Remove bin.lua from the last of the NSE scripts (libraries still use it)

scripts/llmnr-resolve.nse

@@ -1,7 +1,6 @@
 local nmap = require "nmap"
 local stdnse = require "stdnse"
 local table = require "table"
-local bin = require "bin"
 local packet = require "packet"
 local ipOps = require "ipOps"
 local target = require "target"
@@ -54,14 +53,14 @@ categories = {"discovery", "safe", "broadcast"}
 -- @param hostname Hostname to query for.
 -- @return query Raw llmnr query.
 local llmnrQuery = function(hostname)
-  return bin.pack(">S6pCS2",
+  return string.pack(">I2I2I2I2I2I2 s1x I2I2",
     math.random(0,65535), -- transaction ID
     0x0000, -- Flags: Standard Query
     0x0001, -- Questions = 1
     0x0000, -- Answer RRs = 0
     0x0000, -- Authority RRs = 0
     0x0000, -- Additional RRs = 0
-    hostname, 0x00, -- Hostname
+    hostname, -- Hostname
     0x0001, -- Type: Host Address
     0x0001) -- Class: IN
 end
@@ -102,10 +101,7 @@ local llmnrListen = function(interface, timeout, result)
       -- Skip IP and UDP headers
       local llmnr = string.sub(l3data, p.ip_hl*4 + 8 + 1)
       -- Flags
-      local _, trans = bin.unpack(">S", llmnr)
-      local _, flags = bin.unpack(">S", llmnr, 3)
-      -- Questions number
-      local _, questions = bin.unpack(">S", llmnr, 5)
+      local trans, flags, questions = string.unpack(">I2 I2 I2", llmnr)
 
       -- Make verifications
       -- Message == Response bit
@@ -114,20 +110,19 @@ local llmnrListen = function(interface, timeout, result)
         stdnse.debug1("got response from %s", p.ip_src)
         -- Skip header's 12 bytes
         -- extract host length
-        local index, qlen = bin.unpack(">C", llmnr, 13)
+        local qlen, index = string.unpack(">B", llmnr, 13)
         -- Skip hostname, null byte, type field and class field
         index = index + qlen + 1 + 2 + 2
 
         -- Now, answer record
         local response, alen = {}
-        index, alen = bin.unpack(">C", llmnr, index)
         -- Extract hostname with the correct case sensitivity.
-        index, response.hostname = bin.unpack(">A".. alen, llmnr, index)
+        response.hostname, index = string.unpack(">s1x", llmnr, index)
 
-        -- skip null byte, type, class, ttl, dlen
-        index = index + 1 + 2 + 2 + 4 + 2
-        index, response.address = bin.unpack(">I", llmnr, index)
-        response.address = ipOps.fromdword(response.address)
+        -- skip type, class, ttl, dlen
+        index = index + 2 + 2 + 4 + 2
+        response.address, index = string.unpack(">c4", llmnr, index)
+        response.address = ipOps.str_to_ip(response.address)
         table.insert(result, response)
       else
         stdnse.debug1("skipped llmnr response.")

scripts/mrinfo.nse

@@ -1,7 +1,6 @@
 local nmap = require "nmap"
 local packet = require "packet"
 local ipOps = require "ipOps"
-local bin = require "bin"
 local stdnse = require "stdnse"
 local string = require "string"
 local target = require "target"
@@ -93,36 +92,36 @@ local mrinfoParse = function(data)
   if data:byte(1) ~= 0x13 then return end
 
   -- DVMRP Code
-  index, response.code = bin.unpack(">C", data, 2)
+  response.code,
   -- Checksum
-  index, response.checksum = bin.unpack(">S", data, index)
+  response.checksum,
   -- Capabilities (Skip one reserved byte)
-  index, response.capabilities = bin.unpack(">C", data, index + 1)
+  response.capabilities,
   -- Major and minor version
-  index, response.minver = bin.unpack(">C", data, index)
-  index, response.majver = bin.unpack(">C", data, index)
+  response.minver,
+  response.majver, index = string.unpack(">B I2 x B B B", data, 2)
   response.addresses = {}
   -- Iterate over target local addresses (interfaces)
   while index < #data do
     if data:byte(index) == 0x00 then break end
     address = {}
     -- Local address
-    index, address.ip = bin.unpack(">I", data, index)
-    address.ip = ipOps.fromdword(address.ip)
+    address.ip,
     -- Link metric
-    index, address.metric = bin.unpack(">C", data, index)
+    address.metric,
     -- Threshold
-    index, address.threshold= bin.unpack(">C", data, index)
+    address.threshold,
     -- Flags
-    index, address.flags = bin.unpack(">C", data, index)
+    address.flags,
     -- Number of neighbors
-    index, address.ncount = bin.unpack(">C", data, index)
+    address.ncount, index = string.unpack(">c4BBBB", data, index)
+    address.ip = ipOps.str_to_ip(address.ip)
 
     address.neighbors = {}
     -- Iterate over neighbors
     for i = 1, address.ncount do
-      index, neighbor = bin.unpack(">I", data, index)
-      table.insert(address.neighbors, ipOps.fromdword(neighbor))
+      neighbor, index = string.unpack(">c4", data, index)
+      table.insert(address.neighbors, ipOps.str_to_ip(neighbor))
     end
     table.insert(response.addresses, address)
   end
@@ -166,7 +165,7 @@ end
 
 -- Function that generates a raw DVMRP Ask Neighbors 2 request.
 local mrinfoRaw = function()
-  local mrinfo_raw = bin.pack(">CCSSCC",
+  local mrinfo_raw = string.pack(">BB I2 I2 BB",
     0x13, -- Type: DVMRP
     0x05, -- Code: Ask Neighbor v2
     0x0000, -- Checksum: Calculated later
@@ -176,7 +175,7 @@ local mrinfoRaw = function()
     0x0c) -- Major version: 12
 
   -- Calculate checksum
-  mrinfo_raw = mrinfo_raw:sub(1,2) .. bin.pack(">S", packet.in_cksum(mrinfo_raw)) .. mrinfo_raw:sub(5)
+  mrinfo_raw = mrinfo_raw:sub(1,2) .. string.pack(">I2", packet.in_cksum(mrinfo_raw)) .. mrinfo_raw:sub(5)
 
   return mrinfo_raw
 end
@@ -204,7 +203,7 @@ local mrinfoQuery = function(interface, dstip)
   if dstip == "224.0.0.1" then
     sock:ethernet_open(interface.device)
     -- Ethernet IPv4 multicast, our ethernet address and packet type IP
-    eth_hdr = bin.pack("HAH", "01 00 5e 00 00 01", interface.mac, "08 00")
+    eth_hdr = "\x01\x00\x5e\x00\x00\x01" .. interface.mac .. "\x08\x00"
     sock:ethernet_send(eth_hdr .. mrinfo_packet.buf)
     sock:ethernet_close()
   else

scripts/mtrace.nse

@@ -1,7 +1,6 @@
 local nmap = require "nmap"
 local packet = require "packet"
 local ipOps = require "ipOps"
-local bin = require "bin"
 local stdnse = require "stdnse"
 local table = require "table"
 local math = require "math"
@@ -119,7 +118,7 @@ end
 --@param receiver Receiver of the response.
 --@return data Raw Traceroute Query.
 local traceRaw = function(fromip, toip, group, receiver)
-  local data = bin.pack(">CCSIIIICCS",
+  local data = string.pack(">BBI2 I4 I4 I4 I4 BBI2",
     0x1f, -- Type: Traceroute Query
     0x20, -- Hops: 32
     0x0000, -- Checksum: To be set later
@@ -132,7 +131,7 @@ local traceRaw = function(fromip, toip, group, receiver)
     )
 
   -- We calculate checksum
-  data = data:sub(1,2) .. bin.pack(">S", packet.in_cksum(data)) .. data:sub(5)
+  data = data:sub(1,2) .. string.pack(">I2", packet.in_cksum(data)) .. data:sub(5)
   return data
 end
 
@@ -159,7 +158,7 @@ local traceSend = function(interface, destination, trace_raw)
   if destination == "224.0.0.2" then
     sock:ethernet_open(interface.device)
     -- Ethernet IPv4 multicast, our ethernet address and packet type IP
-    local eth_hdr = bin.pack("HAH", "01 00 5e 00 00 02", interface.mac, "08 00")
+    local eth_hdr = "\x01\x00\x5e\x00\x00\x02" .. interface.mac .. "\x08\x00"
     sock:ethernet_send(eth_hdr .. trace_packet.buf)
     sock:ethernet_close()
   else
@@ -180,33 +179,26 @@ local traceParse = function(data)
   if data:byte(1) ~= 0x1e then return end
 
   -- Hops
-  index, response.hops = bin.unpack(">C", data, 2)
-
+  response.hops,
   -- Checksum
-  index, response.checksum = bin.unpack(">S", data, index)
-
+  response.checksum,
   -- Group
-  index, response.group = bin.unpack(">I", data, index)
-  response.group = ipOps.fromdword(response.group)
-
+  response.group,
   -- Source address
-  index, response.source = bin.unpack(">I", data, index)
-  response.source = ipOps.fromdword(response.source)
-
+  response.source,
   -- Destination address
-  index, response.destination = bin.unpack(">I", data, index)
-  response.receiver = ipOps.fromdword(response.destination)
-
+  response.destination,
   -- Response address
-  index, response.response = bin.unpack(">I", data, index)
-  response.response = ipOps.fromdword(response.response)
-
+  response.response,
   -- Response TTL
-  index, response.ttl = bin.unpack(">C", data, index)
-
+  response.ttl,
   -- Query ID
-  index, response.qid = bin.unpack(">C", data, index)
-  index, response.qid = response.qid * 2^16 + bin.unpack(">S", data, index)
+  response.qid, index = string.unpack(">B I2 I4 I4 I4 I4 B I3", data, 2)
+
+  response.group = ipOps.fromdword(response.group)
+  response.source = ipOps.fromdword(response.source)
+  response.receiver = ipOps.fromdword(response.destination)
+  response.response = ipOps.fromdword(response.response)
 
   local block
   response.blocks = {}
@@ -222,40 +214,31 @@ local traceParse = function(data)
 
     block = {}
     -- Query Arrival
-    index, block.query = bin.unpack(">I", data, index)
-
+    block.query,
     -- In itf address
-    index, block.inaddr = bin.unpack(">I", data, index)
-    block.inaddr = ipOps.fromdword(block.inaddr)
-
+    block.inaddr,
     -- Out itf address
-    index, block.outaddr = bin.unpack(">I", data, index)
-    block.outaddr = ipOps.fromdword(block.outaddr)
-
+    block.outaddr,
     -- Previous rtr address
-    index, block.prevaddr = bin.unpack(">I", data, index)
-    block.prevaddr = ipOps.fromdword(block.prevaddr)
-
+    block.prevaddr,
     -- In packets
-    index, block.inpkts = bin.unpack(">I", data, index)
-
+    block.inpkts,
     -- Out packets
-    index, block.outpkts = bin.unpack(">I", data, index)
-
+    block.outpkts,
     -- S,G pkt count
-    index, block.sgpkt = bin.unpack(">I", data, index)
-
+    block.sgpkt,
     -- Protocol
-    index, block.proto = bin.unpack(">C", data, index)
-
+    block.proto,
     -- Forward TTL
-    index, block.fwdttl = bin.unpack(">C", data, index)
-
+    block.fwdttl,
     -- Options
-    index, block.options = bin.unpack(">C", data, index)
-
+    block.options,
     -- Forwarding Code
-    index, block.code = bin.unpack(">C", data, index)
+    block.code, index = string.unpack(">I4 I4 I4 I4 I4 I4 I4 BBBB", data, index)
+
+    block.inaddr = ipOps.fromdword(block.inaddr)
+    block.outaddr = ipOps.fromdword(block.outaddr)
+    block.prevaddr = ipOps.fromdword(block.prevaddr)
 
     table.insert(response.blocks, block)
   end

scripts/nping-brute.nse

@@ -1,9 +1,9 @@
-local bin = require "bin"
 local brute = require "brute"
 local creds = require "creds"
 local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
+local string = require "string"
 
 local openssl = stdnse.silent_require "openssl"
 
@@ -66,25 +66,24 @@ Driver =
     for i = 1, 1000 do
       h = openssl.digest(self.SHA256, h)
     end
-    local _, key = bin.unpack("A16", h)
-    return key
+    return string.unpack("c16", h)
   end,
 
   getservernonce = function(self, serverhs)
-    local parts = {bin.unpack("CC>S>I>Ix4A32x15A32", serverhs)}
-    return parts[7]
+    local offset = 63 -- 63 bytes of header before the nonce
+    return serverhs:sub(offset+1, offset+4)
   end,
 
   chsbody = function(self)
-    local IP4 = 0x04
-    local IP6 = 0x06
+    local IP4 = "\x04"
+    local IP6 = "\x06"
     local family = IP6
     local target = self.host.bin_ip
     if #target == 4 then
-      target = bin.pack("Ax12", target)
+      target = target .. ("\0"):rep(12)
       family = IP4
     end
-    return bin.pack("ACx15", target, family)
+    return target .. family .. ("\0"):rep(15)
   end,
 
   clienths = function(self, snonce, password)
@@ -99,10 +98,10 @@ Driver =
     local nonce = snonce .. cnonce
     local enckey = self:nepkey(password, nonce, NEP_CLIENT_CIPHER_ID)
     local mackey = self:nepkey(password, nonce, NEP_CLIENT_MAC_ID)
-    local _, iv = bin.unpack("A16", cnonce)
+    local iv = string.unpack("c16", cnonce)
     local plain = self:chsbody()
     local crypted = openssl.encrypt(self.AES_128_CBC, enckey, iv, plain)
-    local head = bin.pack("CC>SA>Ix4A", self.NEP_VERSION, NEP_HANDSHAKE_CLIENT, NEP_HANDSHAKE_CLIENT_LEN, seqb, now, nonce)
+    local head = string.pack(">BB I2 c4 I4 x4", self.NEP_VERSION, NEP_HANDSHAKE_CLIENT, NEP_HANDSHAKE_CLIENT_LEN, seqb, now) .. nonce
     local mac = openssl.hmac(self.SHA256, mackey, head .. plain)
 
     return head .. crypted .. mac

scripts/nrpe-enum.nse

@@ -1,4 +1,3 @@
-local bin = require "bin"
 local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
@@ -134,31 +133,30 @@ end
 
 local nrpe_write = function(cmd)
   -- Create request packet, before checksum.
-  local pkt = bin.pack(">SSISAAS",
+  local pkt = string.pack(">I2 I2 I4 I2",
    2,
    1,
    0,
-   0,
-   cmd,
-   string.rep("\0", 1024 - #cmd),
    0)
+   .. cmd
+   .. string.rep("\0", 1024 - #cmd)
+   .. "\0\0"
 
   -- Calculate the checksum, and insert it into the packet.
-  pkt = pkt:sub(1,4) .. bin.pack(">I", crc32(pkt)) .. pkt:sub(9)
+  pkt = pkt:sub(1,4) .. string.pack(">I4", crc32(pkt)) .. pkt:sub(9)
 
   return pkt
 end
 
 local nrpe_read = function(pkt)
-  local i
   local result = {}
 
   -- Parse packet.
-  i, result.version = bin.unpack(">S", pkt, i)
-  i, result.type = bin.unpack(">S", pkt, i)
-  i, result.crc32 = bin.unpack(">I", pkt, i)
-  i, result.state = bin.unpack(">S", pkt, i)
-  i, result.data = bin.unpack("z", pkt, i)
+  result.version,
+  result.type,
+  result.crc32,
+  result.state,
+  result.data = string.unpack(">I2 I2 I4 I2 z", pkt)
 
   return result
 end

scripts/omron-info.nse

@@ -1,7 +1,7 @@
-local bin = require "bin"
 local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
+local string = require "string"
 
 description = [[
 This NSE script is used to send a FINS packet to a remote device. The script
@@ -103,16 +103,16 @@ function send_tcp(socket)
   local req_addr = stdnse.fromhex( "46494e530000000c000000000000000000000000")
   -- TCP requires a network address that is revived from the first request,
   -- The read controller data these two strings will be joined with the address
-  local controller_data_read = "46494e5300000015000000020000000080000200"
-  local controller_data_read2 = "000000ef050501"
+  local controller_data_read = stdnse.fromhex("46494e5300000015000000020000000080000200")
+  local controller_data_read2 = stdnse.fromhex("000000ef050501")
 
   -- send Request Information Packet
   socket:send(req_addr)
   local rcvstatus, response = socket:receive()
-  local pos, header = bin.unpack("C", response, 1)
+  local header = string.byte(response, 1)
   if(header == 0x46) then
-    local pos, address = bin.unpack("C",response,24)
-    local controller_data = bin.pack("HCHC", controller_data_read, address, controller_data_read2, 0x00)
+    local address = string.byte(response, 24)
+    local controller_data = ("%s%c%s%c"):format(controller_data_read, address, controller_data_read2, 0x00)
     -- send the read controller data request
     socket:send(controller_data)
     local rcvstatus, response = socket:receive()
@@ -155,11 +155,10 @@ action = function(host,port)
     response = send_udp(socket)
   end
   -- unpack the first byte for checking that it was a valid response
-  local pos, header = bin.unpack("C", response, 1)
+  local header = string.unpack("B", response, 1)
   if(header == 0xc0 or header == 0xc1 or header == 0x46) then
     set_nmap(host, port)
-    local response_code
-    pos, response_code = bin.unpack("<S", response, 13 + offset)
+    local response_code = string.unpack("<I2", response, 13 + offset)
     -- test for a few of the error codes I saw when testing the script
     if(response_code == 2081) then
       output["Response Code"] = "Data cannot be changed (0x2108)"
@@ -168,20 +167,21 @@ action = function(host,port)
       -- if a successful response code then
     elseif(response_code == 0) then
       -- parse information from response
-      pos, output["Response Code"] = "Normal completion (0x0000)"
-      pos, output["Controller Model"] = bin.unpack("z", response,15 + offset)
-      pos, output["Controller Version"] = bin.unpack("z", response, 35 + offset)
-      pos, output["For System Use"] = bin.unpack("z", response, 55 + offset)
-      pos, output["Program Area Size"] = bin.unpack(">S", response, 95 + offset)
-      pos, output["IOM size"] = bin.unpack("C", response, pos)
-      pos, output["No. DM Words"] = bin.unpack(">S", response, pos)
-      pos, output["Timer/Counter"] = bin.unpack("C", response, pos)
-      pos, output["Expansion DM Size"] = bin.unpack("C", response, pos)
-      pos, output["No. of steps/transitions"] = bin.unpack(">S", response, pos)
+      output["Response Code"] = "Normal completion (0x0000)"
+      output["Controller Model"] = string.unpack("z", response,15 + offset)
+      output["Controller Version"] = string.unpack("z", response, 35 + offset)
+      output["For System Use"] = string.unpack("z", response, 55 + offset)
+      local pos
+      output["Program Area Size"], pos = string.unpack(">I2", response, 95 + offset)
+      output["IOM size"], pos = string.unpack("B", response, pos)
+      output["No. DM Words"], pos = string.unpack(">I2", response, pos)
+      output["Timer/Counter"], pos = string.unpack("B", response, pos)
+      output["Expansion DM Size"], pos = string.unpack("B", response, pos)
+      output["No. of steps/transitions"], pos = string.unpack(">I2", response, pos)
       local mem_card_type
-      pos, mem_card_type = bin.unpack("C", response, pos)
+      mem_card_type, pos = string.unpack("B", response, pos)
       output["Kind of Memory Card"] = memory_card(mem_card_type)
-      pos, output["Memory Card Size"] = bin.unpack(">S", response, pos)
+      output["Memory Card Size"], pos = string.unpack(">I2", response, pos)
 
     else
       output["Response Code"] = "Unknown Response Code"

scripts/s7-info.nse

@@ -1,4 +1,3 @@
-local bin = require "bin"
 local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
@@ -87,22 +86,17 @@ end
 -- @param output Table used for output for return to Nmap
 local function parse_response(response, host, port, output)
   -- unpack the protocol ID
-  local pos, value = bin.unpack("C", response, 8)
+  local value = string.byte(response, 8)
   -- unpack the second byte of the SZL-ID
-  local pos, szl_id = bin.unpack("C", response, 31)
-  -- set the offset to 0
-  local offset = 0
+  local szl_id = string.byte(response, 31)
   -- if the protocol ID is 0x32
   if (value == 0x32) then
-    local pos
     -- unpack the module information
-    pos, output["Module"] = bin.unpack("z", response, 44)
+    output["Module"] = string.unpack("z", response, 44)
     -- unpack the basic hardware information
-    pos, output["Basic Hardware"] = bin.unpack("z", response, 72)
-    -- set version number to 0
-    local version = 0
+    output["Basic Hardware"] = string.unpack("z", response, 72)
     -- parse version number
-    local pos, char1, char2, char3 = bin.unpack("CCC", response, 123)
+    local char1, char2, char3 = string.unpack("BBB", response, 123)
     -- concatenate string, or if string is nil make version number 0.0
     output["Version"] = table.concat({char1 or "0.0", char2, char3}, ".")
     -- return the output table
@@ -124,9 +118,9 @@ end
 local function second_parse_response(response, output)
   local offset = 0
   -- unpack the protocol ID
-  local pos, value = bin.unpack("C", response, 8)
+  local value = string.byte(response, 8)
   -- unpack the second byte of the SZL-ID
-  local pos, szl_id = bin.unpack("C", response, 31)
+  local szl_id = string.byte(response, 31)
   -- if the protocol ID is 0x32
   if (value == 0x32) then
     -- if the szl-ID is not 0x1c
@@ -135,15 +129,15 @@ local function second_parse_response(response, output)
       offset = 4
     end
     -- parse system name
-    pos, output["System Name"] = bin.unpack("z", response, 40 + offset)
+    output["System Name"] = string.unpack("z", response, 40 + offset)
     -- parse module type
-    pos, output["Module Type"] = bin.unpack("z", response, 74 + offset)
+    output["Module Type"] = string.unpack("z", response, 74 + offset)
     -- parse serial number
-    pos, output["Serial Number"] = bin.unpack("z", response, 176 + offset)
+    output["Serial Number"] = string.unpack("z", response, 176 + offset)
     -- parse plant identification
-    pos, output["Plant Identification"] = bin.unpack("z", response, 108 + offset)
+    output["Plant Identification"] = string.unpack("z", response, 108 + offset)
     -- parse copyright
-    pos, output["Copyright"] = bin.unpack("z", response, 142 + offset)
+    output["Copyright"] = string.unpack("z", response, 142 + offset)
 
     -- for each element in the table, if it is nil, then remove the information from the table
     for key, value in pairs(output) do
@@ -210,7 +204,7 @@ local COTP = stdnse.fromhex( "0300001611e00000001400c1020100c2020" .. "102" .. "
   -- send and receive the COTP Packet
   response  = send_receive(sock, COTP)
   -- unpack the PDU Type
-  local pos, CC_connect_confirm = bin.unpack("C", response, 6)
+  local CC_connect_confirm = string.byte(response, 6)
   -- if PDU type is not 0xd0, then not a successful COTP connection
   if ( CC_connect_confirm ~= 0xd0) then
     sock:close()
@@ -224,7 +218,7 @@ local COTP = stdnse.fromhex( "0300001611e00000001400c1020100c2020" .. "102" .. "
       return nil
     end
     response = send_receive(sock, alt_COTP)
-    local pos, CC_connect_confirm = bin.unpack("C", response, 6)
+    local CC_connect_confirm = string.byte(response, 6)
     if ( CC_connect_confirm ~= 0xd0) then
       stdnse.debug1('S7 INFO:: Could not negotiate COTP')
       return nil
@@ -233,14 +227,14 @@ local COTP = stdnse.fromhex( "0300001611e00000001400c1020100c2020" .. "102" .. "
   -- send and receive the ROSCTR Setup Packet
   response  = send_receive(sock, ROSCTR_Setup)
   -- unpack the protocol ID
-  local pos, protocol_id = bin.unpack("C", response, 8)
+  local protocol_id = string.byte(response, 8)
   -- if protocol ID is not 0x32 then return nil
   if ( protocol_id ~= 0x32) then
     return nil
   end
   -- send and receive the READ_SZL packet
   response  = send_receive(sock, Read_SZL)
-  local pos, protocol_id = bin.unpack("C", response, 8)
+  local protocol_id = string.byte(response, 8)
   -- if protocol ID is not 0x32 then return nil
   if ( protocol_id ~= 0x32) then
     return nil