diff --git a/scripts/HTTPpasswd.nse b/scripts/HTTPpasswd.nse index d511097d3..4e9cf9655 100644 --- a/scripts/HTTPpasswd.nse +++ b/scripts/HTTPpasswd.nse @@ -1,5 +1,5 @@ --- HTTP probe for /etc/passwd - +--- Probes an HTTP server via directory traversal for /etc/passwd +-- -- 07/20/2007: -- * Used Thomas Buchanan's HTTPAuth script as a starting point -- * Applied some great suggestions from Brandon Enright, thanks a lot man! @@ -21,7 +21,10 @@ categories = {"intrusive", "vuln"} require "shortport" require "http" --- Check for valid return code and passwd format in body +--- Validates the HTTP response code and checks for a valid passwd format +--- in the body +--@param response The HTTP response from the server +--@return The body of the HTTP response local validate = function(response) if not response.status then return nil @@ -38,6 +41,10 @@ local validate = function(response) return response.body end +--- Transforms a string with ".", "/" and "\" converted to their URL-formatted +--- hex equivalents +--@param str String to hexify +--@return Transformed string local hexify = function(str) local ret ret = str:gsub("%.", "%%2E") @@ -46,12 +53,18 @@ local hexify = function(str) return ret end --- Returns truncated passwd file and returned length +--- Truncates the passwd file +--@param passwd passwd file +--@return Truncated passwd file and truncated length local truncatePasswd = function(passwd) local len = 250 return passwd:sub(1, len), len end +--- Formats output +--@param passwd passwd file +--@param dir Formatted request which elicited the good reponse +--@return String description for output local output = function(passwd, dir) local trunc, len = truncatePasswd(passwd) local out = "" diff --git a/scripts/HTTPtrace.nse b/scripts/HTTPtrace.nse index 87802d4ed..92464a405 100644 --- a/scripts/HTTPtrace.nse +++ b/scripts/HTTPtrace.nse @@ -1,10 +1,13 @@ --- Send HTTP TRACE method and print any modifications - --- The HTTP TRACE method is used to show any modifications made by --- intermediate servers or proxies between you and the target host. --- This script shows these modifications, which you can use for --- diagnostic purposes (such as testing for web server or network --- problems). Plus, it's just really cool :) +--- Sends and HTTP TRACE and describes any modifications +-- +--@output +-- 80/tcp open http \n +-- | HTTP TRACE: Response differs from request. First 5 additional lines: \n +-- | Cookie: UID=d4287aa38d02f409841b4e0c0050c13148a85d01c0c0a154d4ef56dfc2b4fc1b0 \n +-- | Country: us \n +-- | Ip_is_advertise_combined: yes \n +-- | Ip_conntype-Confidence: -1 \n +-- |_ Ip_line_speed: medium -- 08/31/2007 @@ -22,6 +25,9 @@ require "comm" require "shortport" require "stdnse" +--- Truncates and formats the first 5 elements of a table +--@param tab The table to truncate +--@return Truncated, formatted table local truncate = function(tab) local str = "" str = str .. tab[1] .. "\n" @@ -32,6 +38,11 @@ local truncate = function(tab) return str end +--- Validates the HTTP response and checks for modifications +--@param response The HTTP response from the server +--@param original The original HTTP request sent to the server +--@return A string describing the changes (if any) between the response and +-- request local validate = function(response, original) local start, stop local body diff --git a/scripts/MySQLinfo.nse b/scripts/MySQLinfo.nse index 401a770a1..3cf4922c6 100644 --- a/scripts/MySQLinfo.nse +++ b/scripts/MySQLinfo.nse @@ -1,9 +1,18 @@ --- Connect to MySQL server and print information such as the protocol and --- version numbers, thread id, status, capabilities and the password salt - +--- Connects to a MySQL server and prints information such as the protocol and +--- version numbers, thread id, status, capabilities and the password salt +-- -- If service detection is performed and the server appears to be blocking -- our host or is blocked from too many connections, then we don't bother -- running this script (see the portrule) +-- +--@output +-- 3306/tcp open mysql \n +-- | MySQL Server Information: Protocol: 10 \n +-- | Version: 5.0.51a-3ubuntu5.1 \n +-- | Thread ID: 7 \n +-- | Some Capabilities: Connect with DB, Compress, Transactions, Secure Connection \n +-- | Status: Autocommit \n +-- |_ Salt: bYyt\NQ/4V6IN+*3`imj -- Many thanks to jah (jah@zadkiel.plus.com) for testing and enhancements @@ -20,12 +29,16 @@ categories = { "default", "discovery", "safe" } require 'bit' require 'comm' --- Grabs NUL-terminated string +--- Grabs NUL-terminated string +--@param orig Start of the string +--@return The NUL-terminated string local getstring = function(orig) return orig:match("^([^%z]*)"); end --- Convert two bytes into a number +--- Converts two bytes into a number +--@param num Start of the two bytes +--@return The converted number local ntohs = function(num) local b1 = bit.band(num:byte(1), 255) local b2 = bit.band(num:byte(2), 255) @@ -33,7 +46,9 @@ local ntohs = function(num) return bit.bor(b1, bit.lshift(b2, 8)) end --- Convert three bytes into a number +--- Converts three bytes into a number +--@param num Start of the three bytes +--@return The converted number local ntoh3 = function(num) local b1 = bit.band(num:byte(1), 255) local b2 = bit.band(num:byte(2), 255) @@ -42,7 +57,9 @@ local ntoh3 = function(num) return bit.bor(b1, bit.lshift(b2, 8), bit.lshift(b3, 16)) end --- Convert four bytes into a number +--- Converts four bytes into a number +--@param num Start of the four bytes +--@return The converted number local ntohl = function(num) local b1 = bit.band(num:byte(1), 255) local b2 = bit.band(num:byte(2), 255) @@ -52,7 +69,9 @@ local ntohl = function(num) return bit.bor(b1, bit.lshift(b2, 8), bit.lshift(b3, 16), bit.lshift(b4, 24)) end --- Convert number to a list of capabilities for printing +--- Converts a number to a string description of the capabilities +--@param num Start of the capabilities data +--@return String describing the capabilities offered local capabilities = function(num) local caps = ""