PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Fixing locals/globals on following scripts

Browse Source 
- telnet-brute.nse required a small refactoring to fix the use of a global variable called soc
This commit is contained in:
joao
2009-07-16 22:54:38 +00:00
parent 4d9094fb21
commit a14ab3c637
4 changed files with 24 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
scripts/http-trace.nse
View File

@@ -29,11 +29,13 @@ require "stdnse"
--@param tab The table to truncate. --@param tab The table to truncate.
--@return Truncated, formatted table. --@return Truncated, formatted table.
local truncate = function(tab) local truncate = function(tab)
return tab[1] .. "\n" .. local str = ""
tab[2] .. "\n" .. str = str .. tab[1] .. "\n"
tab[3] .. "\n" .. str = str .. tab[2] .. "\n"
tab[4] .. "\n" .. str = str .. tab[3] .. "\n"
tab[5] .. "\n"; str = str .. tab[4] .. "\n"
str = str .. tab[5] .. "\n"
return str
end end
--- Validates the HTTP response and checks for modifications. --- Validates the HTTP response and checks for modifications.
@@ -83,17 +85,15 @@ local validate = function(response, original)
return return
end end
portrule = shortport.port_or_service({80, 8080}, "http") portrule = shortport.port_or_service({80, 8080, 443}, {"http", "https"})
action = function(host, port) action = function(host, port)
local cmd = "TRACE / HTTP/1.0\r\n\r\n" local cmd = "TRACE / HTTP/1.0\r\n\r\n"
local status, response = comm.exchange(host, port, cmd, {lines=1,timeout=5000}) local sd, response = comm.tryssl(host, port, cmd, false)
if not sd then
if not status then stdnse.print_debug("Unable to open connection")
return return
end end
return validate(response, cmd) return validate(response, cmd)
end end

4
scripts/irc-info.nse
View File

@@ -27,7 +27,7 @@ require("comm")
portrule = shortport.port_or_service({6666,6667,6697,6679},{"irc","ircs"}) portrule = shortport.port_or_service({6666,6667,6697,6679},{"irc","ircs"})
init = function() local init = function()
-- Start of MOTD, we'll take the server name from here -- Start of MOTD, we'll take the server name from here
nmap.registry.ircserverinfo_375 = nmap.registry.ircserverinfo_375 nmap.registry.ircserverinfo_375 = nmap.registry.ircserverinfo_375
or pcre.new("^:([\\w-_.]+) 375", 0, "C") or pcre.new("^:([\\w-_.]+) 375", 0, "C")
@@ -117,7 +117,7 @@ action = function(host, port)
init() init()
sd, line = comm.tryssl(host, port, "USER nmap +iw nmap :Nmap Wuz Here\nNICK " .. curr_nick .. "\n") local sd, line = comm.tryssl(host, port, "USER nmap +iw nmap :Nmap Wuz Here\nNICK " .. curr_nick .. "\n")
if not sd then return "Unable to open connection" end if not sd then return "Unable to open connection" end
buf = stdnse.make_buffer(sd, "\r?\n") buf = stdnse.make_buffer(sd, "\r?\n")

6
scripts/robots.txt.nse
View File

@@ -26,11 +26,12 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"} categories = {"default", "discovery", "safe"}
runlevel = 1.0 runlevel = 1.0
portrule = shortport.port_or_service({80, 8080}, {"http"}) portrule = shortport.port_or_service({80, 8080,443}, {"http","https"})
local last_len = 0 local last_len = 0
-- split the output in 50 character length lines -- split the output in 50 character length lines
local function buildOutput(output, w) local function buildOutput(output, w)
local nl
if w:len() == 0 then if w:len() == 0 then
return nil return nil
@@ -68,6 +69,7 @@ local function parse_robots(body, output)
end end
action = function(host, port) action = function(host, port)
local dis_count, noun
local answer = http.get(host, port, "/robots.txt" ) local answer = http.get(host, port, "/robots.txt" )
if answer.status ~= 200 then if answer.status ~= 200 then
@@ -99,7 +101,7 @@ action = function(host, port)
noun = dis_count == 1 and "entry " or "entries " noun = dis_count == 1 and "entry " or "entries "
shown = (detail == 0 or detail == dis_count) local shown = (detail == 0 or detail == dis_count)
and "\n" or '(' .. detail .. ' shown)\n' and "\n" or '(' .. detail .. ' shown)\n'
return "has " .. dis_count .. " disallowed " .. noun .. return "has " .. dis_count .. " disallowed " .. noun ..

14
scripts/telnet-brute.nse
View File

@@ -73,7 +73,7 @@ end
--- ---
-- Go through telnet's option palaver so we can get to the login prompt. -- Go through telnet's option palaver so we can get to the login prompt.
-- We just deny every options the server asks us about. -- We just deny every options the server asks us about.
local negotiate_options = function(result) local negotiate_options = function(result, soc)
local index, x, opttype, opt, retbuf local index, x, opttype, opt, retbuf
index = 0 index = 0
@@ -111,7 +111,7 @@ end
-- server. Through pattern matching, it tries to deem if a user/pass -- server. Through pattern matching, it tries to deem if a user/pass
-- pair is valid. Telnet does not have a way of telling the client -- pair is valid. Telnet does not have a way of telling the client
-- if it was authenticated....so we have to make an educated guess -- if it was authenticated....so we have to make an educated guess
local brute_line = function(line, user, pass, usent) local brute_line = function(line, user, pass, usent, soc)
if (line:find 'incorrect' or line:find 'failed' or line:find 'denied' or if (line:find 'incorrect' or line:find 'failed' or line:find 'denied' or
line:find 'invalid' or line:find 'bad') and usent then line:find 'invalid' or line:find 'bad') and usent then
@@ -148,7 +148,7 @@ return value:
(4, nil) - disconnected and didn't send pair (4, nil) - disconnected and didn't send pair
--]] --]]
local brute_cred = function(user, pass) local brute_cred = function(user, pass, soc)
local status, ret, value, usent, results local status, ret, value, usent, results
usent = false ; ret = 0 usent = false ; ret = 0
@@ -164,13 +164,13 @@ local brute_cred = function(user, pass)
end end
if (string.byte(results, 1) == 255) then if (string.byte(results, 1) == 255) then
negotiate_options(results) negotiate_options(results, soc)
end end
results = string.lower(results) results = string.lower(results)
for line in results:gmatch '[^\r\n]+' do for line in results:gmatch '[^\r\n]+' do
ret, value, usent = brute_line(line, user, pass, usent) ret, value, usent = brute_line(line, user, pass, usent, soc)
if (ret > 0) then if (ret > 0) then
return ret, value return ret, value
end end
@@ -188,7 +188,7 @@ action = function(host, port)
local opts = {timeout=4000} local opts = {timeout=4000}
soc, line, best_opt = comm.tryssl(host, port, "\n",opts) local soc, line, best_opt = comm.tryssl(host, port, "\n",opts)
if not soc then return "Unable to open connection" end if not soc then return "Unable to open connection" end
-- continually try user/pass pairs (reconnecting, if we have to) -- continually try user/pass pairs (reconnecting, if we have to)
@@ -212,7 +212,7 @@ action = function(host, port)
try(soc:connect(host.ip, port.number, best_opt)) try(soc:connect(host.ip, port.number, best_opt))
end end
status, pair = brute_cred(user, pass) status, pair = brute_cred(user, pass, soc)
end end
soc:close() soc:close()
return pair return pair