merge soc07 r4891 - nse improvements

Makefile.in

@@ -187,9 +187,12 @@ install-nmapfe: $(TARGETNMAPFE)
 	-test -f nmapfe/nmapfe && $(INSTALL) -c -m 755 -s nmapfe/nmapfe $(DESTDIR)$(bindir)/nmapfe && rm -f $(DESTDIR)$(bindir)/xnmap && $(SHTOOL) mkln -f -s $(DESTDIR)$(bindir)/nmapfe $(DESTDIR)$(bindir)/xnmap && $(INSTALL) -c -m 644 nmapfe.desktop $(DESTDIR)$(deskdir)/nmapfe.desktop && $(INSTALL) -c -m 644 docs/nmapfe.1 $(DESTDIR)$(mandir)/man1/nmapfe.1 && $(INSTALL) -c -m 644 docs/xnmap.1 $(DESTDIR)$(mandir)/man1/xnmap.1
 
 NSE_FILES = scripts/script.db scripts/*.nse
+NSE_LIB_FILES = nselib/*lua
 install-nse: $(TARGET)
 	$(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(nmapdatadir)/scripts
 	cp -f $(NSE_FILES) $(DESTDIR)$(nmapdatadir)/scripts
+	$(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(nmapdatadir)/nselib
+	cp -f $(NSE_LIB_FILES) $(DESTDIR)$(nmapdatadir)/nselib
 
 install: install-nmap $(INSTALLNMAPFE) $(INSTALLNSE)
 

nse_init.cc

@@ -18,7 +18,7 @@
 #include "errno.h"
 
 #include <algorithm>
-
+int init_setlualibpath(lua_State* l);
 int init_loadfile(lua_State* l, char* filename);
 int init_loaddir(lua_State* l, char* dirname);
 int init_loadcategories(lua_State* l, std::vector<std::string> categories, std::vector<std::string> &unusedTags);
@@ -61,10 +61,57 @@ int init_lua(lua_State* l) {
 	lua_newtable(l);
 	SCRIPT_ENGINE_TRY(set_nmaplib(l));
 	lua_setglobal(l, "nmap");
+	SCRIPT_ENGINE_TRY(init_setlualibpath(l));
 
 	return SCRIPT_ENGINE_SUCCESS;
 }
 
+/*sets two variables, which control where lua looks for modules (implemented in C or lua */
+int init_setlualibpath(lua_State* l){
+	char path[MAX_FILENAME_LEN]; 
+	const char*oldpath, *oldcpath;
+	std::string luapath, luacpath;
+	/* set the path lua searches for modules*/
+	if(nmap_fetchfile(path, MAX_FILENAME_LEN, SCRIPT_ENGINE_LIB_DIR)!=2){
+		/*SCRIPT_ENGINE_LIB_DIR is not a directory - error */
+		error("%s: %s not a directory\n", SCRIPT_ENGINE, SCRIPT_ENGINE_LIB_DIR);
+		return SCRIPT_ENGINE_ERROR;
+	}
+	/* the path lua uses to search for modules is setted to the 
+	 * SCRIPT_ENGINE_LIBDIR/ *.lua with the default path 
+	 * (which is read from the package-module) appended  - 
+	 * the path for C-modules is as above but it searches for shared libs (*.so)	*/
+	luapath= std::string(path) + "?.lua;"; 
+	luacpath= std::string(path) + "?.so;"; 
+	lua_getglobal(l,"package");
+	if(!lua_istable(l,-1)){
+		error("%s: the lua global-variable package is not a table?!", SCRIPT_ENGINE);
+		return SCRIPT_ENGINE_ERROR;
+	}
+	lua_getfield(l,-1, "path");
+	lua_getfield(l,-2, "cpath");
+	if(!lua_isstring(l,-1)||!lua_isstring(l,-2)){
+		error("%s: no default paths setted in package table (needed in %s at line %d) -- probably a problem of the lua-configuration?!", SCRIPT_ENGINE, __FILE__, __LINE__);
+		return SCRIPT_ENGINE_ERROR;
+	}
+	oldcpath= lua_tostring(l,-1);
+	oldpath = lua_tostring(l,-2);
+	luacpath= luacpath + oldcpath;
+	luapath= luapath + oldpath;
+	lua_pop(l,2);
+	lua_pushstring(l, luapath.c_str());
+	lua_setfield(l, -2, "path");
+	lua_pushstring(l, luacpath.c_str());
+	lua_setfield(l, -2, "cpath");
+	lua_getfield(l,-1, "path");
+	lua_getfield(l,-2, "cpath");
+	SCRIPT_ENGINE_DEBUGGING(log_write(LOG_STDOUT, "%s: Using %s to search for C-modules and %s for Lua-modules\n", SCRIPT_ENGINE, lua_tostring(l,-1), lua_tostring(l,-2));)
+	/*pop the two strings (luapath and luacpath) and the package table off 
+	 * the stack */
+	lua_pop(l,3);
+	return SCRIPT_ENGINE_SUCCESS;
+}
+
 /* if there were no command line arguments specifying
  * which scripts should be run, a default script set is
  * chosen

nse_macros.h

@@ -25,6 +25,12 @@
 	#define SCRIPT_ENGINE_LUA_DIR 	"scripts/"
 #endif
 
+#ifdef WIN32
+	#define SCRIPT_ENGINE_LIB_DIR 	"nselib\\"
+#else
+	#define SCRIPT_ENGINE_LIB_DIR 	"nselib/"
+#endif
+
 #define SCRIPT_ENGINE_DATABASE 		"script.db"
 #define SCRIPT_ENGINE_EXTENSION		".nse"
 

nse_nmaplib.cc

@@ -8,6 +8,7 @@
 #include "NmapOps.h"
 #include "nmap_rpc.h"
 #include "Target.h"
+#include "output.h"
 
 #define SCRIPT_ENGINE_GETSTRING(name) \
 	char* name; \
@@ -394,7 +395,7 @@ static int l_set_port_version(lua_State* l, Target* target, Port* port) {
 }
 
 static int l_print_debug_unformatted(lua_State *l) {
-	int verbosity(0), stack_counter(1);
+	int verbosity=1, stack_counter(1);
 	const char *out;
 
 	if (lua_isnumber (l, 1) && (lua_gettop(l) > 1)) {
@@ -403,8 +404,7 @@ static int l_print_debug_unformatted(lua_State *l) {
 		stack_counter++;
 	}
 	out = luaL_checkstring(l, stack_counter);
-
+	log_write(LOG_STDOUT, "%s NSE DEBUG: %s\n", SCRIPT_ENGINE, out);
-	error("%s NSE DEBUG: %s", SCRIPT_ENGINE, out);
 	return 0;
 }
 

nselib/ipOps.lua

@@ -0,0 +1,32 @@
+module(...,package.seeall)
+
+
+isPrivate = function(ip)
+	-- check to see if ip is part of RFC 1918 address space
+	-- if so, don't bother with the RIPE lookup
+	local a, b
+	a, b = get_parts_as_number(ip)  
+	if a == 10 then
+		return true
+	elseif a == 172 and (b>15 and b<32) then
+			return true
+	elseif a == 192 and b == 168 then
+		return true
+	end
+	return false
+end
+
+todword = function(ip)
+	local a, b, c, d
+	a,b,c,d = get_parts_as_number(ip) 
+	return (((a*256+b))*256+c)*256+d
+end
+
+get_parts_as_number = function(ip)
+	local a,b,c,d = string.match(ip, "(%d+)%.(%d+)%.(%d+)%.(%d+)")
+	a = tonumber(a);
+	b = tonumber(b);
+	c = tonumber(c);
+	d = tonumber(d);
+	return a,b,c,d
+end

nselib/shortport.lua

@@ -0,0 +1,54 @@
+module(...)
+
+protorule = function(porttab, service, proto, state)
+	state = state or "open"
+	proto = proto or "tcp"
+	if porttab.service==service
+		and porttab.protocol == proto
+		and porttab.state == state
+	then
+		return true;
+	else
+		return false;
+	end
+end
+
+portnumber = function(porttab, number, proto, state)
+	state = state or "open"
+	proto = proto or "tcp"
+	if porttab.number==number
+		and porttab.protocol == proto
+		and porttab.state ==state
+	then
+		return true;
+	else
+		return false;
+	end
+	
+end
+
+port_in_list = function(porttab, proto, ...)
+	if not porttab.protocol==proto
+	then
+		return false
+	end
+	for i, v in ipairs{...} do
+		if porttab.number == v then
+			return true
+		end
+	end
+	return false
+end
+
+port_or_service = function(porttab, number, service, proto, state)
+	state= state or "open"
+	proto = proto or "tcp"
+	if 	(porttab.number==number or porttab.service==service) 
+		and porttab.protocol==proto
+		and porttab.state == state
+	then
+		return true
+	else 
+		return false
+	end
+end

scripts/ripeQuery.nse

@@ -1,3 +1,5 @@
+require "ipOps"
+
 id = "RIPE query"
 description = "Connects to the RIPE database, extracts and prints the role: entry for the IP."
 author = "Diman Todorov <diman.todorov@gmail.com>"
@@ -6,7 +8,7 @@ license = "See nmaps COPYING for licence"
 categories = {"discovery"}
 
 hostrule = function(host, port)
-	return true
+	return not ipOps.isPrivate(host.ip)
 end
 
 action = function(host, port)

scripts/showHTMLTitle.nse

@@ -11,19 +11,10 @@ license = "See nmaps COPYING for licence"
 
 categories = {"demo", "safe"}
 
+require "shortport"
+
 portrule = function(host, port) 
-	if 
+	return shortport.port_or_service(port, 80, "http")
-		(	port.number == 80
-			or port.service == "http")
-		and port.protocol == "tcp" 
-		and port.state == "open"
-		-- and host.name ~= nil 
-		-- and string.match(host.name, "www.+") 
-	then
-		return true
-	else
-		return false
-	end
 end
 
 action = function(host, port)
@@ -57,7 +48,7 @@ action = function(host, port)
 	if title ~= nil then
 		result = string.gsub(title , "[\n\r\t]", "")
 		if string.len(title) > 50 then
-			nmap.print_debug_unformatted("showHTMLTitle.nse: title was truncated!");
+			nmap.print_debug_unformatted("showHTMLTitle.nse: Title got truncated!");
 			result = string.sub(result, 1, 62) .. "..."
 		end
 	else