Let http.lua functions optionally connect via any address family

Sometimes (e.g. when using an external API), a script wants to connect by name to a server and doesn't care whether IPv4 or IPv6 is used. By passing the "any_af" option, the first resolved address of any address family will be used, allowing external-category scripts which used to fail with -6 to succeed.
2025-12-15 20:29:03 +00:00 · 2016-03-16 05:07:59 +00:00
parent f68650e51e
commit c7892e365f
13 changed files with 21 additions and 14 deletions
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -72,6 +72,7 @@
 -- * <code>bypass_cache</code>: Do not perform a lookup in the local HTTP cache.
 -- * <code>no_cache</code>: Do not save the result of this request to the local HTTP cache.
 -- * <code>no_cache_body</code>: Do not save the body of the response to the local HTTP cache.
+-- * <code>any_af</code>: Allow connecting to any address family, inet or inet6. By default, these functions will only use the same AF as nmap.address_family to resolve names.
 -- * <code>redirect_ok</code>: Closure that overrides the default redirect_ok used to validate whether to follow HTTP redirects or not. False, if no HTTP redirects should be followed. Alternatively, a number may be passed to change the number of redirects to follow.
 --   The following example shows how to write a custom closure that follows 5 consecutive redirects, without the safety checks in the default redirect_ok:
 --   <code>
@@ -1196,9 +1197,15 @@ local function request(host, port, data, options)

  method = string.match(data, "^(%S+)")

+  if type(host) == "string" and options.any_af then
+    local status, addrs = nmap.resolve(host)
+    host = addrs[1] or host
+  end
+
  local socket, partial, opts = comm.tryssl(host, port, data, { timeout = options.timeout })

  if not socket then
+    stdnse.debug1("http.request socket error: %s", partial)
    return http_error("Error creating socket.")
  end