A couple changes to my HTTPpasswd.nse and HTTPtrace.nse scripts. In both I'm using a more object-oriented approach to methods, e.g. using response:find(..) rather than string.find(response, ..). And in HTTPtrace.nse, I'm changing a couple badly-named variable names in validate().

2026-01-07 23:19:02 +00:00 · 2007-09-04 20:40:38 +00:00
parent 54bf839dc9
commit b48cdbebfe
2 changed files with 22 additions and 22 deletions
--- a/scripts/HTTPpasswd.nse
+++ b/scripts/HTTPpasswd.nse
@@ -25,17 +25,17 @@ validate = function(response)

 	-- Hopefully checking for only 200 won't bite me in the ass, but
 	-- it's the only one that makes sense and I haven't seen it fail
-	if string.match(response, "HTTP/1.[01] 200") then
-		start, stop = string.find(response, "\r\n\r\n")
-		passwd = string.sub(response, stop+1)
+	if response:match("HTTP/1.[01] 200") then
+		start, stop = response:find("\r\n\r\n")
+		passwd = response:sub(stop + 1)
 	else
 		return
 	end

-	start, stop = string.find(passwd, "[\r\n]")
-	line = string.sub(passwd, 1, stop)
+	start, stop = passwd:find("[\r\n]")
+	line = passwd:sub(1, stop)

-	if string.match(line, "^[^:]+:[^:]*:[0-9]+:[0-9]+:") then
+	if line:match("^[^:]+:[^:]*:[0-9]+:[0-9]+:") then
 		return passwd
 	end

@@ -76,16 +76,16 @@ end

 hexify = function(str)
 	local ret
-	ret = string.gsub(str, "%.", "%%2E")
-	ret = string.gsub(ret, "/", "%%2F")
-	ret = string.gsub(ret, "\\", "%%5C")
+	ret = str:gsub("%.", "%%2E")
+	ret = ret:gsub("/", "%%2F")
+	ret = ret:gsub("\\", "%%5C")
 	return ret
 end

 -- Returns truncated passwd file and returned length
 truncatePasswd = function(passwd)
 	local len = 250
-	return string.sub(passwd, 1, len), len
+	return passwd:sub(1, len), len
 end

 output = function(passwd, dir)
--- a/scripts/HTTPtrace.nse
+++ b/scripts/HTTPtrace.nse
@@ -33,27 +33,27 @@ end

 validate = function(response, original)
 	local start, stop
-	local data
+	local body

-	if not string.match(response, "HTTP/1.[01] 200") or
-	   not string.match(response, "TRACE / HTTP/1.0") then
+	if not response:match("HTTP/1.[01] 200") or
+	   not response:match("TRACE / HTTP/1.0") then
 		return
 	end

-	start, stop = string.find(response, "\r\n\r\n")
-	data = string.sub(response, stop + 1)
+	start, stop = response:find("\r\n\r\n")
+	body = response:sub(stop + 1)

-	if original ~= data then
+	if original ~= body then
 		local output =  "Response differs from request.  "

-		if string.match(data, "^TRACE / HTTP/1.0\r\n") then
-			local sub = string.sub(data, 19) -- skip TRACE line
+		if body:match("^TRACE / HTTP/1.0\r\n") then
+			local extra = body:sub(19) -- skip TRACE line
 			local tab = {}

 			-- Skip extra newline at the end (making sure it's there)
-			sub = string.gsub(sub, "\r\n\r\n$", "\r\n")
+			extra = extra:gsub("\r\n\r\n$", "\r\n")

-			tab = stdnse.strsplit("\r\n", sub)
+			tab = stdnse.strsplit("\r\n", extra)

 			if #tab > 5 then
 				output = output .. "First 5 additional lines:\n"
@@ -61,13 +61,13 @@ validate = function(response, original)
 			end

 			output = output .. "Additional lines:\n"
-			return output .. sub .. "\n"
+			return output .. extra .. "\n"
 		end

 		-- This shouldn't happen

 		output = output .. "Full response:\n"
-		return output .. data .. "\n"
+		return output .. body .. "\n"
 	end

 	return