diff --git a/nselib/data/http-devframework-fingerprints.lua b/nselib/data/http-devframework-fingerprints.lua index e5836040b..30ed4bd30 100644 --- a/nselib/data/http-devframework-fingerprints.lua +++ b/nselib/data/http-devframework-fingerprints.lua @@ -1,4 +1,6 @@ local http = require "http" +local io = require "io" +local string = require "string" local table = require "table" local url = require "url" @@ -20,7 +22,7 @@ local url = require "url" tools = { Django = { rapidDetect = function(host, port) -- Check if the site gives that familiar Django admin login page. - response = http.get(host, port, "/admin/") + local response = http.get(host, port, "/admin/") if response.body then if string.find(response.body, "Log in | Django site admin") or @@ -70,7 +72,7 @@ tools = { Django = { rapidDetect = function(host, port) RubyOnRails = { rapidDetect = function(host, port) - response = http.get(host, port, "/") + local response = http.get(host, port, "/") -- Check for Mongrel or Passenger in the "Server" or "X-Powered-By" header for h, v in pairs(response.header) do @@ -118,11 +120,11 @@ tools = { Django = { rapidDetect = function(host, port) ASPdotNET = { rapidDetect = function(host, port) - response = http.get(host, port, "/") + local response = http.get(host, port, "/") -- Look for an ASP.NET header. for h, v in pairs(response.header) do - vl = v:lower() + local vl = v:lower() if h == "x-aspnet-version" or string.find(vl, "asp") then return "ASP.NET detected. Found related header." end @@ -154,7 +156,7 @@ tools = { Django = { rapidDetect = function(host, port) CodeIgniter = { rapidDetect = function(host, port) -- Match default error page. - response = http.get(host, port, "/random404page/") + local response = http.get(host, port, "/random404page/") if response.body then if string.find(response.body, "#990000") and @@ -174,10 +176,10 @@ tools = { Django = { rapidDetect = function(host, port) -- Find CAKEPHP header. - response = http.get(host, port, "/") + local response = http.get(host, port, "/") for h, v in pairs(response.header) do - vl = v:lower() + local vl = v:lower() if string.find(vl, "cakephp") then return "CakePHP detected. Found related header." end @@ -193,10 +195,10 @@ tools = { Django = { rapidDetect = function(host, port) Symfony = { rapidDetect = function(host, port) -- Find Symfony header. - response = http.get(host, port, "/") + local response = http.get(host, port, "/") for h, v in pairs(response.header) do - vl = v:lower() + local vl = v:lower() if string.find(vl, "symfony") then return "Symfony detected. Found related header." end @@ -212,7 +214,7 @@ tools = { Django = { rapidDetect = function(host, port) Wordpress = { rapidDetect = function(host, port) -- Check for common traces in the source code. - response = http.get(host, port, "/") + local response = http.get(host, port, "/") if response.body then if string.find(response.body, "content=[\"']WordPress") or @@ -243,7 +245,7 @@ tools = { Django = { rapidDetect = function(host, port) -- Check for common traces in the source code. - response = http.get(host, port, "/") + local response = http.get(host, port, "/") if response.body then if string.find(response.body, "content=[\"']Joomla!") then @@ -270,7 +272,7 @@ tools = { Django = { rapidDetect = function(host, port) Drupal = { rapidDetect = function(host, port) -- Check for common traces in the source code. - response = http.get(host, port, "/") + local response = http.get(host, port, "/") if response.body then if string.find(response.body, "content=[\"']Drupal") then @@ -289,7 +291,7 @@ tools = { Django = { rapidDetect = function(host, port) MediaWiki = { rapidDetect = function(host, port) -- Check for common traces in the source code. - response = http.get(host, port, "/") + local response = http.get(host, port, "/") if response.body then if string.find(response.body, "content=[\"']MediaWiki") or @@ -309,7 +311,7 @@ tools = { Django = { rapidDetect = function(host, port) ColdFusion = { rapidDetect = function(host, port) - response = http.get(host, port, "/") + local response = http.get(host, port, "/") if response.cookies then for _, c in pairs(response.cookies) do @@ -327,7 +329,7 @@ tools = { Django = { rapidDetect = function(host, port) Broadvision = { rapidDetect = function(host, port) - response = http.get(host, port, "/") + local response = http.get(host, port, "/") if response.cookies then for _, c in pairs(response.cookies) do @@ -345,7 +347,7 @@ tools = { Django = { rapidDetect = function(host, port) WebSphereCommerce = { rapidDetect = function(host, port) - response = http.get(host, port, "/") + local response = http.get(host, port, "/") if response.cookies then for _, c in pairs(response.cookies) do diff --git a/nselib/data/http-fingerprints.lua b/nselib/data/http-fingerprints.lua index 16acc9d4a..ef5a78700 100644 --- a/nselib/data/http-fingerprints.lua +++ b/nselib/data/http-fingerprints.lua @@ -1,3 +1,5 @@ +local io = require "io" +local string = require "string" local table = require "table" ---HTTP Fingerprint files, compiled by Ron Bowes with a special thanks to... diff --git a/nselib/data/packetdecoders.lua b/nselib/data/packetdecoders.lua index ddd7d5307..4c190a7b1 100644 --- a/nselib/data/packetdecoders.lua +++ b/nselib/data/packetdecoders.lua @@ -2,6 +2,7 @@ local bin = require "bin" local packet = require "packet" local stdnse = require "stdnse" local tab = require "tab" +local table = require "table" local target = require "target" --- The following file contains a list of decoders used by the diff --git a/nselib/formulas.lua b/nselib/formulas.lua index 1a7db5cad..335422ddd 100644 --- a/nselib/formulas.lua +++ b/nselib/formulas.lua @@ -17,7 +17,10 @@ -- @copyright Same as Nmap--See http://nmap.org/book/man-legal.html --- +local bin = require "bin" +local math = require "math" local stdnse = require "stdnse" +local string = require "string" local table = require "table" _ENV = stdnse.module("formulas", stdnse.seeall) diff --git a/nselib/httpspider.lua b/nselib/httpspider.lua index 6009fe090..49bb8af79 100644 --- a/nselib/httpspider.lua +++ b/nselib/httpspider.lua @@ -569,13 +569,13 @@ Crawler = { -- @param u URL that points to the resource we want to check. iswithindomain = function(self, u) local parsed_u = url.parse(tostring(u)) - if ( o.base_url:getPort() ~= 80 and o.base_url:getPort() ~= 443 ) then - if ( tonumber(parsed_u.port) ~= tonumber(o.base_url:getPort()) ) then + if ( self.options.base_url:getPort() ~= 80 and self.options.base_url:getPort() ~= 443 ) then + if ( tonumber(parsed_u.port) ~= tonumber(self.options.base_url:getPort()) ) then return false end - elseif ( parsed_u.scheme ~= o.base_url:getProto() ) then + elseif ( parsed_u.scheme ~= self.options.base_url:getProto() ) then return false - elseif ( parsed_u.host == nil or parsed_u.host:sub(-#o.base_url:getDomain()):lower() ~= o.base_url:getDomain():lower() ) then + elseif ( parsed_u.host == nil or parsed_u.host:sub(-#self.options.base_url:getDomain()):lower() ~= self.options.base_url:getDomain():lower() ) then return false end return true @@ -592,8 +592,8 @@ Crawler = { return true end + local signstring = "" if signs then - signstring = "" for _, s in signs do signstring = signstring .. s end diff --git a/nselib/ssh1.lua b/nselib/ssh1.lua index 88ea4c8a2..a05fc0e5d 100644 --- a/nselib/ssh1.lua +++ b/nselib/ssh1.lua @@ -8,9 +8,13 @@ local bin = require "bin" local bit = require "bit" +local io = require "io" local math = require "math" local nmap = require "nmap" +local os = require "os" local stdnse = require "stdnse" +local string = require "string" +local table = require "table" local openssl = stdnse.silent_require "openssl" _ENV = stdnse.module("ssh1", stdnse.seeall) @@ -217,7 +221,7 @@ end -- UserKnownHostsFile is specified, open that known_hosts. -- (3) Otherwise, open ~/.ssh/known_hosts. parse_known_hosts_file = function(path) - common_paths = {} + local common_paths = {} local f, knownhostspath if path and io.open(path) then @@ -243,13 +247,13 @@ parse_known_hosts_file = function(path) return end - known_host_entries = {} - lnumber = 0 + local known_host_entries = {} + local lnumber = 0 for l in io.lines(knownhostspath) do lnumber = lnumber + 1 if l and string.sub(l, 1, 1) ~= "#" then - parts = stdnse.strsplit(" ", l) + local parts = stdnse.strsplit(" ", l) table.insert(known_host_entries, {entry=parts, linenumber=lnumber}) end end diff --git a/scripts/dns-ip6-arpa-scan.nse b/scripts/dns-ip6-arpa-scan.nse index 0ff391e06..00fa2c012 100644 --- a/scripts/dns-ip6-arpa-scan.nse +++ b/scripts/dns-ip6-arpa-scan.nse @@ -3,6 +3,7 @@ local dns = require "dns" local ipOps = require "ipOps" local nmap = require "nmap" local stdnse = require "stdnse" +local string = require "string" local tab = require "tab" local table = require "table" diff --git a/scripts/domino-enum-users.nse b/scripts/domino-enum-users.nse index 1481fbc8b..f96f4129b 100644 --- a/scripts/domino-enum-users.nse +++ b/scripts/domino-enum-users.nse @@ -103,7 +103,7 @@ action = function(host, port) helper:disconnect() if ( status and data and path ) then - local filename = path .. "/" .. stdnse.filename_escape(u_details.fullname .. ".id") + local filename = path .. "/" .. stdnse.filename_escape(username .. ".id") local status, err = saveIDFile( filename, data ) if ( status ) then diff --git a/scripts/hadoop-secondary-namenode-info.nse b/scripts/hadoop-secondary-namenode-info.nse index 4a816c9fc..fc339e995 100644 --- a/scripts/hadoop-secondary-namenode-info.nse +++ b/scripts/hadoop-secondary-namenode-info.nse @@ -1,4 +1,5 @@ local http = require "http" +local nmap = require "nmap" local shortport = require "shortport" local stdnse = require "stdnse" local string = require "string" diff --git a/scripts/hostmap-ip2hosts.nse b/scripts/hostmap-ip2hosts.nse index a0b38a44f..bc0cd289e 100644 --- a/scripts/hostmap-ip2hosts.nse +++ b/scripts/hostmap-ip2hosts.nse @@ -46,8 +46,10 @@ categories = {"external", "discovery"} local dns = require "dns" local ipOps = require "ipOps" +local io = require "io" local http = require "http" local stdnse = require "stdnse" +local string = require "string" local target = require "target" local HOSTMAP_BING_SERVER = "www.ip2hosts.com" diff --git a/scripts/http-adobe-coldfusion-apsa1301.nse b/scripts/http-adobe-coldfusion-apsa1301.nse index 21c517fcd..c24e26405 100644 --- a/scripts/http-adobe-coldfusion-apsa1301.nse +++ b/scripts/http-adobe-coldfusion-apsa1301.nse @@ -23,6 +23,7 @@ categories = {"exploit", "vuln"} local http = require "http" local shortport = require "shortport" local stdnse = require "stdnse" +local string = require "string" local url = require "url" portrule = shortport.http diff --git a/scripts/http-coldfusion-subzero.nse b/scripts/http-coldfusion-subzero.nse index 3badbeed7..7b8b04ba0 100644 --- a/scripts/http-coldfusion-subzero.nse +++ b/scripts/http-coldfusion-subzero.nse @@ -35,7 +35,9 @@ categories = {"exploit"} local http = require "http" local shortport = require "shortport" local stdnse = require "stdnse" +local string = require "string" local url = require "url" +local openssl = stdnse.silent_require "openssl" portrule = shortport.http diff --git a/scripts/http-comments-displayer.nse b/scripts/http-comments-displayer.nse index 217415766..012c5ac2e 100644 --- a/scripts/http-comments-displayer.nse +++ b/scripts/http-comments-displayer.nse @@ -59,7 +59,7 @@ local getLineNumber = function(body, comment) local partofresponse = body:find(comment, 1, true) partofresponse = body:sub(0, partofresponse) - _, count = string.gsub(partofresponse, "\n", "\n") + local _, count = string.gsub(partofresponse, "\n", "\n") return count + 1 @@ -103,7 +103,7 @@ action = function(host, port) path = target else - status, r = crawler:crawl() + local status, r = crawler:crawl() -- if the crawler fails it can be due to a number of different reasons -- most of them are "legitimate" and should not be reason to abort if (not(status)) then diff --git a/scripts/http-csrf.nse b/scripts/http-csrf.nse index f1f548db2..9f09c3643 100644 --- a/scripts/http-csrf.nse +++ b/scripts/http-csrf.nse @@ -110,7 +110,7 @@ action = function(host, port) path = target else - status, r = crawler:crawl() + local status, r = crawler:crawl() -- if the crawler fails it can be due to a number of different reasons -- most of them are "legitimate" and should not be reason to abort if (not(status)) then diff --git a/scripts/http-devframework.nse b/scripts/http-devframework.nse index 03f468800..41f04d569 100644 --- a/scripts/http-devframework.nse +++ b/scripts/http-devframework.nse @@ -42,11 +42,13 @@ author = "George Chatzisofroniou" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" local http = require "http" +local nmap = require "nmap" local shortport = require "shortport" local stdnse = require "stdnse" local table = require "table" local string = require "string" local httpspider = require "httpspider" +local _G = require "_G" portrule = shortport.port_or_service( {80, 443}, {"http", "https"}, "tcp", "open") @@ -113,7 +115,7 @@ action = function(host, port) local response, path - status, r = crawler:crawl() + local status, r = crawler:crawl() -- if the crawler fails it can be due to a number of different reasons -- most of them are "legitimate" and should not be reason to abort if (not(status)) then diff --git a/scripts/http-dombased-xss.nse b/scripts/http-dombased-xss.nse index 38d878e82..20daa99bc 100644 --- a/scripts/http-dombased-xss.nse +++ b/scripts/http-dombased-xss.nse @@ -91,7 +91,7 @@ action = function(host, port) path = target else - status, r = crawler:crawl() + local status, r = crawler:crawl() -- if the crawler fails it can be due to a number of different reasons -- most of them are "legitimate" and should not be reason to abort if (not(status)) then diff --git a/scripts/http-errors.nse b/scripts/http-errors.nse index fbb35fe36..4d89f9e97 100644 --- a/scripts/http-errors.nse +++ b/scripts/http-errors.nse @@ -88,7 +88,7 @@ action = function(host, port) local response, path - status, r = crawler:crawl() + local status, r = crawler:crawl() -- if the crawler fails it can be due to a number of different reasons -- most of them are "legitimate" and should not be reason to abort if (not(status)) then diff --git a/scripts/http-feed.nse b/scripts/http-feed.nse index 106d1548a..fe0b17722 100644 --- a/scripts/http-feed.nse +++ b/scripts/http-feed.nse @@ -59,11 +59,10 @@ local findFeeds = function(body, path) local c = string.match(body, pf) if c then + local v = "" -- Try to find feed's version. if string.match(c, f["version"]) then v = " (version " .. string.match(c, f["version"]) .. ")" - else - v = "" end feedsfound[path] = _ .. v .. ": " end @@ -102,7 +101,7 @@ action = function(host, port) local index, k, target, response, path while (true) do - status, r = crawler:crawl() + local status, r = crawler:crawl() -- if the crawler fails it can be due to a number of different reasons -- most of them are "legitimate" and should not be reason to abort if (not(status)) then diff --git a/scripts/http-fileupload-exploiter.nse b/scripts/http-fileupload-exploiter.nse index 92531f7d4..efd1064e7 100644 --- a/scripts/http-fileupload-exploiter.nse +++ b/scripts/http-fileupload-exploiter.nse @@ -55,6 +55,7 @@ author = "George Chatzisofroniou" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" local http = require "http" +local io = require "io" local string = require "string" local httpspider = require "httpspider" local shortport = require "shortport" @@ -106,7 +107,7 @@ local function UploadRequest(host, port, submission, partofrequest, name, filena success = 0; make = function(self) - options = { header={} } + local options = { header={} } options['header']['Content-Type'] = "multipart/form-data; boundary=AaB03x" options['content'] = self.partofrequest .. '--AaB03x\nContent-Disposition: form-data; name="' .. self.name .. '"; filename="' .. self.filename .. '"\nContent-Type: ' .. self.mime .. '\n\n' .. self.payload .. '\n--AaB03x--' @@ -119,7 +120,7 @@ local function UploadRequest(host, port, submission, partofrequest, name, filena checkPayload = function(self, uploadspaths) for _, uploadpath in ipairs(uploadspaths) do - response = http.get(host, port, uploadpath .. '/' .. filename, { no_cache = true } ) + local response = http.get(host, port, uploadpath .. '/' .. filename, { no_cache = true } ) if response.status ~= 404 then if (response.body:match(self.check)) then @@ -260,6 +261,7 @@ action = function(host, port) local action_absolute = string.find(form["action"], "https*://") -- Determine the path where the form needs to be submitted. + local submission if action_absolute then submission = form["action"] else @@ -270,7 +272,7 @@ action = function(host, port) foundform = 1 - partofrequest, filefield = prepareRequest(form["fields"], fieldvalues) + local partofrequest, filefield = prepareRequest(form["fields"], fieldvalues) if filefield ~= 0 then diff --git a/scripts/http-iis-short-name-brute.nse b/scripts/http-iis-short-name-brute.nse index 91a9650fe..2bdd32385 100644 --- a/scripts/http-iis-short-name-brute.nse +++ b/scripts/http-iis-short-name-brute.nse @@ -51,6 +51,7 @@ categories = {"intrusive", "brute"} local stdnse = require "stdnse" local shortport = require "shortport" +local table = require "table" local http = require "http" local vulns = require "vulns" @@ -169,7 +170,7 @@ cause a denial of service condition. end --Vulnerable! if #files>0 or #folders>0 then - results = {} + local results = {} table.insert(results, folders) table.insert(results, files) vuln.state = vulns.STATE.EXPLOIT diff --git a/scripts/http-mobileversion-checker.nse b/scripts/http-mobileversion-checker.nse index c8c42ee64..4773e164b 100644 --- a/scripts/http-mobileversion-checker.nse +++ b/scripts/http-mobileversion-checker.nse @@ -48,7 +48,7 @@ getLastLoc = function(host, port, useragent) options['header']['User-Agent'] = useragent - response = http.get(host, port, '/', options) + local response = http.get(host, port, '/', options) if response.location then return response.location[#response.location] or false @@ -67,13 +67,13 @@ action = function(host, port) -- We don't crawl any site. We initialize a crawler to use its iswithinhost method. local crawler = httpspider.Crawler:new(host, port, '/', { scriptname = SCRIPT_NAME } ) - loc = getLastLoc(host, port, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17") - mobloc = getLastLoc(host, port, "Mozilla/5.0 (Linux; U; Android 4.0.3; ko-kr; LG-L160L Build/IML74K) AppleWebkit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30") + local loc = getLastLoc(host, port, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17") + local mobloc = getLastLoc(host, port, "Mozilla/5.0 (Linux; U; Android 4.0.3; ko-kr; LG-L160L Build/IML74K) AppleWebkit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30") -- If the mobile browser request is redirected to a different page, that must be the mobile version's page. if loc ~= mobloc then - msg = "Found mobile version: " .. mobloc - mobhost = http.parse_url(mobloc) + local msg = "Found mobile version: " .. mobloc + local mobhost = http.parse_url(mobloc) if not crawler:iswithinhost(mobhost.host) then msg = msg .. " (Redirected to a different host)" if newtargets then diff --git a/scripts/http-phpmyadmin-dir-traversal.nse b/scripts/http-phpmyadmin-dir-traversal.nse index 8e20a0580..868d1b802 100644 --- a/scripts/http-phpmyadmin-dir-traversal.nse +++ b/scripts/http-phpmyadmin-dir-traversal.nse @@ -1,6 +1,8 @@ local shortport = require "shortport" local stdnse = require "stdnse" +local string = require "string" local http = require "http" +local io = require "io" local vulns = require "vulns" description = [[ @@ -92,12 +94,11 @@ local DEFAULT_DIR = "/phpMyAdmin-2.6.4-pl1/" local EXPLOIT_PATH = "libraries/grab_globals.lib.php" action = function(host, port) - local response, dir, file - dir = stdnse.get_script_args("http-phpmyadmin-dir-traversal.dir") or DEFAULT_DIR - evil_uri = dir..EXPLOIT_PATH - rfile = stdnse.get_script_args("http-phpmyadmin-dir-traversal.file") or DEFAULT_FILE - evil_postdata = EXPLOIT_QUERY:format(rfile) - filewrite = stdnse.get_script_args(SCRIPT_NAME..".outfile") + local dir = stdnse.get_script_args("http-phpmyadmin-dir-traversal.dir") or DEFAULT_DIR + local evil_uri = dir..EXPLOIT_PATH + local rfile = stdnse.get_script_args("http-phpmyadmin-dir-traversal.file") or DEFAULT_FILE + local evil_postdata = EXPLOIT_QUERY:format(rfile) + local filewrite = stdnse.get_script_args(SCRIPT_NAME..".outfile") stdnse.print_debug(1, "%s: HTTP POST %s%s", SCRIPT_NAME, stdnse.get_hostname(host), evil_uri) stdnse.print_debug(1, "%s: POST DATA %s", SCRIPT_NAME, evil_postdata) @@ -117,7 +118,7 @@ action = function(host, port) } local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port) - response = http.post(host, port, evil_uri, + local response = http.post(host, port, evil_uri, {header = {["Content-Type"] = "application/x-www-form-urlencoded"}}, nil, evil_postdata) if response.body and response.status==200 then stdnse.print_debug(1, "%s: response : %s", SCRIPT_NAME, response.body) diff --git a/scripts/http-stored-xss.nse b/scripts/http-stored-xss.nse index d0aa07421..162f03673 100644 --- a/scripts/http-stored-xss.nse +++ b/scripts/http-stored-xss.nse @@ -57,6 +57,7 @@ author = "George Chatzisofroniou" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" local http = require "http" +local io = require "io" local string = require "string" local httpspider = require "httpspider" local shortport = require "shortport" @@ -90,9 +91,8 @@ local makeRequests = function(host, port, submission, fields, fieldvalues) for __, field in ipairs(fields) do if field["type"] == "text" or field["type"] == "textarea" or field["type"] == "radio" or field["type"] == "checkbox" then - if fieldvalues[field["name"]] ~= nil then - value = fieldvalues[field["name"]] - else + local value = fieldvalues[field["name"]] + if value == nil then value = p.vector end @@ -121,10 +121,10 @@ end -- Check if the payloads were succesfull by checking the content of pages in the uploadspaths array. local checkRequests = function(body, target) - output = {} + local output = {} for _, p in ipairs(payloads) do if checkPayload(body, p.vector) then - report = " Payload: " .. p.vector .. "\n\t Uploaded on: " .. target + local report = " Payload: " .. p.vector .. "\n\t Uploaded on: " .. target if p.description then report = report .. "\n\t Description: " .. p.description end @@ -207,6 +207,7 @@ action = function(host, port) local action_absolute = string.find(form["action"], "https*://") -- Determine the path where the form needs to be submitted. + local submission if action_absolute then submission = form["action"] else diff --git a/scripts/http-useragent-tester.nse b/scripts/http-useragent-tester.nse index dcbdd476c..c8c964ef3 100644 --- a/scripts/http-useragent-tester.nse +++ b/scripts/http-useragent-tester.nse @@ -72,7 +72,7 @@ getLastLoc = function(host, port, useragent) stdnse.print_debug(2, "Making a request with User-Agent: " .. useragent) - response = http.get(host, port, '/', options) + local response = http.get(host, port, '/', options) if response.location then return response.location[#response.location] or false @@ -92,7 +92,7 @@ action = function(host, port) -- We don't crawl any site. We initialize a crawler to use its iswithinhost method. local crawler = httpspider.Crawler:new(host, port, '/', { scriptname = SCRIPT_NAME } ) - HTTPlibs = {"libwww", + local HTTPlibs = {"libwww", "lwp-trivial", "libcurl-agent/1.0", "PHP/", @@ -117,18 +117,18 @@ action = function(host, port) end -- We perform a normal browser request and get the returned location - loc = getLastLoc(host, port, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17") + local loc = getLastLoc(host, port, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17") - allowed, forb = {}, {} + local allowed, forb = {}, {} for _, l in ipairs(HTTPlibs) do - libloc = getLastLoc(host, port, l) + local libloc = getLastLoc(host, port, l) -- If the library's request returned a different location, that means the request was redirected somewhere else, hence is forbidden. if loc ~= libloc then - msg = l .. " redirected to: " .. libloc - libhost = http.parse_url(libloc) + local msg = l .. " redirected to: " .. libloc + local libhost = http.parse_url(libloc) if not crawler:iswithinhost(libhost.host) then msg = msg .. " (different host)" if newtargets then diff --git a/scripts/http-vhosts.nse b/scripts/http-vhosts.nse index de9b12906..2e7a59bf7 100644 --- a/scripts/http-vhosts.nse +++ b/scripts/http-vhosts.nse @@ -1,5 +1,6 @@ local coroutine = require "coroutine" local http = require "http" +local io = require "io" local nmap = require "nmap" local shortport = require "shortport" local stdnse = require "stdnse" diff --git a/scripts/http-xssed.nse b/scripts/http-xssed.nse index a8c467efb..7fe49ae3a 100644 --- a/scripts/http-xssed.nse +++ b/scripts/http-xssed.nse @@ -28,6 +28,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"safe", "external", "discovery"} local http = require "http" +local nmap = require "nmap" local shortport = require "shortport" local stdnse = require "stdnse" local table = require "table" @@ -46,19 +47,19 @@ action = function(host, port) local fixed, unfixed - target = XSSED_SEARCH .. host.targetname + local target = XSSED_SEARCH .. host.targetname -- Only one instantiation of the script should ping xssed at once. local mutex = nmap.mutex("http-xssed") mutex "lock" - response = http.get(XSSED_SITE, 80, target) + local response = http.get(XSSED_SITE, 80, target) if string.find(response.body, XSSED_FOUND) then fixed = {} unfixed = {} for m in string.gmatch(response.body, XSSED_MIRROR) do - mirror = http.get(XSSED_SITE, 80, m) + local mirror = http.get(XSSED_SITE, 80, m) for v in string.gmatch(mirror.body, XSSED_URL) do if string.find(mirror.body, XSSED_FIXED) then table.insert(fixed, "\t" .. v .. "\n") diff --git a/scripts/ip-geolocation-maxmind.nse b/scripts/ip-geolocation-maxmind.nse index 3f71b3ea9..39caaf793 100644 --- a/scripts/ip-geolocation-maxmind.nse +++ b/scripts/ip-geolocation-maxmind.nse @@ -2,6 +2,7 @@ local bit = require "bit" local io = require "io" local ipOps = require "ipOps" local math = require "math" +local nmap = require "nmap" local stdnse = require "stdnse" local table = require "table" diff --git a/scripts/murmur-version.nse b/scripts/murmur-version.nse index 708f44d03..b59fc47d3 100644 --- a/scripts/murmur-version.nse +++ b/scripts/murmur-version.nse @@ -71,6 +71,7 @@ action = function(host, port) end -- Detected; extract relevant data + local _ _, r.v_a, r.v_b, r.v_c, _, r.users, r.maxusers, r.bandwidth = bin.unpack(">CCCLIII", result, 2) end diff --git a/scripts/qconn-exec.nse b/scripts/qconn-exec.nse index 17e2cb9b8..6d26b0ac3 100644 --- a/scripts/qconn-exec.nse +++ b/scripts/qconn-exec.nse @@ -1,6 +1,7 @@ local comm = require("comm") local vulns = require("vulns") local stdnse = require("stdnse") +local string = require("string") local shortport = require("shortport") description = [[ diff --git a/scripts/rfc868-time.nse b/scripts/rfc868-time.nse index e0008638e..e7e486db0 100644 --- a/scripts/rfc868-time.nse +++ b/scripts/rfc868-time.nse @@ -37,7 +37,7 @@ action = function(host, port) _, stamp = bin.unpack(">I", result) port.version.extrainfo = "64 bits" else - stdnse.print_debug(1, "Odd response: %s", stdnse.filename_escape(response)) + stdnse.print_debug(1, "Odd response: %s", stdnse.filename_escape(result)) return nil end diff --git a/scripts/smb-psexec.nse b/scripts/smb-psexec.nse index b8e2bb233..668057e07 100644 --- a/scripts/smb-psexec.nse +++ b/scripts/smb-psexec.nse @@ -530,7 +530,7 @@ local function locate_file(filename, extension) -- check for absolute path or relative to current directory if(filename_full == nil) then - f, err = io.open(filename, "rb") + local f, err = io.open(filename, "rb") if f == nil then stdnse.print_debug(1, "%s: Error opening %s: %s", SCRIPT_NAME, filename, err) f, err = io.open(filename .. "." .. extension, "rb") diff --git a/scripts/socks-open-proxy.nse b/scripts/socks-open-proxy.nse index 3b4dc639b..ed45419a8 100644 --- a/scripts/socks-open-proxy.nse +++ b/scripts/socks-open-proxy.nse @@ -50,7 +50,7 @@ categories = {"default", "discovery", "external", "safe"} -- @return status If any request succeeded -- @return response Table with supported methods local function custom_test(host, port, test_url, pattern) - local status4, status5, fstatus + local status4, status5, fstatus, cstatus4, cstatus5 local get_r4, get_r5 local methods local response = {} @@ -133,7 +133,7 @@ local function default_test(host, port) if not (cstatus4 or cstatus5) then return false, nil end stdnse.print_debug("Test 2 - Wikipedia.org: Received valid status codes, but pattern does not match") - redir_check_get = get_r4 or get_r5 + local redir_check_get = get_r4 or get_r5 test_url = "/" hostname = "www.computerhistory.org" diff --git a/scripts/ssh-hostkey.nse b/scripts/ssh-hostkey.nse index ba4d671ee..6abda95d4 100644 --- a/scripts/ssh-hostkey.nse +++ b/scripts/ssh-hostkey.nse @@ -5,6 +5,7 @@ local shortport = require "shortport" local ssh1 = require "ssh1" local ssh2 = require "ssh2" local stdnse = require "stdnse" +local string = require "string" local table = require "table" local base64 = require "base64" @@ -146,7 +147,7 @@ local function check_keys(host, keys, f) local hostname = host.name == "" and nil or host.name local possible_host_names = {hostname or nil, host.ip or nil, (hostname and host.ip) and ("%s,%s"):format(hostname, host.ip) or nil} for _p, parts in ipairs(f) do - lnumber = parts.linenumber + local lnumber = parts.linenumber parts = parts.entry local foundhostname = false if #parts >= 3 then diff --git a/scripts/ssh2-enum-algos.nse b/scripts/ssh2-enum-algos.nse index 121fd18e8..6241ab1f8 100644 --- a/scripts/ssh2-enum-algos.nse +++ b/scripts/ssh2-enum-algos.nse @@ -1,6 +1,7 @@ local nmap = require "nmap" local shortport = require "shortport" local stdnse = require "stdnse" +local string = require "string" local table = require "table" local openssl = stdnse.silent_require "openssl" diff --git a/scripts/sslv2.nse b/scripts/sslv2.nse index 98ddb5131..b0e0662e3 100644 --- a/scripts/sslv2.nse +++ b/scripts/sslv2.nse @@ -228,7 +228,7 @@ action = function(host, port) available_ciphers = ciphers(cipher_list, ciphers_len); -- actually run some tests: - o = stdnse.output_table() + local o = stdnse.output_table() if (ssl_version == string.char(0x00, 0x02)) then table.insert(o, "SSLv2 supported") o["ciphers"] = available_ciphers diff --git a/scripts/teamspeak2-version.nse b/scripts/teamspeak2-version.nse index ca3ec1eb7..c1e5607a3 100644 --- a/scripts/teamspeak2-version.nse +++ b/scripts/teamspeak2-version.nse @@ -3,6 +3,7 @@ local shortport = require "shortport" local nmap = require "nmap" local bin = require "bin" local stdnse = require "stdnse" +local string = require "string" description = [[ Detects the TeamSpeak 2 voice communication server and attempts to determine version and configuration information. @@ -44,7 +45,7 @@ action = function(host, port) if name == "" then port.version.version = "2" else - _, v_a, v_b, v_c, v_d = bin.unpack("