Fixed global assignments with nse_check_globals

All fixes made by hand. A couple real bugs/errors fixed, due to
copy-paste of code from other scripts without changing variable names.

nselib/data/http-devframework-fingerprints.lua

@@ -1,4 +1,6 @@
 local http = require "http"
+local io = require "io"
+local string = require "string"
 local table = require "table"
 local url = require "url"
 
@@ -20,7 +22,7 @@ local url = require "url"
 tools = { Django = { rapidDetect = function(host, port)
 
                             -- Check if the site gives that familiar Django admin login page.
-                            response = http.get(host, port, "/admin/")
+                            local response = http.get(host, port, "/admin/")
 
                             if response.body then
                                 if string.find(response.body, "Log in | Django site admin") or 
@@ -70,7 +72,7 @@ tools = { Django = { rapidDetect = function(host, port)
 
                 RubyOnRails = { rapidDetect = function(host, port)
 
-                            response = http.get(host, port, "/")
+                            local response = http.get(host, port, "/")
 
                             -- Check for Mongrel or Passenger in the "Server" or "X-Powered-By" header
                             for h, v in pairs(response.header) do
@@ -118,11 +120,11 @@ tools = { Django = { rapidDetect = function(host, port)
 
                 ASPdotNET = { rapidDetect = function(host, port)
 
-                            response = http.get(host, port, "/")
+                            local response = http.get(host, port, "/")
 
                             -- Look for an ASP.NET header.
                             for h, v in pairs(response.header) do
-                                vl = v:lower()
+                                local vl = v:lower()
                                 if h == "x-aspnet-version" or string.find(vl, "asp") then
                                     return "ASP.NET detected. Found related header."
                                 end
@@ -154,7 +156,7 @@ tools = { Django = { rapidDetect = function(host, port)
                 CodeIgniter = { rapidDetect = function(host, port)
 
                             -- Match default error page.
-                            response = http.get(host, port, "/random404page/")
+                            local response = http.get(host, port, "/random404page/")
 
                             if response.body then
                                 if string.find(response.body, "#990000") and
@@ -174,10 +176,10 @@ tools = { Django = { rapidDetect = function(host, port)
 
 
                             -- Find CAKEPHP header.
-                            response = http.get(host, port, "/")
+                            local response = http.get(host, port, "/")
 
                             for h, v in pairs(response.header) do
-                                vl = v:lower()
+                                local vl = v:lower()
                                 if string.find(vl, "cakephp") then
                                     return "CakePHP detected. Found related header."
                                 end
@@ -193,10 +195,10 @@ tools = { Django = { rapidDetect = function(host, port)
                 Symfony = { rapidDetect = function(host, port)
 
                             -- Find Symfony header.
-                            response = http.get(host, port, "/")
+                            local response = http.get(host, port, "/")
 
                             for h, v in pairs(response.header) do
-                                vl = v:lower()
+                                local vl = v:lower()
                                 if string.find(vl, "symfony") then
                                     return "Symfony detected. Found related header."
                                 end
@@ -212,7 +214,7 @@ tools = { Django = { rapidDetect = function(host, port)
                 Wordpress = { rapidDetect = function(host, port)
 
                             -- Check for common traces in the source code.
-                            response = http.get(host, port, "/")
+                            local response = http.get(host, port, "/")
 
                             if response.body then
                                 if string.find(response.body, "content=[\"']WordPress") or 
@@ -243,7 +245,7 @@ tools = { Django = { rapidDetect = function(host, port)
 
 
                             -- Check for common traces in the source code.
-                            response = http.get(host, port, "/")
+                            local response = http.get(host, port, "/")
 
                             if response.body then
                                 if string.find(response.body, "content=[\"']Joomla!") then
@@ -270,7 +272,7 @@ tools = { Django = { rapidDetect = function(host, port)
                 Drupal = { rapidDetect = function(host, port)
 
                             -- Check for common traces in the source code.
-                            response = http.get(host, port, "/")
+                            local response = http.get(host, port, "/")
 
                             if response.body then
                                 if string.find(response.body, "content=[\"']Drupal") then
@@ -289,7 +291,7 @@ tools = { Django = { rapidDetect = function(host, port)
                 MediaWiki = { rapidDetect = function(host, port)
 
                             -- Check for common traces in the source code.
-                            response = http.get(host, port, "/")
+                            local response = http.get(host, port, "/")
 
                             if response.body then
                                 if string.find(response.body, "content=[\"']MediaWiki") or 
@@ -309,7 +311,7 @@ tools = { Django = { rapidDetect = function(host, port)
 
                 ColdFusion = { rapidDetect = function(host, port)
 
-                            response = http.get(host, port, "/")
+                            local response = http.get(host, port, "/")
 
                             if response.cookies then
                                 for _, c in pairs(response.cookies) do
@@ -327,7 +329,7 @@ tools = { Django = { rapidDetect = function(host, port)
 
                 Broadvision = { rapidDetect = function(host, port)
 
-                            response = http.get(host, port, "/")
+                            local response = http.get(host, port, "/")
 
                             if response.cookies then
                                 for _, c in pairs(response.cookies) do
@@ -345,7 +347,7 @@ tools = { Django = { rapidDetect = function(host, port)
 
                 WebSphereCommerce = { rapidDetect = function(host, port)
 
-                            response = http.get(host, port, "/")
+                            local response = http.get(host, port, "/")
 
                             if response.cookies then
                                 for _, c in pairs(response.cookies) do

nselib/data/http-fingerprints.lua

@@ -1,3 +1,5 @@
+local io = require "io"
+local string = require "string"
 local table = require "table"
 
 ---HTTP Fingerprint files, compiled by Ron Bowes with a special thanks to...

nselib/data/packetdecoders.lua

@@ -2,6 +2,7 @@ local bin = require "bin"
 local packet = require "packet"
 local stdnse = require "stdnse"
 local tab = require "tab"
+local table = require "table"
 local target = require "target"
 
 --- The following file contains a list of decoders used by the

nselib/formulas.lua

@@ -17,7 +17,10 @@
 -- @copyright Same as Nmap--See http://nmap.org/book/man-legal.html
 ---
 
+local bin = require "bin"
+local math = require "math"
 local stdnse = require "stdnse"
+local string = require "string"
 local table = require "table"
 
 _ENV = stdnse.module("formulas", stdnse.seeall)

nselib/httpspider.lua

@@ -569,13 +569,13 @@ Crawler = {
     -- @param u URL that points to the resource we want to check. 
     iswithindomain = function(self, u)
         local parsed_u = url.parse(tostring(u))             
-        if ( o.base_url:getPort() ~= 80 and o.base_url:getPort() ~= 443 ) then
+        if ( self.options.base_url:getPort() ~= 80 and self.options.base_url:getPort() ~= 443 ) then
-            if ( tonumber(parsed_u.port) ~= tonumber(o.base_url:getPort()) ) then
+            if ( tonumber(parsed_u.port) ~= tonumber(self.options.base_url:getPort()) ) then
                 return false
             end
-        elseif ( parsed_u.scheme ~= o.base_url:getProto() ) then
+        elseif ( parsed_u.scheme ~= self.options.base_url:getProto() ) then
             return false
-        elseif ( parsed_u.host == nil or parsed_u.host:sub(-#o.base_url:getDomain()):lower() ~= o.base_url:getDomain():lower() ) then
+        elseif ( parsed_u.host == nil or parsed_u.host:sub(-#self.options.base_url:getDomain()):lower() ~= self.options.base_url:getDomain():lower() ) then
             return false
         end
         return true
@@ -592,8 +592,8 @@ Crawler = {
             return true
         end
 
+        local signstring = ""
         if signs then
-            signstring = ""
             for _, s in signs do
              signstring = signstring .. s
             end 

nselib/ssh1.lua

@@ -8,9 +8,13 @@
 
 local bin = require "bin"
 local bit = require "bit"
+local io = require "io"
 local math = require "math"
 local nmap = require "nmap"
+local os = require "os"
 local stdnse = require "stdnse"
+local string = require "string"
+local table = require "table"
 local openssl = stdnse.silent_require "openssl"
 _ENV = stdnse.module("ssh1", stdnse.seeall)
 
@@ -217,7 +221,7 @@ end
 -- UserKnownHostsFile is specified, open that known_hosts.
 -- (3) Otherwise, open ~/.ssh/known_hosts.
 parse_known_hosts_file = function(path)
-    common_paths = {}
+    local common_paths = {}
     local f, knownhostspath
 
     if path and io.open(path) then
@@ -243,13 +247,13 @@ parse_known_hosts_file = function(path)
         return
     end
 
-    known_host_entries = {} 
+    local known_host_entries = {}
-    lnumber = 0
+    local lnumber = 0
 
     for l in io.lines(knownhostspath) do
         lnumber = lnumber + 1
         if l and string.sub(l, 1, 1) ~= "#" then
-            parts = stdnse.strsplit(" ", l)
+            local parts = stdnse.strsplit(" ", l)
             table.insert(known_host_entries, {entry=parts, linenumber=lnumber})
         end
     end

scripts/dns-ip6-arpa-scan.nse

@@ -3,6 +3,7 @@ local dns = require "dns"
 local ipOps = require "ipOps"
 local nmap = require "nmap"
 local stdnse = require "stdnse"
+local string = require "string"
 local tab = require "tab"
 local table = require "table"
 

scripts/domino-enum-users.nse

@@ -103,7 +103,7 @@ action = function(host, port)
 		helper:disconnect()
 		
 		if ( status and data and path ) then
-			local filename = path .. "/" .. stdnse.filename_escape(u_details.fullname .. ".id")
+			local filename = path .. "/" .. stdnse.filename_escape(username .. ".id")
 			local status, err = saveIDFile( filename, data )
 			
 			if ( status ) then

scripts/hadoop-secondary-namenode-info.nse

@@ -1,4 +1,5 @@
 local http = require "http"
+local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
 local string = require "string"

scripts/hostmap-ip2hosts.nse

@@ -46,8 +46,10 @@ categories = {"external", "discovery"}
 
 local dns = require "dns"
 local ipOps = require "ipOps"
+local io = require "io"
 local http = require "http"
 local stdnse = require "stdnse"
+local string = require "string"
 local target = require "target"
 
 local HOSTMAP_BING_SERVER = "www.ip2hosts.com"

scripts/http-adobe-coldfusion-apsa1301.nse

@@ -23,6 +23,7 @@ categories = {"exploit", "vuln"}
 local http = require "http"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
+local string = require "string"
 local url = require "url"
 
 portrule = shortport.http

scripts/http-coldfusion-subzero.nse

@@ -35,7 +35,9 @@ categories = {"exploit"}
 local http = require "http"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
+local string = require "string"
 local url = require "url"
+local openssl = stdnse.silent_require "openssl"
 
 portrule = shortport.http
 

scripts/http-comments-displayer.nse

@@ -59,7 +59,7 @@ local getLineNumber = function(body, comment)
 
     local partofresponse = body:find(comment, 1, true)
     partofresponse = body:sub(0, partofresponse)
-    _, count = string.gsub(partofresponse, "\n", "\n")
+    local _, count = string.gsub(partofresponse, "\n", "\n")
 
     return count + 1
 
@@ -103,7 +103,7 @@ action = function(host, port)
             path = target
 
         else
-            status, r = crawler:crawl()
+            local status, r = crawler:crawl()
             -- if the crawler fails it can be due to a number of different reasons
             -- most of them are "legitimate" and should not be reason to abort
             if (not(status)) then

scripts/http-csrf.nse

@@ -110,7 +110,7 @@ action = function(host, port)
             path = target
 
         else
-            status, r = crawler:crawl()
+            local status, r = crawler:crawl()
             -- if the crawler fails it can be due to a number of different reasons
             -- most of them are "legitimate" and should not be reason to abort
             if (not(status)) then

scripts/http-devframework.nse

@@ -42,11 +42,13 @@ author = "George Chatzisofroniou"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
 local http = require "http"
+local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
 local table = require "table"
 local string = require "string"
 local httpspider = require "httpspider"
+local _G = require "_G"
 
 portrule = shortport.port_or_service( {80, 443}, {"http", "https"}, "tcp", "open")
 
@@ -113,7 +115,7 @@ action = function(host, port)
 
         local response, path
 
-        status, r = crawler:crawl()
+        local status, r = crawler:crawl()
         -- if the crawler fails it can be due to a number of different reasons
         -- most of them are "legitimate" and should not be reason to abort
         if (not(status)) then

scripts/http-dombased-xss.nse

@@ -91,7 +91,7 @@ action = function(host, port)
             path = target
 
         else
-            status, r = crawler:crawl()
+            local status, r = crawler:crawl()
             -- if the crawler fails it can be due to a number of different reasons
             -- most of them are "legitimate" and should not be reason to abort
             if (not(status)) then

scripts/http-errors.nse

@@ -88,7 +88,7 @@ action = function(host, port)
  
         local response, path
         
-        status, r = crawler:crawl()
+        local status, r = crawler:crawl()
         -- if the crawler fails it can be due to a number of different reasons
         -- most of them are "legitimate" and should not be reason to abort
         if (not(status)) then

scripts/http-feed.nse

@@ -59,11 +59,10 @@ local findFeeds = function(body, path)
                     local c = string.match(body, pf) 
 
                     if c then
+                      local v = ""
                         -- Try to find feed's version.
                         if string.match(c, f["version"]) then
                             v = " (version " .. string.match(c, f["version"]) .. ")"
-                        else
-                            v = ""
                         end 
                         feedsfound[path] =  _ .. v .. ": "
                     end
@@ -102,7 +101,7 @@ action = function(host, port)
     local index, k, target, response, path
     while (true) do
   
-        status, r = crawler:crawl()
+        local status, r = crawler:crawl()
         -- if the crawler fails it can be due to a number of different reasons
         -- most of them are "legitimate" and should not be reason to abort
         if (not(status)) then

scripts/http-fileupload-exploiter.nse

@@ -55,6 +55,7 @@ author = "George Chatzisofroniou"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
 local http = require "http"
+local io = require "io"
 local string = require "string"
 local httpspider = require "httpspider"
 local shortport = require "shortport"
@@ -106,7 +107,7 @@ local function UploadRequest(host, port, submission, partofrequest, name, filena
         success = 0;
 
         make = function(self)
-            options = { header={} }
+            local options = { header={} }
             options['header']['Content-Type'] = "multipart/form-data; boundary=AaB03x"
             options['content'] = self.partofrequest .. '--AaB03x\nContent-Disposition: form-data; name="' .. self.name .. '"; filename="' .. self.filename .. '"\nContent-Type: ' .. self.mime .. '\n\n' .. self.payload .. '\n--AaB03x--'
  
@@ -119,7 +120,7 @@ local function UploadRequest(host, port, submission, partofrequest, name, filena
 
         checkPayload = function(self, uploadspaths)
             for _, uploadpath in ipairs(uploadspaths) do
-                response = http.get(host, port, uploadpath .. '/' .. filename, { no_cache = true } )
+                local response = http.get(host, port, uploadpath .. '/' .. filename, { no_cache = true } )
  
                 if response.status ~= 404 then
                     if (response.body:match(self.check)) then
@@ -260,6 +261,7 @@ action = function(host, port)
                     local action_absolute = string.find(form["action"], "https*://")
               
                     -- Determine the path where the form needs to be submitted.
+                    local submission
                     if action_absolute then
                         submission = form["action"]
                     else    
@@ -270,7 +272,7 @@ action = function(host, port)
 
                     foundform = 1
 
-                    partofrequest, filefield = prepareRequest(form["fields"], fieldvalues)
+                    local partofrequest, filefield = prepareRequest(form["fields"], fieldvalues)
 
                     if filefield ~= 0 then
 

scripts/http-iis-short-name-brute.nse

@@ -51,6 +51,7 @@ categories = {"intrusive", "brute"}
 
 local stdnse    = require "stdnse"
 local shortport = require "shortport"
+local table = require "table"
 local http      = require "http"
 local vulns = require "vulns"
 
@@ -169,7 +170,7 @@ cause a denial of service condition.
   end
   --Vulnerable!
   if #files>0 or #folders>0 then
-    results = {}
+    local results = {}
     table.insert(results, folders)
     table.insert(results, files)
     vuln.state = vulns.STATE.EXPLOIT

scripts/http-mobileversion-checker.nse

@@ -48,7 +48,7 @@ getLastLoc = function(host, port, useragent)
 
     options['header']['User-Agent'] = useragent
 
-    response = http.get(host, port, '/', options)
+    local response = http.get(host, port, '/', options)
 
     if response.location then
         return response.location[#response.location] or false
@@ -67,13 +67,13 @@ action = function(host, port)
     -- We don't crawl any site. We initialize a crawler to use its iswithinhost method.
     local crawler = httpspider.Crawler:new(host, port, '/', { scriptname = SCRIPT_NAME } )
 
-    loc = getLastLoc(host, port, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17")
+    local loc = getLastLoc(host, port, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17")
-    mobloc = getLastLoc(host, port, "Mozilla/5.0 (Linux; U; Android 4.0.3; ko-kr; LG-L160L Build/IML74K) AppleWebkit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30") 
+    local mobloc = getLastLoc(host, port, "Mozilla/5.0 (Linux; U; Android 4.0.3; ko-kr; LG-L160L Build/IML74K) AppleWebkit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30")
 
     -- If the mobile browser request is redirected to a different page, that must be the mobile version's page.
     if loc ~= mobloc then
-        msg = "Found mobile version: " .. mobloc 
+        local msg = "Found mobile version: " .. mobloc
-        mobhost = http.parse_url(mobloc)
+        local mobhost = http.parse_url(mobloc)
         if not crawler:iswithinhost(mobhost.host) then    
             msg = msg .. " (Redirected to a different host)" 
             if newtargets then

scripts/http-phpmyadmin-dir-traversal.nse

@@ -1,6 +1,8 @@
 local shortport = require "shortport"
 local stdnse = require "stdnse"
+local string = require "string"
 local http = require "http"
+local io = require "io"
 local vulns = require "vulns"
 
 description = [[
@@ -92,12 +94,11 @@ local DEFAULT_DIR = "/phpMyAdmin-2.6.4-pl1/"
 local EXPLOIT_PATH = "libraries/grab_globals.lib.php"
 
 action = function(host, port)
-	local response, dir, file
+	local dir = stdnse.get_script_args("http-phpmyadmin-dir-traversal.dir") or DEFAULT_DIR
-	dir = stdnse.get_script_args("http-phpmyadmin-dir-traversal.dir") or DEFAULT_DIR
+	local evil_uri = dir..EXPLOIT_PATH
-	evil_uri = dir..EXPLOIT_PATH
+	local rfile = stdnse.get_script_args("http-phpmyadmin-dir-traversal.file") or DEFAULT_FILE
-	rfile = stdnse.get_script_args("http-phpmyadmin-dir-traversal.file") or DEFAULT_FILE
+	local evil_postdata = EXPLOIT_QUERY:format(rfile)
-	evil_postdata = EXPLOIT_QUERY:format(rfile)
+	local filewrite = stdnse.get_script_args(SCRIPT_NAME..".outfile")
-	filewrite = stdnse.get_script_args(SCRIPT_NAME..".outfile")
 	stdnse.print_debug(1, "%s: HTTP POST %s%s", SCRIPT_NAME, stdnse.get_hostname(host), evil_uri)
 	stdnse.print_debug(1, "%s: POST DATA %s", SCRIPT_NAME, evil_postdata)
 
@@ -117,7 +118,7 @@ action = function(host, port)
 	}
 	local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)
 	
-	response = http.post(host, port, evil_uri, 
+	local response = http.post(host, port, evil_uri,
 		{header = {["Content-Type"] = "application/x-www-form-urlencoded"}}, nil, evil_postdata)
 	if response.body and response.status==200 then
 		stdnse.print_debug(1, "%s: response : %s", SCRIPT_NAME, response.body)

scripts/http-stored-xss.nse

@@ -57,6 +57,7 @@ author = "George Chatzisofroniou"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
 local http = require "http"
+local io = require "io"
 local string = require "string"
 local httpspider = require "httpspider"
 local shortport = require "shortport"
@@ -90,9 +91,8 @@ local makeRequests = function(host, port, submission, fields, fieldvalues)
         for __, field in ipairs(fields) do
             if field["type"] == "text" or field["type"] == "textarea" or field["type"] == "radio" or field["type"] == "checkbox" then
                 
-                if fieldvalues[field["name"]] ~= nil then
+                local value = fieldvalues[field["name"]]
-                    value = fieldvalues[field["name"]]
+                if value == nil then
-                else
                     value = p.vector
                 end
               
@@ -121,10 +121,10 @@ end
 -- Check if the payloads were succesfull by checking the content of pages in the uploadspaths array.
 local checkRequests = function(body, target)
  
-    output = {}
+    local output = {}
     for _, p in ipairs(payloads) do
         if checkPayload(body, p.vector) then
-            report = " Payload: " .. p.vector .. "\n\t Uploaded on: " .. target
+            local report = " Payload: " .. p.vector .. "\n\t Uploaded on: " .. target
             if p.description then
                 report = report .. "\n\t Description: " .. p.description
             end
@@ -207,6 +207,7 @@ action = function(host, port)
                     local action_absolute = string.find(form["action"], "https*://")
               
                     -- Determine the path where the form needs to be submitted.
+                    local submission
                     if action_absolute then
                         submission = form["action"]
                     else    

scripts/http-useragent-tester.nse

@@ -72,7 +72,7 @@ getLastLoc = function(host, port, useragent)
 
     stdnse.print_debug(2, "Making a request with User-Agent: " .. useragent)
 
-    response = http.get(host, port, '/', options)
+    local response = http.get(host, port, '/', options)
 
     if response.location then
         return response.location[#response.location] or false
@@ -92,7 +92,7 @@ action = function(host, port)
     -- We don't crawl any site. We initialize a crawler to use its iswithinhost method.
     local crawler = httpspider.Crawler:new(host, port, '/', { scriptname = SCRIPT_NAME } )
 
-    HTTPlibs = {"libwww",
+    local HTTPlibs = {"libwww",
                 "lwp-trivial", 
                 "libcurl-agent/1.0", 
                 "PHP/", 
@@ -117,18 +117,18 @@ action = function(host, port)
     end
 
     -- We perform a normal browser request and get the returned location
-    loc = getLastLoc(host, port, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17")
+    local loc = getLastLoc(host, port, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17")
  
-    allowed, forb = {}, {}
+    local allowed, forb = {}, {}
 
     for _, l in ipairs(HTTPlibs) do
    
-        libloc = getLastLoc(host, port, l) 
+        local libloc = getLastLoc(host, port, l)
 
         -- If the library's request returned a different location, that means the request was redirected somewhere else, hence is forbidden. 
         if loc ~= libloc then
-            msg = l .. " redirected to: " .. libloc 
+            local msg = l .. " redirected to: " .. libloc
-            libhost = http.parse_url(libloc)
+            local libhost = http.parse_url(libloc)
             if not crawler:iswithinhost(libhost.host) then    
                 msg = msg .. " (different host)" 
                 if newtargets then

scripts/http-vhosts.nse

@@ -1,5 +1,6 @@
 local coroutine = require "coroutine"
 local http = require "http"
+local io = require "io"
 local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"

scripts/http-xssed.nse

@@ -28,6 +28,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 categories = {"safe", "external", "discovery"}
 
 local http = require "http"
+local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
 local table = require "table"
@@ -46,19 +47,19 @@ action = function(host, port)
 
     local fixed, unfixed
 
-    target = XSSED_SEARCH .. host.targetname
+    local target = XSSED_SEARCH .. host.targetname
 
     -- Only one instantiation of the script should ping xssed at once.
     local mutex = nmap.mutex("http-xssed")
     mutex "lock"
 
-    response = http.get(XSSED_SITE, 80, target)
+    local response = http.get(XSSED_SITE, 80, target)
     
     if string.find(response.body, XSSED_FOUND) then
         fixed = {}
         unfixed = {}
         for m in string.gmatch(response.body, XSSED_MIRROR) do
-            mirror = http.get(XSSED_SITE, 80, m)
+            local mirror = http.get(XSSED_SITE, 80, m)
             for v in string.gmatch(mirror.body, XSSED_URL) do
                 if string.find(mirror.body, XSSED_FIXED) then
                     table.insert(fixed, "\t" .. v .. "\n")

scripts/ip-geolocation-maxmind.nse

@@ -2,6 +2,7 @@ local bit = require "bit"
 local io = require "io"
 local ipOps = require "ipOps"
 local math = require "math"
+local nmap = require "nmap"
 local stdnse = require "stdnse"
 local table = require "table"
 

scripts/murmur-version.nse

@@ -71,6 +71,7 @@ action = function(host, port)
         end
 
         -- Detected; extract relevant data
+        local _
         _, r.v_a, r.v_b, r.v_c, _, r.users, r.maxusers, r.bandwidth =
             bin.unpack(">CCCLIII", result, 2)
     end

scripts/qconn-exec.nse

@@ -1,6 +1,7 @@
 local comm = require("comm")
 local vulns = require("vulns")
 local stdnse = require("stdnse")
+local string = require("string")
 local shortport = require("shortport")
 
 description = [[

scripts/rfc868-time.nse

@@ -37,7 +37,7 @@ action = function(host, port)
       _, stamp = bin.unpack(">I", result)
       port.version.extrainfo = "64 bits"
     else
-      stdnse.print_debug(1, "Odd response: %s", stdnse.filename_escape(response)) 
+      stdnse.print_debug(1, "Odd response: %s", stdnse.filename_escape(result))
       return nil
     end
 

scripts/smb-psexec.nse

@@ -530,7 +530,7 @@ local function locate_file(filename, extension)
 
   -- check for absolute path or relative to current directory
   if(filename_full == nil) then 
-    f, err = io.open(filename, "rb")
+    local f, err = io.open(filename, "rb")
     if f == nil then
       stdnse.print_debug(1, "%s: Error opening %s: %s", SCRIPT_NAME, filename, err)
       f, err = io.open(filename .. "." .. extension, "rb")

scripts/socks-open-proxy.nse

@@ -50,7 +50,7 @@ categories = {"default", "discovery", "external", "safe"}
 -- @return status If any request succeeded
 -- @return response Table with supported methods
 local function custom_test(host, port, test_url, pattern)
-  local status4, status5, fstatus
+  local status4, status5, fstatus, cstatus4, cstatus5
   local get_r4, get_r5
   local methods
   local response = {}
@@ -133,7 +133,7 @@ local function default_test(host, port)
   if not (cstatus4 or cstatus5) then return false, nil end
   stdnse.print_debug("Test 2 - Wikipedia.org: Received valid status codes, but pattern does not match")
   
-  redir_check_get = get_r4 or get_r5
+  local redir_check_get = get_r4 or get_r5
 
   test_url = "/"
   hostname = "www.computerhistory.org"

scripts/ssh-hostkey.nse

@@ -5,6 +5,7 @@ local shortport = require "shortport"
 local ssh1 = require "ssh1"
 local ssh2 = require "ssh2"
 local stdnse = require "stdnse"
+local string = require "string"
 local table = require "table"
 local base64 = require "base64"
 
@@ -146,7 +147,7 @@ local function check_keys(host, keys, f)
   local hostname = host.name == "" and nil or host.name
   local possible_host_names = {hostname or nil, host.ip or nil, (hostname and host.ip) and ("%s,%s"):format(hostname, host.ip) or nil}
   for _p, parts in ipairs(f) do
-    lnumber = parts.linenumber
+    local lnumber = parts.linenumber
     parts = parts.entry
     local foundhostname = false
     if #parts >= 3 then

scripts/ssh2-enum-algos.nse

@@ -1,6 +1,7 @@
 local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
+local string = require "string"
 local table = require "table"
 
 local openssl = stdnse.silent_require "openssl"

scripts/sslv2.nse

@@ -228,7 +228,7 @@ action = function(host, port)
 	available_ciphers = ciphers(cipher_list, ciphers_len);
 
 -- actually run some tests:
-  o = stdnse.output_table()
+  local o = stdnse.output_table()
 	if (ssl_version == string.char(0x00, 0x02)) then
     table.insert(o, "SSLv2 supported")
     o["ciphers"] = available_ciphers

scripts/teamspeak2-version.nse

@@ -3,6 +3,7 @@ local shortport = require "shortport"
 local nmap = require "nmap"
 local bin = require "bin"
 local stdnse = require "stdnse"
+local string = require "string"
 
 description = [[
 Detects the TeamSpeak 2 voice communication server and attempts to determine version and configuration information.
@@ -44,7 +45,7 @@ action = function(host, port)
     if name == "" then
         port.version.version = "2"
     else
-        _, v_a, v_b, v_c, v_d = bin.unpack("<SSSS", version)
+        local _, v_a, v_b, v_c, v_d = bin.unpack("<SSSS", version)
         port.version.version = v_a .. "." .. v_b .. "." .. v_c .. "." .. v_d
         port.version.extrainfo = "name: " .. name .. "; no password"
         if platform == "Win32" then

scripts/telnet-brute.nse

@@ -1,4 +1,6 @@
 local comm = require "comm"
+local coroutine = require "coroutine"
+local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
 local strbuf = require "strbuf"

scripts/ventrilo-info.nse

@@ -313,11 +313,11 @@ local dec_data = function(str, len, key)
     -- skip the header (first 20 bytes)
     local data = { string.byte(str, 21, 20 + len) }
 
-    a1 = bit.band(key, 0xFF)
+    local a1 = bit.band(key, 0xFF)
     if a1 == 0 then
         return table.concat(data)
     end
-    a2 = bit.rshift(key, 8)
+    local a2 = bit.rshift(key, 8)
 
     for i = 1,len do
         data[i] = bit.band(data[i] - (crypt_data[a2 + 1] + ((i - 1) % 72)), 0xFF)

scripts/whois-domain.nse

@@ -102,7 +102,7 @@ end
 
 action = function( host )
 
-    mutexes = {}
+    local mutexes = {}
 
     -- If the user has provided a domain name.
     if host.targetname then
@@ -110,7 +110,7 @@ action = function( host )
         local referral_patterns = {"refer:%s*(.-)\n", "Whois%sServer:%s*(.-)\n"}
 
         -- Remove www prefix and add a newline.
-        query_data = string.gsub(host.targetname, "^www%.", "") .. "\n"
+        local query_data = string.gsub(host.targetname, "^www%.", "") .. "\n"
 
         local result