Merge documetation for unpwdb, url, bit, tab, base64, and bin.

2025-12-08 13:41:29 +00:00 · 2008-10-16 03:18:03 +00:00
parent 6dde8008d7
commit 99c30b1d1b
7 changed files with 215 additions and 555 deletions
--- a/docs/scripting.xml
+++ b/docs/scripting.xml
@@ -777,209 +777,6 @@ action refer to <xref linkend="nse-tutorial-action"/>.
      The default modules are described in the following sections.
 	  </para>
      <sect2 id="nse-bitops">
        <title>Bitwise Logical Operations</title>
        <indexterm><primary><varname>bit</varname> NSE module</primary></indexterm>
        <para>
 	  Lua does not provide
 	  bitwise logical operations.<indexterm><primary>bitwise operations in NSE</primary></indexterm>
          Since they
 	  are often useful for low-level network communication,
 	  Reuben Thomas'<indexterm><primary>Thomas, Reuben</primary></indexterm>
         <ulink url="http://luaforge.net/projects/bitlib">bitwise operation library</ulink>
      for Lua has been
 	  integrated into NSE. The arguments to the bitwise operation
 	  functions should be integers.  The number of bits available
 	  for logical operations depends on the data type used to
 	  represent Lua numbers&mdash;this is typically 8-byte IEEE
 	  floats (double), which give 53 bits (the size of the mantissa).
 	  This implies that the bitwise operations won't work (as expected) 
 	  for numbers larger than 10<superscript>14</superscript>. You
 	  can use them with 32-bit wide numbers without any problems. Operations
 	  involving 64-bit wide numbers, however, may not return the expected
 	  result.
 	  The logical operations start with <quote>b</quote> (for <literal>bit</literal>) to avoid
 	  clashing with reserved words; although <literal>xor</literal> isn't a
 	  reserved word, it seemed better to use <literal>bxor</literal> for
 	  consistency. In NSE the bitwise functions are in the <literal>bit</literal>
 	  namespace.
 	  <variablelist>
 	    <varlistentry>
 	      <term><option>bit.bnot(a)</option>
              </term>
 	      <listitem>
 		<para>
 		  Returns the one's complement of <literal>a</literal>.
 		</para>
 	    </listitem>
 	    </varlistentry>
 	    <varlistentry>
 	      <term><option>bit.band(w1,...)</option>
 		</term>
 	      <listitem>
 		<para>
 		  Returns the bitwise <literal>and</literal> of the
 		  <literal>w</literal> variables.
 		</para>
 	      </listitem>
 	    </varlistentry>
 	    <varlistentry>
 	      <term><option>bit.bor(w1,...)</option>
 		</term>
 	      <listitem>
 		<para>
 		  Returns the bitwise <literal>or</literal> of the <literal>w</literal> variables.
 		</para>
 	      </listitem>
 	    </varlistentry>
 	    <varlistentry>
 	      <term><option>bit.bxor(w1,...)</option>
 		</term>
 	      <listitem>
 		<para>
 		  Returns the bitwise <literal>xor</literal> of the <literal>w</literal> variables.
 		</para>
 	      </listitem>
 	    </varlistentry>
 	    <varlistentry>
 	      <term><option>bit.lshift(a,b)</option>
 		</term>
 	      <listitem>
 		<para>
 		  Returns <literal>a</literal> shifted left <literal>b</literal> places&mdash;padded with zeros.
 		</para>
 	      </listitem>
 	    </varlistentry>
 	    <varlistentry>
 	      <term><option>bit.rshift(a,b)</option>
 		</term>
 	      <listitem>
 		<para>
 		  Returns <literal>a</literal> shifted logically right <literal>b</literal> places.
 		</para>
 	      </listitem>
 	    </varlistentry>
 	    <varlistentry>
 	      <term><option>bit.arshift(a,b)</option>
 		</term>
 	      <listitem>
 		<para>
 		  Returns <literal>a</literal> shifted arithmetically right <literal>b</literal> places.
 		</para>
 	      </listitem>
 	    </varlistentry>
 	    <varlistentry>
 	      <term><option>bit.mod(a,b)</option>
 		</term>
 	      <listitem>
 		<para>
 		  Returns the integer remainder of <literal>a</literal> divided by <literal>b</literal>.
 		</para>
 	      </listitem>
 	    </varlistentry>
 	  </variablelist>
 	</para>
      </sect2>
      <sect2 id="nse-binlib">
        <title>Binary Data Handling</title>
        <indexterm><primary><varname>bin</varname> NSE module</primary></indexterm>
        <para>
 	  A problem script authors often face is the necessity of encoding values
 	  into binary data. For example after analyzing a protocol the starting 
 	  point to write a script could be a hex dump, which serves as a preamble
 	  to every sent packet. Although it is possible work with the 
 	  functionality Lua provides, it's not very convenient. Therefore the 
 	  Binlib has been added to NSE, based on 
 	  <ulink url="http://www.tecgraf.puc-rio.br/~lhf/ftp/lua/">lpack</ulink> 
 	  by Luiz Henrique de Figueiredo.<indexterm><primary>Henrique de Figueiredo, Luiz</primary></indexterm>
 	  The Binlib functions take a format string to encode and decode binary
 	  data. The operators of the format string are shown in <xref linkend="scripting-tbl-binlib" xrefstyle="select: label nopage"/>.</para>
 	  <table id="scripting-tbl-binlib">
 	   <title>Binlib format string operators</title>
 	     <tgroup cols="2">
 		<colspec colwidth="2*" />
 		<colspec colwidth="5*" />
 	    <thead><row>
 		<entry>Operator</entry>
    		<entry>Description</entry>
   	    </row></thead>
   	    <tbody>
 		<row><entry><literal>H</literal></entry><entry>hex string</entry></row>
 		<row><entry><literal>B</literal></entry><entry>bit string</entry></row>
 		<row><entry><literal>x</literal></entry><entry>null byte</entry></row>
 		<row><entry><literal>z</literal></entry><entry>zero-terminated string</entry></row>
 		<row><entry><literal>p</literal></entry><entry>string preceded by 1-byte integer length</entry></row>
 		<row><entry><literal>P</literal></entry><entry>string preceded by 2-byte integer length</entry></row>
 		<row><entry><literal>a</literal></entry><entry>string preceded by 4-byte integer length</entry></row>
 		<row><entry><literal>A</literal></entry><entry>string</entry></row>
 		<row><entry><literal>f</literal></entry><entry>float</entry></row>
 		<row><entry><literal>d</literal></entry><entry>double</entry></row>
 		<row><entry><literal>n</literal></entry><entry>Lua number</entry></row>
 		<row><entry><literal>c</literal></entry><entry>char (1-byte integer)</entry></row>
 		<row><entry><literal>C</literal></entry><entry>byte = unsigned char (1-byte unsigned integer)</entry></row>
 		<row><entry><literal>s</literal></entry><entry>short (2-byte integer)</entry></row>
 		<row><entry><literal>S</literal></entry><entry>unsigned short (2-byte unsigned integer)</entry></row>
 		<row><entry><literal>i</literal></entry><entry>int (4-byte integer)</entry></row>
 		<row><entry><literal>I</literal></entry><entry>unsigned int (4-byte unsigned integer)</entry></row>
 		<row><entry><literal>l</literal></entry><entry>long (8-byte integer)</entry></row>
 		<row><entry><literal>L</literal></entry><entry>unsigned long (8-byte unsigned integer)</entry></row>
 		<row><entry><literal>&lt;</literal></entry><entry>little endian modifier</entry></row>
 		<row><entry><literal>&gt;</literal></entry><entry>big endian modifier</entry></row>
 		<row><entry><literal>=</literal></entry><entry>native endian modifier</entry></row>
 	   </tbody></tgroup></table>
 	   <para>Note that the endian operators work as modifiers to all the characters following them in the format string.</para>
 	  <variablelist>
 	    <varlistentry>
 	      <term><option>bin.pack(fmt, p1, ...)</option>
              </term>
 	      <listitem>
 		<para>
 		  Returns a binary packed string. The format string describes how 
 		  the parameters (p1, ...) will be interpreted. Numerical values following 
 		  operators stand for operator repetitions and need an according amount of 
 		  parameters. Operators expect appropriate parameter types.
 		</para>
 	    </listitem>
 	    </varlistentry>
 	    <varlistentry>
 	      <term><option>bin.unpack(fmt, data, [init])</option>
 		</term>
 	      <listitem>
 		<para>
 		  Returns values read from the binary data string.
 		  First result is the position, at which unpack stopped. This can 
 		  be used as init value for subsequent calls. The following results 
 		  are the values according to the format string. Numerical values in 
 		  the format string are interpreted as repetitions like in pack, 
 		  except if used with A, B or H, in which cases the number tells unpack
 		  how many bytes to read.
 		  Unpack stops if either the format string or the binary data string
 		  are exhausted.
 		</para>
 	      </listitem>
 	    </varlistentry>
 	  </variablelist>
      </sect2>
      <sect2 id="nse-pcre">
        <indexterm class="startofrange" id="nse-pcre-indexterm"><primary><varname>pcre</varname> NSE module</primary></indexterm>
        <indexterm><primary>Perl Compatible Regular Expressions (PCRE)</primary><secondary>in NSE</secondary></indexterm>
@@ -1428,190 +1225,6 @@ if(s) code_to_be_done_on_match end
        <indexterm class="endofrange" startref="nse-openssl-indexterm"/>
    </sect2>
 	<sect2 id="nse-lib-strbuf">
 	<title>String Buffer Operations</title>
        <indexterm><primary><varname>strbuf</varname> NSE module</primary></indexterm>
 	<para>
 	Lua's string operations are very flexible and offer an easy-to-use way
 	to manipulate strings.  Concatenation using the <literal>..</literal>
 	operator is such an operation. The drawback of the built-in API however is the way it handles 
 	concatenation of many string values. Since strings in Lua are 
 	immutable values, each time you concatenate two strings both get copied
 	into the result string. The <literal>strbuf</literal> module offers a
 	workaround for this problem, while maintaining the nice syntax. This
 	is accomplished by overloading the concatenation operator (<literal>..</literal>) the equality operator (<literal>==</literal>) and the 
 	tostring operator.  By overloading
        these operators, we reduce the overhead of using a string buffer instead
        of a plain string to wrap the first literal string assigned to a
        variable inside a <literal>strbuf.new()</literal> call.  Afterwards you can append to the string buffer, or compare
 	two string buffers for equality just as you would do with normal strings.
 	When looking at the details there are some more restrictions/oddities:
        The concatenation operator requires its left-hand value to be a
        string buffer. Therefore, if you want to prepend a string to a given
        string buffer you have to create a new string buffer out of the string
        you want to prepend.
 	The string buffer's <literal>tostring</literal> operator concatenates the 
 	strings inside the buffer using newlines by default, since this appears to 
 	be the separator used most often.
 	</para>
 	<variablelist>
 	    <varlistentry>
 	      <term><option>buffer = strbuf.new(...)</option>
 		  </term>
 	      <listitem>
 		  <para>
            Creates a new string buffer. The optional arguments are added
            to the string buffer. Attempting to add non-strings will
            result in undefined behavior.
 		  </para>
 	      </listitem>
 	    </varlistentry>
 	    <varlistentry>
 	      <term><option>buffer = strbuf.concat(strbuf1, value)</option>
 		  </term>
 	      <listitem>
 		  <para>
 		  Concatenates the <literal>value</literal> (which has to be either 
 		  a string or a string buffer) to <literal>strbuf1</literal>. This
 		  is also the function serving as the string buffer's concatenation operator.
 		  The above function call can thus also be expressed as: 
 		  <literal>buffer = strbuf1 .. value</literal>
 		  </para>
 	      </listitem>
 	    </varlistentry>
 	    <varlistentry>
 	      <term><option>bool = strbuf.eqbuf(strbuf1, strbuf2)</option>
 		  </term>
 	      <listitem>
 		  <para>
 		  Compares <literal>strbuf1</literal> and <literal>strbuf2</literal>
 		  for equality. For the function to return <literal>true</literal>, both values must be 
 		  string buffers containing exactly the same strings. The <literal>eqbuf</literal> function is called to compare two strings for equality.
 		  </para>
 	      </listitem>
 	    </varlistentry>
 	    <varlistentry>
 	      <term><option>strbuf.clear(strbuf)</option>
 		  </term>
 	      <listitem>
 		  <para>
 		  Deletes all strings in <literal>strbuf</literal>.
 		  </para>
 	      </listitem>
 	    </varlistentry>
 	    <varlistentry>
 	      <term><option>string = strbuf.dump(strbuf, "delimiter")</option>
 		  </term>
 	      <listitem>
 		  <para>
 		  Dumps <literal>strbuf</literal>'s contents as string. The second 
 		  parameter is used as a delimiter between the strings stored inside
 		  <literal>strbuf</literal>. <literal>dump(strbuf, "\n")</literal> is 
 		  used as the <literal>tostring</literal> function of string buffers.
 		  </para>
 	      </listitem>
 	    </varlistentry>
 	</variablelist>
 	</sect2>
 	<sect2 id="nse-lib-url">
 	<title>URL Manipulation Functions</title>
        <indexterm><primary><varname>url</varname> NSE module</primary></indexterm>
 	<para>URL manipulation functions have obvious uses. Fortunately
        there is already an implementation of URL generation functions
        inside the Lua <varname>socket</varname> package, which is fairly complete and
        <ulink
        url="http://www.cs.princeton.edu/~diego/professional/luasocket/old/luasocket-2.0-alpha/url.html">well
        documented</ulink>. For NSE, the <varname>url</varname> module was
        extended with two functions:</para>
 	<variablelist>
 	    <varlistentry>
 	      <term><option>table = url.parse_query("query-string")</option>
 		  </term>
 	      <listitem>
 		  <para>
 		  This function takes a <replaceable>query-string</replaceable> of the form <literal>name1=value1&amp;name2=value2...</literal> and returns a table 
 		  containing the name-value pairs, with the <literal>name</literal> 
 		  as the key and the <literal>value</literal> as its associated value.
 		  The table corresponding to the above <replaceable>query-string</replaceable> would have two 
 		  entries: <literal>table["name1"]="value1"</literal> and 
 		  <literal>table["name2"]="value2"</literal>.</para>
 	      </listitem>
 	    </varlistentry>
 	    <varlistentry>
 	      <term><option>query_string = url.build_query(table)</option>
 		  </term>
 	      <listitem>
 		  <para>
 		  This is the inverse function to <literal>parse_query()</literal>.
 		  </para>
 	      </listitem>
 	    </varlistentry>
 	</variablelist>
 	</sect2>
 	<sect2 id="nse-lib-unpwdb">
 	<title>Username/Password Database Functions</title>
        <indexterm><primary><varname>unpwdb</varname> NSE module</primary></indexterm>
 	<para>
 	The <literal>unpwdb</literal> module provides functions for easily obtaining
 	usernames and/or passwords from a "database" (list).  The most obvious use
 	for this library is brute-force attack.  The first two functions' return values
 	are setup for use with exception handling via <literal>nmap.new_try()</literal>.
        <indexterm><primary>exceptions in NSE</primary></indexterm>
 	</para>
 	<variablelist>
 	    <varlistentry>
 	      <term><option>bool, response = unpwdb.usernames()</option></term>
 	      <listitem>
 		  <para>
 			This function returns a closure which returns a new username
 			with every call, or <literal>nil</literal> when the list is
 			exhausted.  This closure takes an optional argument of
 			<literal>"reset"</literal> to rewind the list to the beginning.
 			You can specify your own username list with the script argument
 			<literal>userdb</literal>.
 		  </para>
 	      </listitem>
 	    </varlistentry>
 	    <varlistentry>
 	      <term><option>bool, response = unpwdb.passwords()</option></term>
 	      <listitem>
 		  <para>
 			This function returns a closure which returns a new password
 			with every call, or <literal>nil</literal> when the list is
 			exhausted.  This closure takes an optional argument of
 			<literal>"reset"</literal> to rewind the list to the beginning.
 			You can specify your own password list with the script argument
 			<literal>passdb</literal>.
 		  </para>
 	      </listitem>
 	    </varlistentry>
 	    <varlistentry>
 	      <term><option>limit = unpwdb.timelimit()</option></term>
 	      <listitem>
 		  <para>
 			This function returns the suggested number of seconds to
 			attempt a brute force attack, based on Nmap's timing values
 			(<option>-T4</option>, etc) and whether or not a user-defined
 			list is used.  You can use the script argument
 			<literal>notimelimit</literal> to make this function return
 			<literal>nil</literal>, which means the brute-force should
 			run until the list is empty.  If <literal>notimelimit</literal>
 			is not used, be sure to still check for <literal>nil</literal>
 			return values on the above two functions in case you finish
 			before the time limit is up.
 		  </para>
 	      </listitem>
 	    </varlistentry>
 	</variablelist>
 	</sect2>
    <indexterm class="endofrange" startref="nse-library-indexterm"/>
  </sect1>
--- a/nselib/base64.lua
+++ b/nselib/base64.lua
@@ -95,9 +95,9 @@ local bunpack = bin.unpack
 local concat = table.concat
 ---
-- Encode six bits to a base64 encoded character
+-- Encode six bits to a base64 encoded character.
--@param bits String of six bits to be encoded
+--@param bits String of six bits to be encoded.
--@return Encoded character
+--@return Encoded character.
 local function b64enc6bit(bits)
 	-- local byte
 	-- local _, byte = bunpack("C", bpack("B", "00" .. bits))
@@ -110,9 +110,9 @@ end
 ---
-- Decodes a base64 encoded character into binary digits
+-- Decodes a base64 encoded character into binary digits.
--@param b64byte Single base64 encoded character
+--@param b64byte Single base64 encoded character.
--@return String of six decoded bits
+--@return String of six decoded bits.
 local function b64dec6bit(b64byte)
 	local bits = b64dctable[b64byte]
 	if bits then return bits end
@@ -121,9 +121,9 @@ end
 ---
-- Encodes a string to base64
+-- Encodes a string to base64.
--@param bdata Data to be encoded
+--@param bdata Data to be encoded.
--@return Base64 encoded string
+--@return Base64 encoded string.
 function enc(bdata)
 	local pos = 1
 	local byte
@@ -152,9 +152,9 @@ end
 ---
-- Decodes base64 encoded data
+-- Decodes base64 encoded data.
--@param b64data Base64 encoded data
+--@param b64data Base64 encoded data.
--@return Decoded data
+--@return Decoded data.
 function dec(b64data)
 	local bdataBuf = {}
 	local pos = 1
--- a/nselib/bin.luadoc
+++ b/nselib/bin.luadoc
@@ -1,49 +1,74 @@
--- The Binary Data Library allows to pack and unpack to and from
+--- Pack and unpack binary data.
-- binary data. Encoding and decoding works by using a format 
+-- \n\n
-- string containing certain operator characters:
+-- A problem script authors often face is the necessity of encoding values
-- <table><tr><th>Operator</th><th>Description</th></tr>
+-- into binary data. For example after analyzing a protocol the starting 
-- <tr><td>H</td><td>hex string</td></tr>
+-- point to write a script could be a hex dump, which serves as a preamble
-- <tr><td>B</td><td>bit string</td></tr>
+-- to every sent packet. Although it is possible work with the 
-- <tr><td>x</td><td>null byte</td></tr>
+-- functionality Lua provides, it's not very convenient. Therefore NSE includes
-- <tr><td>z</td><td>zero-terminated string</td></tr>
+-- Binlib, based on lpack (http://www.tecgraf.puc-rio.br/~lhf/ftp/lua/)
-- <tr><td>p</td><td>string preceded by 1-byte integer length</td></tr>
+-- by Luiz Henrique de Figueiredo.
-- <tr><td>P</td><td>string preceded by 2-byte integer length</td></tr>
+-- \n\n
-- <tr><td>a</td><td>string preceded by 4-byte integer length</td></tr>
+-- The Binlib functions take a format string to encode and decode binary
-- <tr><td>A</td><td>string</td></tr>
+-- data. Packing and unpacking are controlled by the following operator
-- <tr><td>f</td><td>float</td></tr>
+-- characters:\n
-- <tr><td>d</td><td>double</td></tr>
+-- H: hex string\n
-- <tr><td>n</td><td>Lua number</td></tr>
+-- B: bit string\n
-- <tr><td>c</td><td>char (1-byte integer)</td></tr>
+-- x: null byte\n
-- <tr><td>C</td><td>byte = unsigned char (1-byte unsigned integer)</td></tr>
+-- z: zero-terminated string\n
-- <tr><td>s</td><td>short (2-byte integer)</td></tr>
+-- p: string preceded by 1-byte integer length\n
-- <tr><td>S</td><td>unsigned short (2-byte unsigned integer)</td></tr>
+-- P: string preceded by 2-byte integer length\n
-- <tr><td>i</td><td>int (4-byte integer)</td></tr>
+-- a: string preceded by 4-byte integer length\n
-- <tr><td>I</td><td>unsigned int (4-byte unsigned integer)</td></tr>
+-- A: string\n
-- <tr><td>l</td><td>long (8-byte integer)</td></tr>
+-- f: float\n
-- <tr><td>L</td><td>unsigned long (8-byte unsigned integer)</td></tr>
+-- d: double\n
-- <tr><td>&lt;</td><td>little endian modifier</td></tr>
+-- n: Lua number\n
-- <tr><td>&gt;</td><td>big endian modifier</td></tr>
+-- c: char (1-byte integer)\n
-- <tr><td>=</td><td>native endian modifier</td></tr>
+-- C: byte = unsigned char (1-byte unsigned integer)\n
-- </table>
+-- s: short (2-byte integer)\n
 -- S: unsigned short (2-byte unsigned integer)\n
 -- i: int (4-byte integer)\n
 -- I: unsigned int (4-byte unsigned integer)\n
 -- l: long (8-byte integer)\n
 -- L: unsigned long (8-byte unsigned integer)\n
 -- <: little endian modifier\n
 -- >: big endian modifier\n
 -- =: native endian modifier
 -- \n\n
 -- Note that the endian operators work as modifiers to all the 
 -- characters following them in the format string.
 module "bin"
--- Packs values according to format string.
+--- Returns a binary packed string.
-- Note: on Windows packing of 64 bit values &gt; 2^63 currently
+-- \n\n
 -- The format string describes how the parameters (p1, ...) will be interpreted.
 -- Numerical values following operators stand for operator repetitions and need
 -- an according amount of parameters. Operators expect appropriate parameter
 -- types.
 -- \n\n
 -- Note: on Windows packing of 64 bit values > 2^63 currently
 -- results in packing exactly 2^63.
--@param format Format string, used to pack following arguments
+--@param format Format string, used to pack following arguments.
--@return String containing packed data
+--@param ... The values to pack.
 --@return String containing packed data.
 function bin.pack(format, ...)
--- Unpacks values according to format string.
+--- Returns values read from the binary packed data string.
--@param format Format string, used to unpack values out of data string
+-- \n\n
--@param data String containing packed data
+-- The first return value of this function is the position at which unpacking
--@param init Optional starting position within the string
+-- stopped. This can be used as init value for subsequent calls. The following
--@return First returned value is the position in the data string where unpacking stopped, following returned values are the unpacked values.
+-- results are the values according to the format string. Numerical values in
 -- the format string are interpreted as repetitions like in pack, except if used
 -- with A, B or H, in which cases the number tells unpack how many bytes to
 -- read. Unpack stops if either the format string or the binary data string are
 -- exhausted. 
 --@param format Format string, used to unpack values out of data string.
 --@param data String containing packed data.
 --@param init Optional starting position within the string.
 --@return Position in the data string where unpacking stopped.
 --@return All unpacked values.
 function bin.unpack(format, data, init)
--- a/nselib/bit.luadoc
+++ b/nselib/bit.luadoc
@@ -1,10 +1,28 @@
-module "bit"
+--- Bitwise operations on integers.
-
+-- \n\n
--- BitLib is a library by Reuben Thomas that provides facilities for
+-- Lua does not provide bitwise logical operations. Since they are often useful
-- bitwise operations on Integer values.
+-- for low-level network communication, Reuben Thomas' BitLib
 -- (http://luaforge.net/projects/bitlib) for Lua has been integrated into NSE.
 -- The arguments to the bitwise operation functions should be integers.  The
 -- number of bits available for logical operations depends on the data type used
 -- to represent Lua numbers--this is typically 8-byte IEEE floats (double),
 -- which give 53 bits (the size of the mantissa).
 -- \n\n
 -- This implies that the bitwise operations won't work (as expected) for numbers
 -- larger than 10^14. You can use them with 32-bit wide numbers without any
 -- problems. Operations involving 64-bit wide numbers, however, may not return
 -- the expected result.
 -- \n\n
 -- The logical operations start with "b" to avoid
 -- clashing with reserved words; although xor isn't a
 -- reserved word, it seemed better to use bxor for
 -- consistency.
 --
 -- @author Reuben Thomas
 -- @copyright BSD License
 module "bit"
 --- Cast a to an internally-used integer type.
 -- @param a Number.
 function bit.cast(a)
@@ -43,3 +61,8 @@ function bit.rshift(a, b)
 -- @param a Number to perform the shift on.
 -- @param b Number of shifts.
 function bit.arshift(a, b)
 --- Returns the integer remainder of a divided by b.
 -- @param a Dividend.
 -- @param b Divisor.
 function bit.mod(a, b)
--- a/nselib/tab.lua
+++ b/nselib/tab.lua
@@ -1,13 +1,25 @@
--- Provide NSE scripts with a way to output structured tables similar to
+--- Arrange output into tables.
-- NmapOutputTable.cc.
+-- \n\n
 -- This module provides NSE scripts with a way to output structured tables
 -- similar to NmapOutputTable.cc.
 -- \n\n
 -- Example usage:\n
 -- local t = tab.new(2)\n
 -- tab.add(t, 1, 'A1')\n
 -- tab.add(t, 2, 'A2')\n
 -- tab.nextrow(t)\n
 -- tab.add(t, 1, 'BBBBBBBBB1')\n
 -- tab.add(t, 2, 'BBB2')\n
 -- tab.dump(t)
 --@copyright See nmaps COPYING for license
 module(... or "tab",package.seeall)
 require('strbuf')
--- Create and return a new table with a number of columns equal to col and
+--- Create and return a new table with a number of columns equal to cols and
 -- the row counter set to 1.
 -- @param cols the number of columns the table will hold.
 function new(cols)
 	assert(cols > 0)
 	local table ={}
@@ -18,9 +30,14 @@ function new(cols)
 	return table
 end
--- Add a new string item (v) in a previously initialised table (t)
+--- Add a new string item to a table at a given column position.
-- at column position 'c'. The data will be added to the current
+-- \n\n
-- row, if nextrow() hasn't been called yet that will be row 1.
+-- The item will be added to the current row. If nextrow hasn't been called yet
 -- that will be row 1.
 --
 -- @param t the table.
 -- @param v the string to add.
 -- @param c the column position at which to add the item.
 function add(t, c, v)
 	assert(t)
 	assert(v)
@@ -42,9 +59,12 @@ function add(t, c, v)
 end
 --- Add a complete row to the table and move on to the next row.
-- Calls add() for each argument starting with the second argument
+-- \n\n
-- and after that calls nextrow().
+-- Calls add for each argument starting with the second argument
-function addrow(t,...)
+-- and after that calls nextrow.
 -- @param t the table.
 -- @param ... the elements to add to the row.
 function addrow(t, ...)
 	for i=1, arg['n'] do
 		add( t, i, tostring(arg[i]) )
 	end
@@ -54,16 +74,18 @@ end
 --- Move on to the next row in the table. If this is not called
 -- then previous column values will be over-written by subsequent
 -- values.
 -- @param t the table.
 function nextrow(t)
 	assert(t)
 	assert(t['rows'])
 	t['rows'] = t['rows'] + 1
 end
--- Once items have been added to a table, call this to return a
+--- Return a formatted string representation of the table.
-- string which contains an equally spaced table. Number of spaces 
+-- \n\n
-- is based on the largest element of a column with an additional
+-- The number of spaces in a column is based on the largest element in the
-- two spaces for padding.
+-- column with an additional two spaces for padding.
 -- @param t the table.
 function dump(t)
 	assert(t)
 	assert(t['rows'])
@@ -99,15 +121,3 @@ function dump(t)
 	return strbuf.dump(table)
 end
 --[[ Example Usage
 local t = tab.new(2)
 tab.add(t, 1, 'A1')
 tab.add(t, 2, 'A2')
 tab.nextrow(t)
 tab.add(t, 1, 'BBBBBBBBB1')
 tab.add(t, 2, 'BBB2')
 tab.dump(t)
 --]]
--- a/nselib/unpwdb.lua
+++ b/nselib/unpwdb.lua
@@ -1,12 +1,13 @@
--- Username/Password Database Library.
+--- Username/password database library.
 -- \n\n
 -- The usernames and passwords functions return multiple values for use
 -- with exception handling via nmap.new_try().
 -- The first value is the boolean success indicator, the second value is
 -- the closure.
--
+-- \n\n
 -- The closures can take a parameter of "reset" to rewind the list to the
 -- beginning.
--
+-- \n\n
 -- You can select your own username and/or password database to read from with
 -- the script arguments userdb and passdb, respectively.  Comments are allowed
 -- in these files, prefixed with "#!comment:".  Comments cannot be on the same
@@ -89,11 +90,12 @@ end
 --- Returns the suggested number of seconds to attempt a brute
 -- force attack, based on Nmap's timing values (-T4, etc) and whether or not a
-- user-defined list is used.  You can use the script argument "notimelimit" to
+-- user-defined list is used.
-- make this function return nil, which means the brute-force should run until
+-- \n\n
-- the list is empty. If "notimelimit" is not used, be sure to still check for
+-- You can use the script argument "notimelimit" to make this function return
-- nil return values on the above two functions in case you finish before the
+-- nil, which means the brute-force should run until the list is empty. If
-- time limit is up.
+-- "notimelimit" is not used, be sure to still check for nil return values on
 -- the above two functions in case you finish before the time limit is up.
 timelimit = function()
   -- If we're reading from a user-defined username or password list,
   -- we'll give them a timeout 1.5x the default.  If the "notimelimit"
@@ -116,8 +118,8 @@ end
 --- Returns a function closure which returns a new username with every call
 -- until the username list is exhausted (in which case it returns nil).
-- @return boolean Status
+-- @return boolean Status.
-- @return function The usernames iterator
+-- @return function The usernames iterator.
 usernames = function()
 	local path = userfile()
@@ -134,8 +136,8 @@ end
 --- Returns a function closure which returns a new password with every call
 -- until the password list is exhausted (in which case it returns nil).
-- @return boolean Status
+-- @return boolean Status.
-- @return function The passwords iterator
+-- @return function The passwords iterator.
 passwords = function()
 	local path = passfile()
--- a/nselib/url.lua
+++ b/nselib/url.lua
@@ -1,14 +1,14 @@
--- URI parsing, composition and relative URL resolution.
+--- URI parsing, composition, and relative URL resolution.
 -- @author Diego Nehab
 -- @author Eddie Bell <ejlbell@gmail.com>
 --[[
 URI parsing, composition and relative URL resolution
 LuaSocket toolkit.
 Author: Diego Nehab
 RCS ID: $Id: url.lua,v 1.37 2005/11/22 08:33:29 diego Exp $
 parse_query() and build_query() added For nmap (Eddie Bell <ejlbell@gmail.com>) 
 --]]
 -----------------------------------------------------------------------------
@@ -23,14 +23,11 @@ _VERSION = "URL 1.0"
 		--[[ Internal functions --]]
-----------------------------------------------------------------------------
+---
 -- Protects a path segment, to prevent it from interfering with the
 -- url parsing.
-- Input
+-- @param s binary string to be encoded.
--   s: binary string to be encoded
+-- @return escaped representation of string binary.
 -- Returns
 --   escaped representation of string binary
 -----------------------------------------------------------------------------
 local function make_set(t)
 	local s = {}
 	for i,v in base.ipairs(t) do
@@ -53,13 +50,11 @@ local function protect_segment(s)
 	end)
 end
-----------------------------------------------------------------------------
+---
 -- Builds a path from a base path and a relative path
-- Input
+-- @param base_path a base path.
--   base_path
+-- @param relative_path a relative path.
--   relative_path
+-- @return corresponding absolute path.
 -- Returns
 --   corresponding absolute path
 -----------------------------------------------------------------------------
 local function absolute_path(base_path, relative_path)
    if string.sub(relative_path, 1, 1) == "/" then return relative_path end
@@ -85,12 +80,10 @@ end
 		--[[ External functions --]]
-----------------------------------------------------------------------------
+---
-- Encodes a string into its escaped hexadecimal representation
+-- Encodes a string into its escaped hexadecimal representation.
-- Input
+-- @param s binary string to be encoded.
--   s: binary string to be encoded
+-- @return escaped representation of string binary.
 -- Returns
 --   escaped representation of string binary
 -----------------------------------------------------------------------------
 function escape(s)
    return string.gsub(s, "([^A-Za-z0-9_])", function(c)
@@ -99,12 +92,10 @@ function escape(s)
 end
-----------------------------------------------------------------------------
+---
-- Encodes a string into its escaped hexadecimal representation
+-- Encodes a string into its escaped hexadecimal representation.
-- Input
+-- @param s binary string to be encoded.
--   s: binary string to be encoded
+-- @return escaped representation of string binary.
 -- Returns
 --   escaped representation of string binary
 -----------------------------------------------------------------------------
 function unescape(s)
    return string.gsub(s, "%%(%x%x)", function(hex)
@@ -113,23 +104,22 @@ function unescape(s)
 end
-----------------------------------------------------------------------------
+---
-- Parses a url and returns a table with all its parts according to RFC 2396
+-- Parses a URL and returns a table with all its parts according to RFC 2396.
-- The following grammar describes the names given to the URL parts
+-- \n\n
-- <url> ::= <scheme>://<authority>/<path>;<params>?<query>#<fragment>
+-- The following grammar describes the names given to the URL parts.\n
-- <authority> ::= <userinfo>@<host>:<port>
+-- <url> ::= <scheme>://<authority>/<path>;<params>?<query>#<fragment>\n
-- <userinfo> ::= <user>[:<password>]
+-- <authority> ::= <userinfo>@<host>:<port>\n
-- <path> :: = {<segment>/}<segment>
+-- <userinfo> ::= <user>[:<password>]\n
-- Input
+-- <path> :: = {<segment>/}<segment>\n
--   url: uniform resource locator of request
+-- \n\n
--   default: table with default values for each field
+-- Obs: the leading '/' in {/<path>} is considered part of <path>.
-- Returns
+-- @param url uniform resource locator of request
--   table with the following fields, where RFC naming conventions have
+-- @param default table with default values for each field
 -- @return a table with the following fields, where RFC naming conventions have
 --   been preserved:
 --     scheme, authority, userinfo, user, password, host, port,
--     path, params, query, fragment
+--     path, params, query, fragment.
 -- Obs:
 --   the leading '/' in {/<path>} is considered part of <path>
 -----------------------------------------------------------------------------
 function parse(url, default)
    -- initialize default parameters
@@ -179,13 +169,12 @@ function parse(url, default)
    return parsed
 end
-----------------------------------------------------------------------------
+---
 -- Rebuilds a parsed URL from its components.
-- Components are protected if any reserved or unallowed characters are found
+-- \n\n
-- Input
+-- Components are protected if any reserved or unallowed characters are found.
--   parsed: parsed URL, as returned by parse
+-- @param parsed parsed URL, as returned by parse.
-- Returns
+-- @return a string with the corresponding URL.
 --   a stringing with the corresponding URL
 -----------------------------------------------------------------------------
 function build(parsed)
    local ppath = parse_path(parsed.path or "")
@@ -212,13 +201,11 @@ function build(parsed)
    return url
 end
-----------------------------------------------------------------------------
+---
-- Builds a absolute URL from a base and a relative URL according to RFC 2396
+-- Builds a absolute URL from a base and a relative URL according to RFC 2396.
-- Input
+-- @param base_url a base URL.
--   base_url
+-- @param relative_url a relative URL.
--   relative_url
+-- @param corresponding absolute URL.
 -- Returns
 --   corresponding absolute url
 -----------------------------------------------------------------------------
 function absolute(base_url, relative_url)
    if type(base_url) == "table" then
@@ -252,12 +239,10 @@ function absolute(base_url, relative_url)
    end
 end
-----------------------------------------------------------------------------
+---
-- Breaks a path into its segments, unescaping the segments
+-- Breaks a path into its segments, unescaping the segments.
-- Input
+-- @param path a path to break.
--   path
+-- @return a table with one entry per segment.
 -- Returns
 --   segment: a table with one entry per segment
 -----------------------------------------------------------------------------
 function parse_path(path)
 	local parsed = {}
@@ -272,13 +257,11 @@ function parse_path(path)
 	return parsed
 end
-----------------------------------------------------------------------------
+---
 -- Builds a path component from its segments, escaping protected characters.
-- Input
+-- @param parsed path segments.
--   parsed: path segments
+-- @param unsafe if true, segments are not protected before path is built.
--   unsafe: if true, segments are not protected before path is built
+-- @return corresponding path string
 -- Returns
 --   path: corresponding path stringing
 -----------------------------------------------------------------------------
 function build_path(parsed, unsafe)
 	local path = ""
@@ -306,12 +289,16 @@ function build_path(parsed, unsafe)
 	return path
 end
-----------------------------------------------------------------------------
+---
-- Breaks a query string into name/value pairs
+-- Breaks a query string into name/value pairs.
-- Input
+-- \n\n
--   query string (name=value&name=value ...)
+-- This function takes a <query-string> of the form name1=value1&name2=value2...
-- Returns
+-- and returns a table containing the name-value pairs, with the name as the key
--   table where name=value is table['name'] = value
+-- and the value as its associated value. The table corresponding to the above
 -- <query-string> would have two entries: table["name1"]="value1" and
 -- table["name2"]="value2".
 -- @param query string (name=value&name=value ...).
 -- @return table where name=value is table['name'] = value.
 -----------------------------------------------------------------------------
 function parse_query(query)
 	local parsed = {}
@@ -341,12 +328,12 @@ function parse_query(query)
 	return parsed
 end
-----------------------------------------------------------------------------
+---
-- Builds a query string from dictionary based table
+-- Builds a query string from dictionary based table.
-- Input
+-- \n\n
--   dictionary table where table['name'] = value
+-- This is the inverse of parse_query.
-- Returns
+-- @param dictionary table where table['name'] = value.
--   query string (name=value&name=value ...)
+-- @return query string (name=value&name=value ...)
 -----------------------------------------------------------------------------
 function build_query(query)
 	local qstr = ""