From b2d1ac7580a9cb02c03b18bcb532900b86f80688 Mon Sep 17 00:00:00 2001 From: henri Date: Mon, 20 Jun 2011 21:06:14 +0000 Subject: [PATCH] Avoid bloating the registry by using variables to transfer information from the hostrule to the action function. --- scripts/firewalk.nse | 39 ++++++++------------------------------- scripts/ipidseq.nse | 27 +++++++-------------------- scripts/qscan.nse | 25 +++++++------------------ 3 files changed, 22 insertions(+), 69 deletions(-) diff --git a/scripts/firewalk.nse b/scripts/firewalk.nse index 4e5849ecd..0abd4da98 100644 --- a/scripts/firewalk.nse +++ b/scripts/firewalk.nse @@ -105,6 +105,8 @@ local ProbeTimeout local MaxActiveProbes local MaxProbedPorts +-- cache ports to probe between the hostrule and the action function +local FirewalkPorts -- ICMP constant @@ -296,8 +298,6 @@ local function build_portlist(host) local proto = combo[1] local state = combo[2] - portlist[proto] = {} - repeat port = nmap.get_ports(host, port, proto, state) @@ -308,6 +308,8 @@ local function build_portlist(host) scanned = false, -- initial state: unprobed } + portlist[proto] = portlist[proto] or {} + portlist[proto][port.number] = pentry i = i + 1 end @@ -319,19 +321,6 @@ local function build_portlist(host) end ---- store the portlist in the register --- @param host the destination host object --- @param ports the table of ports to probe -local function setregs(host, ports) - - if not nmap.registry[host.ip] then - nmap.registry[host.ip] = {} - end - - nmap.registry[host.ip]['firewalk_ports'] = ports - -end - --- wrapper for stdnse.parse_timespec() to get specified value in milliseconds -- @param spec the time specification string (like "10s", "120ms"...) -- @return the equivalent number of milliseconds or nil on failure @@ -421,23 +410,11 @@ hostrule = function(host) end -- get the list of ports to probe - local portlist = build_portlist(host) - local nb_ports = 0 + FirewalkPorts = build_portlist(host) - for _, proto in pairs(portlist) do - for _ in pairs(proto) do - nb_ports = nb_ports + 1 - end - end + -- schedule the execution if there are filtered ports to probe + return (next(FirewalkPorts) ~= nil) - -- nothing to probe: cancel the execution - if nb_ports < 1 then - return false - end - - setregs(host, portlist) - - return true end --- return the initial TTL to use (the one of the last gateway before the target) @@ -817,7 +794,7 @@ action = function(host) sock = nmap.new_dnet(), pcap = nmap.new_socket(), - ports = nmap.registry[host.ip]['firewalk_ports'], + ports = FirewalkPorts, sendqueue = {}, -- pending probes pending_resends = {}, -- probes needing to be resent diff --git a/scripts/ipidseq.nse b/scripts/ipidseq.nse index 9badb4f12..eef948130 100644 --- a/scripts/ipidseq.nse +++ b/scripts/ipidseq.nse @@ -35,6 +35,8 @@ require 'stdnse' local NUMPROBES = 6 +local ipidseqport + --- Pcap check function -- @return Destination and source IP addresses and TCP ports local check = function(layer3) @@ -175,16 +177,6 @@ local getport = function(host) return port.number end ---- Sets probe port number in registry --- @param host Host object --- @param port Port number -local setreg = function(host, port) - if not nmap.registry[host.ip] then - nmap.registry[host.ip] = {} - end - nmap.registry[host.ip]['ipidseqprobe'] = port -end - hostrule = function(host) if not nmap.is_privileged() then nmap.registry[SCRIPT_NAME] = nmap.registry[SCRIPT_NAME] or {} @@ -202,12 +194,8 @@ hostrule = function(host) if not host.interface then return false end - local port = getport(host) - if not port then - return false - end - setreg(host, port) - return true + ipidseqport = getport(host) + return (ipidseqport ~= nil) end action = function(host) @@ -215,7 +203,6 @@ action = function(host) local ipids = {} local sock = nmap.new_dnet() local pcap = nmap.new_socket() - local port = nmap.registry[host.ip]['ipidseqprobe'] local saddr = packet.toip(host.bin_ip_src) local daddr = packet.toip(host.bin_ip) local try = nmap.new_try() @@ -224,11 +211,11 @@ action = function(host) try = nmap.new_try(function() sock:ip_close() end) - pcap:pcap_open(host.interface, 104, false, "tcp and dst host " .. saddr .. " and src host " .. daddr .. " and src port " .. port) + pcap:pcap_open(host.interface, 104, false, "tcp and dst host " .. saddr .. " and src host " .. daddr .. " and src port " .. ipidseqport) pcap:set_timeout(host.times.timeout * 1000) - local tcp = genericpkt(host, port) + local tcp = genericpkt(host, ipidseqport) while i <= NUMPROBES do try(sock:ip_send(tcp.buf)) @@ -254,7 +241,7 @@ action = function(host) local output = ipidseqclass(ipids) if nmap.debugging() > 0 then - output = output .. " [used port " .. port .. "]" + output = output .. " [used port " .. ipidseqport .. "]" end return output diff --git a/scripts/qscan.nse b/scripts/qscan.nse index 804c8237c..77b71f7b9 100644 --- a/scripts/qscan.nse +++ b/scripts/qscan.nse @@ -99,6 +99,10 @@ local tdist = { { 0.6770, 1.2901, 1.6602, 1.9840, 2.3642, 2.6259, 3.3905 } -- 100 } +-- cache ports to probe between the hostrule and the action function +local qscanports + + local tinv = function(p, dof) local din, pin @@ -353,16 +357,6 @@ local getports = function(host, numopen, numclosed) return table_extend(open, closed) end ---- Sets probe port list in registry --- @param host Host object --- @param ports Port list -local setreg = function(host, ports) - if not nmap.registry[host.ip] then - nmap.registry[host.ip] = {} - end - nmap.registry[host.ip]['qscanports'] = ports -end - hostrule = function(host) if not nmap.is_privileged() then nmap.registry[SCRIPT_NAME] = nmap.registry[SCRIPT_NAME] or {} @@ -397,18 +391,13 @@ hostrule = function(host) end end - local ports = getports(host, numopen, numclosed) - if #ports <= 1 then - return false - end - setreg(host, ports) - return true + qscanports = getports(host, numopen, numclosed) + return (#qscanports > 1) end action = function(host) local sock = nmap.new_dnet() local pcap = nmap.new_socket() - local ports = nmap.registry[host.ip]['qscanports'] local saddr = packet.toip(host.bin_ip_src) local daddr = packet.toip(host.bin_ip) local start @@ -435,7 +424,7 @@ action = function(host) local tcp = genericpkt(host) for i = 1, numtrips do - for j, port in ipairs(ports) do + for j, port in ipairs(qscanports) do updatepkt(tcp, port)