = true end   
    if flgTbl[3] == '1' then flags.OC2 = true end
diff --git a/nselib/imap.lua b/nselib/imap.lua
index e280cba07..038fede5c 100644
--- a/nselib/imap.lua
+++ b/nselib/imap.lua
@@ -21,7 +21,7 @@ function capabilities(host, port)
    local proto = (port.version and port.version.service_tunnel == "ssl" and "ssl") or "tcp"
    if not socket:connect(host.ip, port.number, proto) then return nil, "Could Not Connect" end
 
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
    if not string.match(line, "^[%*] OK") then return nil, "No Response" end
    
    socket:send("a001 CAPABILITY\r\n")
diff --git a/nselib/ipOps.lua b/nselib/ipOps.lua
index 3c7f5c0de..e0468be7e 100644
--- a/nselib/ipOps.lua
+++ b/nselib/ipOps.lua
@@ -31,6 +31,7 @@ module ( "ipOps" )
 -- @return True or false (or <code>nil</code> in case of an error).
 -- @return String error message in case of an error.
 isPrivate = function( ip )
+  local err
 
   ip, err = expand_ip( ip )
   if err then return nil, err end
@@ -77,7 +78,7 @@ todword = function( ip )
     return nil, "Error in ipOps.todword: Expected IPv4 address."
   end
 
-  local n, ret = {}
+  local n, ret, err = {}
   n, err = get_parts_as_number( ip )
   if err then return nil, err end
 
@@ -104,6 +105,7 @@ end
 -- <code>nil</code> in case of an error).
 -- @return String error message in case of an error.
 get_parts_as_number = function( ip )
+  local err
 
   ip, err = expand_ip( ip )
   if err then return nil, err end
@@ -250,6 +252,7 @@ end
 -- <code>nil</code> in case of an error).
 -- @return String error message in case of an error.
 expand_ip = function( ip )
+  local err
 
   if type( ip ) ~= "string" or ip == "" then
     return nil, "Error in ipOps.expand_ip: Expected IP address as a string."
@@ -427,6 +430,7 @@ end
 -- digits (or <code>nil</code> in case of an error).
 -- @return    String error message in case of an error.
 ip_to_bin = function( ip )
+  local err
 
   ip, err = expand_ip( ip )
   if err then return nil, err end
@@ -473,6 +477,7 @@ bin_to_ip = function( binstring )
     return nil, "Error in ipOps.bin_to_ip: Expected string of binary digits."
   end
 
+  local af
   if string.len( binstring ) == 32 then
     af = 4
   elseif string.len( binstring ) == 128 then
@@ -481,7 +486,7 @@ bin_to_ip = function( binstring )
     return nil, "Error in ipOps.bin_to_ip: Expected exactly 32 or 128 binary digits."
   end
 
-  t = {}
+  local t = {}
   if af == 6 then
     local pattern = string.rep( "[01]", 16 )
     for chunk in string.gmatch( binstring, pattern ) do
diff --git a/nselib/match.lua b/nselib/match.lua
index 315983cae..f28cfafee 100644
--- a/nselib/match.lua
+++ b/nselib/match.lua
@@ -29,7 +29,7 @@ regex = function(pattern)
 	local r = pcre.new(pattern, 0,"C")
 
 	return function(buf)
-		s,e = r:exec(buf, 0,0);
+		local s,e = r:exec(buf, 0,0);
 		return s,e
 	end
 end
diff --git a/nselib/msrpc.lua b/nselib/msrpc.lua
index 90e4b80d7..6810d681a 100644
--- a/nselib/msrpc.lua
+++ b/nselib/msrpc.lua
@@ -2122,6 +2122,7 @@ function winreg_queryvalue(smbstate, handle, value)
 
 	-- Format the type properly and put it in "value"
 	if(result['data'] ~= nil) then
+        local _
 		if(result['type'] == "REG_DWORD") then
 			_, result['value'] = bin.unpack("<I", result['data'])
 		elseif(result['type'] == "REG_SZ" or result['type'] == "REG_MULTI_SZ" or result['type'] == "REG_EXPAND_SZ") then
@@ -2855,35 +2856,31 @@ function samr_enum_users(host)
 		local domain = enumdomains_result['sam']['entries'][i]['name']
 		-- We don't care about the 'builtin' domain, in all my tests it's empty
 		if(domain ~= 'Builtin') then
-			local sid
-			local domain_handle
-			local opendomain_result, querydisplayinfo_result
-
 			-- Call LookupDomain()
-			status, lookupdomain_result = samr_lookupdomain(smbstate, connect_handle, domain)
+			local status, lookupdomain_result = samr_lookupdomain(smbstate, connect_handle, domain)
 			if(status == false) then
 				stop_smb(smbstate)
 				return false, lookupdomain_result
 			end
 
 			-- Save the sid
-			sid = lookupdomain_result['sid']
+			local sid = lookupdomain_result['sid']
 	
 			-- Call OpenDomain()
-			status, opendomain_result = samr_opendomain(smbstate, connect_handle, sid)
+			local status, opendomain_result = samr_opendomain(smbstate, connect_handle, sid)
 			if(status == false) then
 				stop_smb(smbstate)
 				return false, opendomain_result
 			end
 
 			-- Save the domain handle
-			domain_handle = opendomain_result['domain_handle']
+			local domain_handle = opendomain_result['domain_handle']
 
 			-- Loop as long as we're getting valid results	
 			j = 0
 			repeat
 				-- Call QueryDisplayInfo()
-				status, querydisplayinfo_result = samr_querydisplayinfo(smbstate, domain_handle, j, SAMR_GROUPSIZE)
+				local status, querydisplayinfo_result = samr_querydisplayinfo(smbstate, domain_handle, j, SAMR_GROUPSIZE)
 				if(status == false) then
 					stop_smb(smbstate)
 					return false, querydisplayinfo_result
@@ -2975,7 +2972,7 @@ function lsa_enum_users(host)
 
 	-- Start with some common names, as well as the name returned by the negotiate call
 	-- Vista doesn't like a 'null' after the server name, so fix that (TODO: the way I strip the null here feels hackish, is there a better way?)
-	names = {"administrator", "guest", "test"}
+	local names = {"administrator", "guest", "test"}
 	-- These aren't always sent back (especially with 'extended security')
 	if(smbstate['domain'] ~= nil) then
 		names[#names + 1] = smbstate['domain']
@@ -3471,14 +3468,14 @@ function get_server_stats(host)
 	end
    
 	-- Bind to SRVSVC service
-	status, bind_result = bind(smbstate, SRVSVC_UUID, SRVSVC_VERSION, nil)
+	local status, bind_result = bind(smbstate, SRVSVC_UUID, SRVSVC_VERSION, nil)
 	if(status == false) then
 		smb.stop(smbstate)
 		return false, bind_result
 	end
    
 	-- Call netservergetstatistics for 'server'
-	status, netservergetstatistics_result = srvsvc_netservergetstatistics(smbstate, host.ip)
+	local status, netservergetstatistics_result = srvsvc_netservergetstatistics(smbstate, host.ip)
 	if(status == false) then
 		smb.stop(smbstate)
 		return false, netservergetstatistics_result
@@ -3573,24 +3570,23 @@ end
 --@return A table of information about the share (if status is true) or an an error string (if 
 --        status is false).
 function get_share_info(host, name)
-	local status, smbstate
 	local response = {}
 
 	-- Create the SMB session
-	status, smbstate = start_smb(host, SRVSVC_PATH)
+	local status, smbstate = start_smb(host, SRVSVC_PATH)
 	if(status == false) then
 		return false, smbstate
 	end
 
 	-- Bind to SRVSVC service
-	status, bind_result = bind(smbstate, SRVSVC_UUID, SRVSVC_VERSION, nil)
+	local status, bind_result = bind(smbstate, SRVSVC_UUID, SRVSVC_VERSION, nil)
 	if(status == false) then
 		smb.stop(smbstate) 
 		return false, bind_result
 	end
 
 	-- Call NetShareGetInfo
-	status, netsharegetinfo_result = srvsvc_netsharegetinfo(smbstate, host.ip, name, 2)
+	local status, netsharegetinfo_result = srvsvc_netsharegetinfo(smbstate, host.ip, name, 2)
 	if(status == false) then
 		smb.stop(smbstate) 
 		return false, netsharegetinfo_result
diff --git a/nselib/msrpcperformance.lua b/nselib/msrpcperformance.lua
index 37c8b1823..c53c51eab 100644
--- a/nselib/msrpcperformance.lua
+++ b/nselib/msrpcperformance.lua
@@ -427,10 +427,9 @@ function get_performance_data(host, objects)
 
 	local status, smbstate
 	local bind_result, openhkpd_result, queryvalue_result, data_block
-	local pos
+	local pos, object_type, counter_result
 	local result = {}
 	local i, j, k
-	local pos
 
 	-- Create the SMB session
 	status, smbstate = msrpc.start_smb(host, msrpc.WINREG_PATH)
diff --git a/nselib/msrpctypes.lua b/nselib/msrpctypes.lua
index e28379be1..c3b651ca6 100644
--- a/nselib/msrpctypes.lua
+++ b/nselib/msrpctypes.lua
@@ -455,7 +455,7 @@ local function unmarshall_array(data, pos, count, func, args)
 		args = {}
 	end
 
-	pos, max_count = bin.unpack("<I", data, pos)
+	local pos, max_count = bin.unpack("<I", data, pos)
 	if(max_count == nil) then
 		stdnse.print_debug(1, "MSRPC: ERROR: Ran off the end of a packet in unmarshall_array(). Please report!")
 	end
@@ -1165,6 +1165,7 @@ end
 --@return (pos, time) The new position, and the time in seconds since 1970. 
 function unmarshall_SYSTEMTIME(data, pos)
 	local date = {}
+    local _
 
 	pos, date['year'], date['month'], _, date['day'], date['hour'], date['min'], date['sec'], _ = bin.unpack("<SSSSSSSS", data, pos)
 	if(date['sec'] == nil) then
@@ -1227,14 +1228,13 @@ end
 --@param default The default value to return if the lookup was unsuccessful. 
 --@return (pos, policy_handle) The new position, and a table representing the policy_handle. 
 local function unmarshall_Enum32(data, pos, table, default)
-	local i, v
 	stdnse.print_debug(4, string.format("MSRPC: Entering unmarshall_Enum32()"))
 
 	if(default == nil) then
 		default = "<unknown>"
 	end
 
-	pos, val = unmarshall_int32(data, pos)
+	local pos, val = unmarshall_int32(data, pos)
 
 	for i, v in pairs(table) do
 		if(v == val) then
@@ -1257,14 +1257,13 @@ end
 --@param pad     [optional] If set, will ensure that we end up on an even multiple of 4. Default: true. 
 --@return (pos, policy_handle) The new position, and a table representing the policy_handle. 
 local function unmarshall_Enum16(data, pos, table, default, pad)
-	local i, v
 	stdnse.print_debug(4, string.format("MSRPC: Entering unmarshall_Enum16()"))
 
 	if(default == nil) then
 		default = "<unknown>"
 	end
 
-	pos, val = unmarshall_int16(data, pos, pad)
+	local pos, val = unmarshall_int16(data, pos, pad)
 
 	for i, v in pairs(table) do
 		if(v == val) then
@@ -1474,7 +1473,7 @@ function unmarshall_dom_sid2(data, pos)
 	end
 
 	-- Convert the SID to a string
-	result = string.format("S-%u-%u", sid['sid_rev_num'], sid['authority'])
+	local result = string.format("S-%u-%u", sid['sid_rev_num'], sid['authority'])
 	for i = 1, sid['num_auths'], 1 do
 		result = result .. string.format("-%u", sid['sub_auths'][i])
 	end
@@ -1528,7 +1527,7 @@ function marshall_dom_sid2(sid)
 		return nil
 	end
 
-	pos = 3
+	local pos = 3
 
 	pos_next = string.find(sid, "-", pos)
 	sid_array['sid_rev_num'] = string.sub(sid, pos, pos_next - 1)
diff --git a/nselib/netbios.lua b/nselib/netbios.lua
index bae98457b..7ff877bfb 100644
--- a/nselib/netbios.lua
+++ b/nselib/netbios.lua
@@ -289,12 +289,12 @@ function do_nbstat(host)
 
 	socket:set_timeout(1000)
 
-	status, result = socket:receive_bytes(1)
+	local status, result = socket:receive_bytes(1)
 	if(status == false) then
 		return false, result
 	end
 
-	close_status, err = socket:close()
+	local close_status, err = socket:close()
 	if(close_status == false) then
 		return false, err
 	end
diff --git a/nselib/nsedebug.lua b/nselib/nsedebug.lua
index 823a44b52..4afb39d51 100644
--- a/nselib/nsedebug.lua
+++ b/nselib/nsedebug.lua
@@ -65,7 +65,7 @@ function print_hex(str)
 
 		-- Loop through the string, printing the hex
 		for char=1, 16, 1 do
-			ch = string.byte(str, ((line - 1) * 16) + char)
+			local ch = string.byte(str, ((line - 1) * 16) + char)
 			io.write(string.format("%02x ", ch))
 		end
 
@@ -73,7 +73,7 @@ function print_hex(str)
 
 		-- Loop through the string again, this time the ascii
 		for char=1, 16, 1 do
-			ch = string.byte(str, ((line - 1) * 16) + char)
+			local ch = string.byte(str, ((line - 1) * 16) + char)
 			if ch < 0x20 or ch > 0x7f then
 				ch = string.byte(".", 1)
 			end
@@ -84,18 +84,18 @@ function print_hex(str)
 	end
 
 	-- Prints out the final, partial line
-	line = math.floor((string.len(str)/16)) + 1
+	local line = math.floor((string.len(str)/16)) + 1
 	io.write(string.format("%08x ", (line - 1) * 16))
 
 	for char=1, string.len(str) % 16, 1 do
-		ch = string.byte(str, ((line - 1) * 16) + char)
+		local ch = string.byte(str, ((line - 1) * 16) + char)
 		io.write(string.format("%02x ", ch))
 	end
 	io.write(string.rep("   ", 16 - (string.len(str) % 16)));
 	io.write("   ")
 
 	for char=1, string.len(str) % 16, 1 do
-		ch = string.byte(str, ((line - 1) * 16) + char)
+		local ch = string.byte(str, ((line - 1) * 16) + char)
 		if ch < 0x20 or ch > 0x7f then
 			ch = string.byte(".", 1)
 		end
diff --git a/nselib/packet.lua b/nselib/packet.lua
index 70928760e..f40fd0b0f 100644
--- a/nselib/packet.lua
+++ b/nselib/packet.lua
@@ -285,14 +285,14 @@ end
 --- Set the source IP address.
 -- @param binip The source IP address as a byte string.
 function Packet:ip_set_bin_src(binip)
-	nrip = u32(binip, 0)
+	local nrip = u32(binip, 0)
 	self:set_u32(self.ip_offset + 12, nrip)
 	self.ip_bin_src		= self:raw(self.ip_offset + 12,4)	-- raw 4-bytes string
 end
 --- Set the destination IP address.
 -- @param binip The destination IP address as a byte string.
 function Packet:ip_set_bin_dst(binip)
-	nrip = u32(binip, 0)
+	local nrip = u32(binip, 0)
 	self:set_u32(self.ip_offset + 16, nrip)
 	self.ip_bin_dst		= self:raw(self.ip_offset + 16,4)
 end
diff --git a/nselib/pop3.lua b/nselib/pop3.lua
index c182b12e5..566504c66 100644
--- a/nselib/pop3.lua
+++ b/nselib/pop3.lua
@@ -43,7 +43,7 @@ end
 -- @return Error code if status is false.
 function login_user(socket, user, pw)
    socket:send("USER " .. user .. "\r\n")
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
    if not stat(line) then return false, err.user_error end
    socket:send("PASS " .. pw .. "\r\n")
       
@@ -67,7 +67,7 @@ function login_sasl_plain(socket, user, pw)
    local auth64 = base64.enc(user .. "\0" .. user .. "\0" .. pw)
    socket:send("AUTH PLAIN " .. auth64 .. "\r\n")
    
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
    
    if stat(line) then 
       return true, err.none
@@ -91,14 +91,14 @@ function login_sasl_login(socket, user, pw)
 
    socket:send("AUTH LOGIN\r\n")
       
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
    if not base64.dec(string.sub(line, 3)) == "User Name:" then 
       return false, err.userError 
    end
 
    socket:send(user64)
       
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
 
    if not base64.dec(string.sub(line, 3)) == "Password:" then 
       return false, err.userError
@@ -106,7 +106,7 @@ function login_sasl_login(socket, user, pw)
 
    socket:send(pw64)
       
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
     
    if stat(line) then
       return true, err.none
@@ -129,7 +129,7 @@ function login_apop(socket, user, pw, challenge)
    local apStr = stdnse.tohex(openssl.md5(challenge .. pw))
    socket:send(("APOP %s %s\r\n"):format(user, apStr))
       
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
    
    if (stat(line)) then 
       return true, err.none
@@ -152,14 +152,14 @@ function capabilities(host, port)
    local opts = {timeout=10000, recv_before=true}
    local i = 1
 
-   socket, line, bopt, first_line = comm.tryssl(host, port, "CAPA\r\n" , opts)
+   local socket, line, bopt, first_line = comm.tryssl(host, port, "CAPA\r\n" , opts)
    if not socket then return nil, "Could Not Connect" end
    if not stat(first_line) then return nil, "No Response" end
   
    if string.find(first_line, "<[%p%w]+>") then capas.APOP = true end
    
-   lines = stdnse.strsplit("\r\n",line)
-   line = lines[1]
+   local lines = stdnse.strsplit("\r\n",line)
+   local line = lines[1]
 
    if not stat(line) then 
       capas.capa = false
@@ -199,7 +199,7 @@ function login_sasl_crammd5(socket, user, pw)
 
    socket:send("AUTH CRAM-MD5\r\n")
    
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
    
    local challenge = base64.dec(string.sub(line, 3))
 
@@ -207,7 +207,7 @@ function login_sasl_crammd5(socket, user, pw)
    local authStr = base64.enc(user .. " " .. digest)
    socket:send(authStr .. "\r\n")
       
-   status, line = socket:receive_lines(1)
+   local status, line = socket:receive_lines(1)
    
    if stat(line) then 
       return true, err.none
diff --git a/nselib/smb.lua b/nselib/smb.lua
index 4196db07d..470bb24ec 100644
--- a/nselib/smb.lua
+++ b/nselib/smb.lua
@@ -309,7 +309,7 @@ function add_account(host, username, password)
 	if(string.lower(username) ~= "guest" and string.lower(username) ~= "") then
 		-- Save the new account if this is our first one, or our other account isn't an admin
 		if(nmap.registry[host.ip]['smbaccount'] == nil or nmap.registry[host.ip]['smbaccount']['is_admin'] == false) then
-			local result
+			local result, _
 	
 			nmap.registry[host.ip]['smbaccount'] = {}
 			nmap.registry[host.ip]['smbaccount']['username'] = username
@@ -587,7 +587,7 @@ function start_netbios(host, port, name)
 	-- If all else fails, use each substring of the DNS name (this is a HUGE hack, but is actually
 	-- a recommended way of doing this!)
 	if(host.name ~= nil and host.name ~= "") then
-		new_names = get_subnames(host.name)
+		local new_names = get_subnames(host.name)
 		for i = 1, #new_names, 1 do
 			names[#names + 1] = new_names[i]
 		end
@@ -604,7 +604,7 @@ function start_netbios(host, port, name)
 		-- Some debug information
 		stdnse.print_debug(1, "SMB: Trying to start NetBIOS session with name = '%s'", name)
 		-- Request a NetBIOS session
-		session_request = bin.pack(">CCSzz", 
+		local session_request = bin.pack(">CCSzz", 
 					0x81,                        -- session request
 					0x00,                        -- flags
 					0x44,                        -- length
@@ -999,7 +999,7 @@ function negotiate_protocol(smb)
 
 	-- Send the negotiate request
 	stdnse.print_debug(2, "SMB: Sending SMB_COM_NEGOTIATE")
-	result, err = smb_send(smb, header, parameters, data)
+	local result, err = smb_send(smb, header, parameters, data)
 	if(status == false) then
 		return false, err
 	end
@@ -1011,6 +1011,7 @@ function negotiate_protocol(smb)
 	end
 
 	-- Parse out the header
+    local uid, tid, header4
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 
 	-- Check if we fell off the packet (if that happened, the last parameter will be nil)
@@ -1112,9 +1113,9 @@ function negotiate_protocol(smb)
 end
 
 function start_session_basic(smb, overrides, use_default, log_errors)
-	local i
+	local i, err
 	local status, result
-	local header, parameters, data
+	local header, parameters, data, domain
 	local pos
 	local header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid 
 	local andx_command, andx_reserved, andx_offset, action
@@ -1234,7 +1235,7 @@ end
 
 function start_session_extended(smb, overrides, use_default, log_errors)
 	local i
-	local status, status_name, result
+	local status, status_name, result, err
 	local header, parameters, data
 	local pos
 	local header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid 
@@ -1416,7 +1417,7 @@ end
 --        table with the following elements:
 --      * 'tid'         The TreeID for the session
 function tree_connect(smb, path)
-	local header, parameters, data
+	local header, parameters, data, err, result
 	local pos
 	local header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, pid, mid 
 	local andx_command, andx_reserved, andx_offset, action
@@ -1449,6 +1450,7 @@ function tree_connect(smb, path)
 	end
 
 	-- Check if we were allowed in
+    local uid, tid
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [20]"
@@ -1480,18 +1482,19 @@ function tree_disconnect(smb)
 
 	-- Send the tree disconnect request
 	stdnse.print_debug(2, "SMB: Sending SMB_COM_TREE_DISCONNECT")
-	result, err = smb_send(smb, header, "", "")
+	local result, err = smb_send(smb, header, "", "")
 	if(result == false) then
 		return false, err
 	end
 
 	-- Read the result
-	status, header, parameters, data = smb_read(smb)
+	local status, header, parameters, data = smb_read(smb)
 	if(status ~= true) then
 		return false, header
 	end
 
 	-- Check if there was an error
+    local uid, tid, pos
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [21]"
@@ -1512,7 +1515,7 @@ end
 --@return (status, result) If statis is false, result is an error message. If status is true, 
 --              the logoff was successful. 
 function logoff(smb)
-	local header, parameters
+	local header, parameters, data
 	local header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, pid, mid 
 
 	header = smb_encode_header(smb, command_codes['SMB_COM_LOGOFF_ANDX'])
@@ -1526,7 +1529,7 @@ function logoff(smb)
 
 	-- Send the tree disconnect request
 	stdnse.print_debug(2, "SMB: Sending SMB_COM_LOGOFF_ANDX")
-	result, err = smb_send(smb, header, parameters, "")
+	local result, err = smb_send(smb, header, parameters, "")
 	if(result == false) then
 		return false, err
 	end
@@ -1543,6 +1546,7 @@ function logoff(smb)
 	smb['mac_key']  = nil
 
 	-- Check if there was an error
+    local uid, tid, pos
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [22]"
@@ -1598,7 +1602,7 @@ function create_file(smb, path)
 
 	-- Send the create file
 	stdnse.print_debug(2, "SMB: Sending SMB_COM_NT_CREATE_ANDX")
-	result, err = smb_send(smb, header, parameters, data)
+	local result, err = smb_send(smb, header, parameters, data)
 	if(result == false) then
 		return false, err
 	end
@@ -1610,6 +1614,7 @@ function create_file(smb, path)
 	end
 
 	-- Check if we were allowed in
+    local uid, tid
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [23]"
@@ -1675,7 +1680,7 @@ function read_file(smb, offset, count)
 
 	-- Send the create file
 	stdnse.print_debug(2, "SMB: Sending SMB_COM_READ_ANDX")
-	result, err = smb_send(smb, header, parameters, data)
+	local result, err = smb_send(smb, header, parameters, data)
 	if(result == false) then
 		return false, err
 	end
@@ -1687,6 +1692,7 @@ function read_file(smb, offset, count)
 	end
 
 	-- Check if we were allowed in
+    local uid, tid
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	
 	if(mid == nil) then
@@ -1760,7 +1766,7 @@ function write_file(smb, write_data, offset)
 
 	-- Send the create file
 	stdnse.print_debug(2, "SMB: Sending SMB_COM_WRITE_ANDX")
-	result, err = smb_send(smb, header, parameters, data)
+	local result, err = smb_send(smb, header, parameters, data)
 	if(result == false) then
 		return false, err
 	end
@@ -1772,6 +1778,7 @@ function write_file(smb, write_data, offset)
 		return false, header
 	end
 
+    local uid, tid
 	-- Check if we were allowed in
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
@@ -1782,6 +1789,7 @@ function write_file(smb, write_data, offset)
 	end
 
 	-- Parse the parameters
+    local reserved, count_high, remaining, count_low
 	pos, andx_command, andx_reserved, andx_offset, count_low, remaining, count_high, reserved  = bin.unpack("<CCSSSSS", parameters)
 	if(reserved == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [28]"
@@ -1816,7 +1824,7 @@ function close_file(smb)
 
 	-- Send the close file
 	stdnse.print_debug(2, "SMB: Sending SMB_CLOSE")
-	result, err = smb_send(smb, header, parameters, data)
+	local result, err = smb_send(smb, header, parameters, data)
 	if(result == false) then
 		return false, err
 	end
@@ -1828,6 +1836,7 @@ function close_file(smb)
 	end
 
 	-- Check if the close was successful
+    local uid, tid
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [27]"
@@ -1862,7 +1871,7 @@ function delete_file(smb, path)
 
 	-- Send the close file
 	stdnse.print_debug(2, "SMB: Sending SMB_CLOSE")
-	result, err = smb_send(smb, header, parameters, data)
+	local result, err = smb_send(smb, header, parameters, data)
 	if(result == false) then
 		return false, err
 	end
@@ -1874,6 +1883,7 @@ function delete_file(smb, path)
 	end
 
 	-- Check if the close was successful
+    local uid, tid
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [27]"
@@ -1946,7 +1956,7 @@ function send_transaction_named_pipe(smb, function_parameters, function_data, pi
 
 	-- Send the transaction request
 	stdnse.print_debug(2, "SMB: Sending SMB_COM_TRANSACTION")
-	result, err = smb_send(smb, header, parameters, data)
+	local result, err = smb_send(smb, header, parameters, data)
 	if(result == false) then
 		return false, err
 	end
@@ -1958,6 +1968,7 @@ function send_transaction_named_pipe(smb, function_parameters, function_data, pi
 	end
 
 	-- Check if it worked
+    local uid, tid, pos
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [29]"
@@ -2031,7 +2042,7 @@ function send_transaction_waitnamedpipe(smb, priority, pipe)
 
 	-- Send the transaction request
 	stdnse.print_debug(2, "SMB: Sending SMB_COM_TRANSACTION (WaitNamedPipe)")
-	result, err = smb_send(smb, header, parameters, data)
+	local result, err = smb_send(smb, header, parameters, data)
 	if(result == false) then
 		return false, err
 	end
@@ -2043,6 +2054,7 @@ function send_transaction_waitnamedpipe(smb, priority, pipe)
 	end
 
 	-- Check if it worked
+    local uid, tid, pos
 	pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
 	if(mid == nil) then
 		return false, "SMB: ERROR: Ran off the end of SMB packet; likely due to server truncation [31]"
@@ -2073,7 +2085,7 @@ end
 --@param share      The share to upload it to (eg, C$). 
 --@param remotefile The remote file on the machine. It is relative to the share's root. 
 function file_upload(host, localfile, share, remotefile)
-	local status, smbstate
+	local status, err, smbstate
 	local chunk = 1024
 
 	local filename = nmap.fetchfile(localfile)
diff --git a/nselib/smbauth.lua b/nselib/smbauth.lua
index 939d89549..c0cd53ae7 100644
--- a/nselib/smbauth.lua
+++ b/nselib/smbauth.lua
@@ -92,6 +92,8 @@ local NTLMSSP_NEGOTIATE = 0x00000001
 local NTLMSSP_CHALLENGE = 0x00000002
 local NTLMSSP_AUTH      = 0x00000003
 
+local session_key = string.rep(string.char(0x00), 16)
+
 local function to_unicode(str)
 	local unicode = ""
 
@@ -302,9 +304,8 @@ function ntlmv2_create_response(ntlm, username, domain, challenge, client_challe
 	end
 
 	local client_challenge = openssl.rand_bytes(client_challenge_length)
-	local ntlmv2_hash
 
-	status, ntlmv2_hash = ntlmv2_create_hash(ntlm, username, domain)
+	local status, ntlmv2_hash = ntlmv2_create_hash(ntlm, username, domain)
 
 	return true, openssl.hmac("MD5", ntlmv2_hash, challenge .. client_challenge) .. client_challenge
 end
@@ -404,9 +405,11 @@ end
 --                 and the mac_key, which is used for message signing. 
 local function get_password_response(ip, username, domain, password, password_hash, challenge, hash_type, is_extended)
 
+    local status
 	local lm_hash   = nil
 	local ntlm_hash = nil
 	local mac_key   = nil
+    local lm_response, ntlm_response
 
 	-- Check if there's a password or hash set. This is a little tricky, because in all places (except the one passed
 	-- as a parameter), it's based on whether or not the username was stored. This lets us use blank passwords by not
@@ -570,7 +573,7 @@ function get_accounts(ip, overrides, use_defaults)
 
 	-- Do the "anonymous" account
 	if(use_defaults) then
-		result = {}
+		local result = {}
 		result['username'] = ""
 		result['domain']   = ""
 		results[#results + 1] = result
@@ -598,10 +601,6 @@ function get_security_blob(security_blob, ip, username, domain, hash_type, overr
 	local new_blob
 	local flags = 0x00008211 -- (NEGOTIATE_SIGN_ALWAYS | NEGOTIATE_NTLM | NEGOTIATE_SIGN | NEGOTIATE_UNICODE)
 
-	if(session_key == nil) then
-		session_key = string.rep(string.char(0x00), 16)
-	end
-
 	if(security_blob == nil) then
 		-- If security_blob is nil, this is the initial packet
 		new_blob = bin.pack("<zIILL", 
diff --git a/nselib/snmp.lua b/nselib/snmp.lua
index 672232781..31001e626 100644
--- a/nselib/snmp.lua
+++ b/nselib/snmp.lua
@@ -176,6 +176,7 @@ local function decodeSeq(encStr, len, pos)
    local sStr
    pos, sStr = bin.unpack("A" .. len, encStr, pos)
    while (sPos < len) do
+      local newSeq
       sPos, newSeq = decode(sStr, sPos)
       table.insert(seq, newSeq)
       i = i + 1
@@ -206,6 +207,7 @@ function decode(encStr, pos)
    elseif (etype == "06") then -- OID
       local oid = {}
       oid._snmp = '06'
+      local octet
       pos, octet = bin.unpack("C", encStr, pos)
       oid[2] = math.mod(octet, 40)
       octet = octet - oid[2]
diff --git a/nselib/ssh1.lua b/nselib/ssh1.lua
index d44fb44ff..439a227c5 100644
--- a/nselib/ssh1.lua
+++ b/nselib/ssh1.lua
@@ -26,7 +26,7 @@ require "openssl"
 check_packet_length = function( buffer )
   local payload_length, packet_length, offset
   offset, payload_length = bin.unpack( ">I", buffer )
-  padding = 8 - payload_length % 8
+  local padding = 8 - payload_length % 8
   assert(payload_length)
   packet_length = buffer:len()
   if payload_length + 4 + padding > packet_length then return nil end
@@ -42,7 +42,7 @@ end
 --  @return status True or false
 --  @return packet The packet received
 receive_ssh_packet = function( socket )
-  status, packet = socket:receive_buf(check_packet_length)
+  local status, packet = socket:receive_buf(check_packet_length)
   return status, packet
 end
 
@@ -55,7 +55,7 @@ end
 -- <code>fingerprint</code>.
 fetch_host_key = function(host, port)
   local socket = nmap.new_socket()
-  local status
+  local status, _
 
   status = socket:connect(host.ip, port.number)
   if not status then return end
@@ -169,7 +169,7 @@ fingerprint_visual = function( fingerprint, algorithm, bits )
   end
 
   -- we start in the center and mark it
-  x, y = math.ceil(fieldsize_x/2), math.ceil(fieldsize_y/2)
+  local x, y = math.ceil(fieldsize_x/2), math.ceil(fieldsize_y/2)
   field[x][y] = #characters - 1;
 
   -- iterate over fingerprint 
diff --git a/nselib/ssh2.lua b/nselib/ssh2.lua
index 3dc6b138f..d8dc1aa55 100644
--- a/nselib/ssh2.lua
+++ b/nselib/ssh2.lua
@@ -43,7 +43,7 @@ end
 --  @return status True or false
 --  @return packet The packet received
 transport.receive_packet = function( socket )
-  status, packet = socket:receive_buf(check_packet_length)
+  local status, packet = socket:receive_buf(check_packet_length)
   return status, packet
 end
 
@@ -95,12 +95,12 @@ end
 --- Build a <code>kex_init</code> packet.
 transport.kex_init = function( cookie, options )
   options = options or {}
-  kex_algorithms = "diffie-hellman-group1-sha1"
-  host_key_algorithms = options['host_key_algorithms'] or "ssh-dss,ssh-rsa"
-  encryption_algorithms = "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr"
-  mac_algorithms = "hmac-md5,hmac-sha1,hmac-ripemd160"
-  compression_algorithms = "none"
-  languages = ""
+  local kex_algorithms = "diffie-hellman-group1-sha1"
+  local host_key_algorithms = options['host_key_algorithms'] or "ssh-dss,ssh-rsa"
+  local encryption_algorithms = "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr"
+  local mac_algorithms = "hmac-md5,hmac-sha1,hmac-ripemd160"
+  local compression_algorithms = "none"
+  local languages = ""
 
   local payload = bin.pack( ">cAaa", SSH2.SSH_MSG_KEXINIT, cookie, kex_algorithms, host_key_algorithms )
   payload = payload .. bin.pack( ">aa", encryption_algorithms, encryption_algorithms )
diff --git a/nselib/tab.lua b/nselib/tab.lua
index d65f826c1..d095dcbbd 100644
--- a/nselib/tab.lua
+++ b/nselib/tab.lua
@@ -113,7 +113,7 @@ function dump(t)
 	for i=1,t['rows'] do
 		for x=1, t['cols'] do
 			if t[i][x] ~= nil then
-				length = string.len(t[i][x])
+				local length = string.len(t[i][x])
 				table = table .. t[i][x]
 				table = table .. string.rep(' ', col_len[x]-length)
 			end
diff --git a/nselib/url.lua b/nselib/url.lua
index 4ac060c81..2dba368b3 100644
--- a/nselib/url.lua
+++ b/nselib/url.lua
@@ -213,6 +213,7 @@ end
 -- @return The corresponding absolute URL.
 -----------------------------------------------------------------------------
 function absolute(base_url, relative_url)
+    local base_parsed;
     if type(base_url) == "table" then
         base_parsed = base_url
         base_url = build(base_parsed)
@@ -313,7 +314,7 @@ function parse_query(query)
 	query = string.gsub(query, "&lt;", "<")
 	query = string.gsub(query, "&gt;", ">")
 
-	function ginsert(qstr)
+	local function ginsert(qstr)
 		local first, last = string.find(qstr, "=")
 		if first then
 			parsed[string.sub(qstr, 0, first-1)] = string.sub(qstr, first+1)