From ba5f207d949e18b3a061a8418b6e4004ab40392f Mon Sep 17 00:00:00 2001 From: dmiller Date: Wed, 21 May 2014 19:06:50 +0000 Subject: [PATCH] Fix NSEdoc generation problems due to block ordering Reported here: http://seclists.org/nmap-dev/2014/q2/258 Complicated parsing issue, but short version is this: The NSEdoc for scripts must not be followed by a local declaration, or it will not be accepted. Easiest way is to be sure the block with @usage, @output, @args, @xmloutput, etc. comes right before the author line. --- scripts/mysql-vuln-cve2012-2122.nse | 18 +++++++++--------- scripts/smb-ls.nse | 8 ++++---- scripts/ssl-date.nse | 17 ++++++++--------- scripts/ssl-heartbleed.nse | 24 ++++++++++++------------ 4 files changed, 33 insertions(+), 34 deletions(-) diff --git a/scripts/mysql-vuln-cve2012-2122.nse b/scripts/mysql-vuln-cve2012-2122.nse index 833a3dc05..aed1338b4 100644 --- a/scripts/mysql-vuln-cve2012-2122.nse +++ b/scripts/mysql-vuln-cve2012-2122.nse @@ -1,3 +1,12 @@ +local mysql = require "mysql" +local nmap = require "nmap" +local shortport = require "shortport" +local stdnse = require "stdnse" +local string = require "string" +local table = require "table" +local vulns = require "vulns" +local openssl = stdnse.silent_require "openssl" + description = [[ Attempts to bypass authentication in MySQL and MariaDB servers by @@ -70,15 +79,6 @@ Interesting post about this vuln: -- @args mysql-vuln-cve2012-2122.socket_timeout Socket timeout. Default: 5s. --- -local mysql = require "mysql" -local nmap = require "nmap" -local shortport = require "shortport" -local stdnse = require "stdnse" -local string = require "string" -local table = require "table" -local vulns = require "vulns" -local openssl = stdnse.silent_require "openssl" - author = "Paulino Calderon " license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"discovery", "intrusive", "vuln"} diff --git a/scripts/smb-ls.nse b/scripts/smb-ls.nse index d115c9c68..87c72b044 100644 --- a/scripts/smb-ls.nse +++ b/scripts/smb-ls.nse @@ -38,6 +38,10 @@ The output is intended to resemble the output of the UNIX ls comman -- @args smb-ls.checksum [optional] download each file and calculate a SHA1 checksum -- +author = "Patrik Karlsson" +license = "Same as Nmap--See http://nmap.org/book/man-legal.html" +categories = {"discovery", "safe"} + local arg_share = stdnse.get_script_args(SCRIPT_NAME .. '.share') local arg_path = stdnse.get_script_args(SCRIPT_NAME .. '.path') local arg_pattern = stdnse.get_script_args(SCRIPT_NAME .. '.pattern') or '*' @@ -45,10 +49,6 @@ local arg_maxfiles = tonumber(stdnse.get_script_args(SCRIPT_NAME .. '.maxfiles') local arg_maxdepth = tonumber(stdnse.get_script_args(SCRIPT_NAME .. '.maxdepth')) local arg_checksum = stdnse.get_script_args(SCRIPT_NAME .. '.checksum') -author = "Patrik Karlsson" -license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -categories = {"discovery", "safe"} - hostrule = function(host) return ( smb.get_port(host) ~= nil and arg_share and arg_path ) end diff --git a/scripts/ssl-date.nse b/scripts/ssl-date.nse index 84cc9d516..eb04f1ee3 100644 --- a/scripts/ssl-date.nse +++ b/scripts/ssl-date.nse @@ -19,15 +19,6 @@ Original idea by Jacob Appelbaum and his TeaTime and tlsdate tools: * https://github.com/ioerror/tlsdate ]] -author = "Aleksandar Nikolic" -license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -categories = {"discovery", "safe", "default"} - -portrule = function(host, port) - return shortport.ssl(host, port) or sslcert.isPortSupported(port) -end - - --- -- @usage -- nmap --script=ssl-date @@ -41,6 +32,14 @@ end -- 2012-08-02T18:29:31+00:00 -- 4 +author = "Aleksandar Nikolic" +license = "Same as Nmap--See http://nmap.org/book/man-legal.html" +categories = {"discovery", "safe", "default"} + +portrule = function(host, port) + return shortport.ssl(host, port) or sslcert.isPortSupported(port) +end + -- -- most of the code snatched from tls-nextprotoneg until we decide if we want a separate library -- diff --git a/scripts/ssl-heartbleed.nse b/scripts/ssl-heartbleed.nse index cc589c2a8..1c48a3cc6 100644 --- a/scripts/ssl-heartbleed.nse +++ b/scripts/ssl-heartbleed.nse @@ -1,3 +1,15 @@ +local bin = require('bin') +local match = require('match') +local nmap = require('nmap') +local shortport = require('shortport') +local sslcert = require('sslcert') +local stdnse = require('stdnse') +local string = require('string') +local table = require('table') +local vulns = require('vulns') +local have_tls, tls = pcall(require,'tls') +assert(have_tls, "This script requires the tls.lua library from http://nmap.org/nsedoc/lib/tls.html") + description = [[ Detects whether a server is vulnerable to the OpenSSL Heartbleed bug (CVE-2014-0160). The code is based on the Python script ssltest.py authored by Jared Stafford (jspenguin@jspenguin.org) @@ -27,18 +39,6 @@ The code is based on the Python script ssltest.py authored by Jared Stafford (js -- @args ssl-heartbleed.protocols (default tries all) TLS 1.0, TLS 1.1, or TLS 1.2 -- -local bin = require('bin') -local match = require('match') -local nmap = require('nmap') -local shortport = require('shortport') -local sslcert = require('sslcert') -local stdnse = require('stdnse') -local string = require('string') -local table = require('table') -local vulns = require('vulns') -local have_tls, tls = pcall(require,'tls') -assert(have_tls, "This script requires the tls.lua library from http://nmap.org/nsedoc/lib/tls.html") - author = "Patrik Karlsson " license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = { "vuln", "safe" }