Updated documentation for Kris' scripts.

scripts/HTTPpasswd.nse

@@ -1,5 +1,5 @@
--- HTTP probe for /etc/passwd
-
+--- Probes an HTTP server via directory traversal for /etc/passwd
+--
 -- 07/20/2007:
 --   * Used Thomas Buchanan's HTTPAuth script as a starting point
 --   * Applied some great suggestions from Brandon Enright, thanks a lot man!
@@ -21,7 +21,10 @@ categories = {"intrusive", "vuln"}
 require "shortport"
 require "http"
 
--- Check for valid return code and passwd format in body
+--- Validates the HTTP response code and checks for a valid passwd format
+--- in the body
+--@param response The HTTP response from the server
+--@return The body of the HTTP response
 local validate = function(response)
 	if not response.status then
 		return nil
@@ -38,6 +41,10 @@ local validate = function(response)
 	return response.body
 end
 
+--- Transforms a string with ".", "/" and "\" converted to their URL-formatted
+--- hex equivalents
+--@param str String to hexify
+--@return Transformed string
 local hexify = function(str)
 	local ret
 	ret = str:gsub("%.", "%%2E")
@@ -46,12 +53,18 @@ local hexify = function(str)
 	return ret
 end
 
--- Returns truncated passwd file and returned length
+--- Truncates the passwd file
+--@param passwd passwd file
+--@return Truncated passwd file and truncated length
 local truncatePasswd = function(passwd)
 	local len = 250
 	return passwd:sub(1, len), len
 end
 
+--- Formats output
+--@param passwd passwd file
+--@param dir Formatted request which elicited the good reponse
+--@return String description for output
 local output = function(passwd, dir)
 	local trunc, len = truncatePasswd(passwd)
 	local out = ""

scripts/HTTPtrace.nse

@@ -1,10 +1,13 @@
--- Send HTTP TRACE method and print any modifications
-
--- The HTTP TRACE method is used to show any modifications made by
--- intermediate servers or proxies between you and the target host.
--- This script shows these modifications, which you can use for
--- diagnostic purposes (such as testing for web server or network
--- problems).  Plus, it's just really cool :)
+--- Sends and HTTP TRACE and describes any modifications
+--
+--@output
+-- 80/tcp open  http \n
+-- |  HTTP TRACE: Response differs from request.  First 5 additional lines: \n
+-- |  Cookie: UID=d4287aa38d02f409841b4e0c0050c13148a85d01c0c0a154d4ef56dfc2b4fc1b0 \n
+-- |  Country: us \n
+-- |  Ip_is_advertise_combined: yes \n
+-- |  Ip_conntype-Confidence: -1 \n
+-- |_ Ip_line_speed: medium
 
 -- 08/31/2007
 
@@ -22,6 +25,9 @@ require "comm"
 require "shortport"
 require "stdnse"
 
+--- Truncates and formats the first 5 elements of a table
+--@param tab The table to truncate
+--@return Truncated, formatted table
 local truncate = function(tab)
 	local str = ""
 	str = str .. tab[1] .. "\n"
@@ -32,6 +38,11 @@ local truncate = function(tab)
 	return str
 end
 
+--- Validates the HTTP response and checks for modifications
+--@param response The HTTP response from the server
+--@param original The original HTTP request sent to the server
+--@return A string describing the changes (if any) between the response and
+-- request
 local validate = function(response, original)
 	local start, stop
 	local body

scripts/MySQLinfo.nse

@@ -1,9 +1,18 @@
--- Connect to MySQL server and print information such as the protocol and
--- version numbers, thread id, status, capabilities and the password salt
-
+--- Connects to a MySQL server and prints information such as the protocol and
+--- version numbers, thread id, status, capabilities and the password salt
+--
 -- If service detection is performed and the server appears to be blocking
 -- our host or is blocked from too many connections, then we don't bother
 -- running this script (see the portrule)
+--
+--@output
+-- 3306/tcp open  mysql \n
+-- |  MySQL Server Information: Protocol: 10 \n
+-- |  Version: 5.0.51a-3ubuntu5.1 \n
+-- |  Thread ID: 7 \n
+-- |  Some Capabilities: Connect with DB, Compress, Transactions, Secure Connection \n
+-- |  Status: Autocommit \n
+-- |_ Salt: bYyt\NQ/4V6IN+*3`imj
 
 -- Many thanks to jah (jah@zadkiel.plus.com) for testing and enhancements
 
@@ -20,12 +29,16 @@ categories = { "default", "discovery", "safe" }
 require 'bit'
 require 'comm'
 
--- Grabs NUL-terminated string
+--- Grabs NUL-terminated string
+--@param orig Start of the string
+--@return The NUL-terminated string
 local getstring = function(orig)
     return orig:match("^([^%z]*)");
 end
 
--- Convert two bytes into a number
+--- Converts two bytes into a number
+--@param num Start of the two bytes
+--@return The converted number
 local ntohs = function(num)
 	local b1 = bit.band(num:byte(1), 255)
 	local b2 = bit.band(num:byte(2), 255)
@@ -33,7 +46,9 @@ local ntohs = function(num)
 	return bit.bor(b1, bit.lshift(b2, 8))
 end
 
--- Convert three bytes into a number
+--- Converts three bytes into a number
+--@param num Start of the three bytes
+--@return The converted number
 local ntoh3 = function(num)
 	local b1 = bit.band(num:byte(1), 255)
 	local b2 = bit.band(num:byte(2), 255)
@@ -42,7 +57,9 @@ local ntoh3 = function(num)
 	return bit.bor(b1, bit.lshift(b2, 8), bit.lshift(b3, 16))
 end
 
--- Convert four bytes into a number
+--- Converts four bytes into a number
+--@param num Start of the four bytes
+--@return The converted number
 local ntohl = function(num)
 	local b1 = bit.band(num:byte(1), 255)
 	local b2 = bit.band(num:byte(2), 255)
@@ -52,7 +69,9 @@ local ntohl = function(num)
 	return bit.bor(b1, bit.lshift(b2, 8), bit.lshift(b3, 16), bit.lshift(b4, 24))
 end
 
--- Convert number to a list of capabilities for printing
+--- Converts a number to a string description of the capabilities
+--@param num Start of the capabilities data
+--@return String describing the capabilities offered
 local capabilities = function(num)
 	local caps = ""