Standardize random string generation on stdnse.generate_random_string

2025-12-07 21:21:31 +00:00 · 2015-02-25 05:06:08 +00:00
parent f6733b2d89
commit db717c7543
10 changed files with 15 additions and 119 deletions
--- a/nselib/anyconnect.lua
+++ b/nselib/anyconnect.lua
@@ -50,12 +50,7 @@ Cisco = {
    -- generate a random hex-string of length 'length'
    --
    generate_random = function(length)
-      local rnd = ""
+      return stdnse.generate_random_string(length * 2, '0123456789ABCDEF')
      for i=1, length do
        rnd = rnd .. string.format("%.2X", math.random(255))
      end
      return rnd
    end,
    connect = function(self)
--- a/nselib/ike.lua
+++ b/nselib/ike.lua
@@ -137,12 +137,7 @@ end
 -- generate a random hex-string of length 'length'
 --
 local function generate_random(length)
-  local rnd = ""
+  return stdnse.generate_random_string(length * 2, '0123456789ABCDEF')
  for i=1, length do
    rnd = rnd .. string.format("%.2X", math.random(255))
  end
  return rnd
 end
--- a/nselib/sip.lua
+++ b/nselib/sip.lua
@@ -738,23 +738,9 @@ Util = {
  -- @param set    (optional) The set of letters to choose from. Default: upper, lower, numbers, and underscore.
  -- @return The random string.
  get_random_string = function(length, set)
-    if(length == nil) then
+    return stdnse.generate_random_string(length or 8,
-      length = 8
+      set or "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_")
-    end
+  end,
    if(set == nil) then
      set = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"
    end
    local str = ""
    for i = 1, length, 1 do
      local random = math.random(#set)
      str = str .. string.sub(set, random, random)
    end
    return str
  end
 }
--- a/nselib/stun.lua
+++ b/nselib/stun.lua
@@ -286,9 +286,9 @@ Util = {
  -- @param len number containing the length of the generated random string
  -- @return str containing the random string
  randomString = function(len)
-    local str = ""
+    local str = {}
-    for i=1, len do str = str .. string.char(math.random(255)) end
+    for i=1, len do str[i] = string.char(math.random(255)) end
-    return str
+    return table.concat(str)
  end
 }
--- a/scripts/broadcast-ataoe-discover.nse
+++ b/scripts/broadcast-ataoe-discover.nse
@@ -52,7 +52,7 @@ ATAoE = {
        minor = 0xff,
        error = 0,
        cmd = ATAoE.Cmd.QUERY_CONFIG_INFORMATION,
-        tag = tag or createRandomTag(),
+        tag = tag or math.random(0,0xffffffff),
      }
      setmetatable(o, self)
      self.__index = self
@@ -98,13 +98,6 @@ ATAoE = {
  }
 }
 -- Creates a random AoE header tag
 function createRandomTag()
  local str = ""
  for i=1, 4 do str = str .. string.char(math.random(255)) end
  return select(2, bin.unpack(">I", str))
 end
 -- Send a Config Info Request to the ethernet broadcast address
 -- @param iface table as returned by nmap.get_interface_info()
 local function sendConfigInfoRequest(iface)
--- a/scripts/http-userdir-enum.nse
+++ b/scripts/http-userdir-enum.nse
@@ -146,25 +146,3 @@ function init()
  stdnse.debug1("Testing %d usernames.", #usernames)
  return nil
 end
 ---
 -- Uses openssl.rand_pseudo_bytes (if available, os.time() if not) and base64.enc
 -- to produce a randomish string of at least 11 alphanumeric chars.
 -- @return String
 function randomstring()
  local rnd, s, l, _
  local status, openssl = pcall(require, "openssl")
  if status then
    rnd = openssl.rand_pseudo_bytes
  end
  s = rnd and rnd(8) or tostring( os.time() )
  -- increase the length of the string by 0 to 7 chars
  _, l = bin.unpack(">C", s, 8) -- eighth byte should be safe for os.time() too
  s = l%8 > 0 and s .. s:sub(1,l%8) or s
  -- base 64 encode and replace any non alphanum chars (with 'n' for nmap!)
  s = base64.enc(s):sub(1,-2):gsub("%W", "n")
  return s
 end
--- a/scripts/irc-botnet-channels.nse
+++ b/scripts/irc-botnet-channels.nse
@@ -162,13 +162,7 @@ local function irc_compose_message(prefix, command, ...)
 end
 local function random_nick()
-  local nick = {}
+  return stdnse.generate_random_string(9, "abcdefghijklmnopqrstuvwxyz")
  for i = 1, 9 do
    nick[#nick + 1] = string.char(math.random(string.byte("a"), string.byte("z")))
  end
  return table.concat(nick)
 end
 local function splitlines(s)
--- a/scripts/irc-info.nse
+++ b/scripts/irc-info.nse
@@ -51,11 +51,7 @@ portrule = shortport.port_or_service({6666,6667,6697,6679},{"irc","ircs"})
 local banner_timeout = 60
 local function random_nick ()
-  local t = {}
+  return stdnse.generate_random_string(9, "abcdefghijklmnopqrstuvwxyz")
  for i = 1, 9 do -- minimum 9 char nick
    t[i] = math.random(97, 122) -- lowercase ascii
  end
  return ("%c"):rep(#t):format(table.unpack(t))
 end
 function action (host, port)
--- a/scripts/oracle-enum-users.nse
+++ b/scripts/oracle-enum-users.nse
@@ -28,8 +28,6 @@ servers (this bug was fixed in Oracle's October 2009 Critical Patch Update).
 -- |   noob is a valid user account
 -- |_  patrik is a valid user account
 --
 -- The get_random_string function was stolen from Ron's smb code
 --
 -- @args oracle-enum-users.sid the instance against which to attempt user
 --       enumeration
@@ -70,32 +68,6 @@ local function checkAccount( host, port, user )
  return true, auth["AUTH_VFR_DATA"]
 end
 ---Generates a random string of the requested length. This can be used to check how hosts react to
 -- weird username/password combinations.
 --@param length (optional) The length of the string to return. Default: 8.
 --@param set    (optional) The set of letters to choose from. Default: upper, lower, numbers, and underscore.
 --@return The random string.
 local function get_random_string(length, set)
  if(length == nil) then
    length = 8
  end
  if(set == nil) then
    set = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"
  end
  local str = ""
  for i = 1, length, 1 do
    local random = math.random(#set)
    str = str .. string.sub(set, random, random)
  end
  return str
 end
 action = function( host, port )
  local known_good_accounts = { "system", "sys", "dbsnmp", "scott" }
@@ -131,7 +103,8 @@ action = function( host, port )
  -- Check for some known bad accounts
  count = 0
  for i=1, 10 do
-    local user = get_random_string(10)
+    local user = stdnse.generate_random_string(10,
      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_")
    status, salt = checkAccount(host, port, user)
    if( not(status) ) then return salt  end
    if ( salt ) then
--- a/scripts/smb-brute.nse
+++ b/scripts/smb-brute.nse
@@ -175,22 +175,8 @@ local special_passwords = { USERNAME, USERNAME_REVERSED }
 --@param set    (optional) The set of letters to choose from. Default: upper, lower, numbers, and underscore.
 --@return The random string.
 local function get_random_string(length, set)
-  if(length == nil) then
+  return stdnse.generate_random_string(length or 8,
-    length = 8
+    set or "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_")
  end
  if(set == nil) then
    set = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"
  end
  local str = ""
  for i = 1, length, 1 do
    local random = math.random(#set)
    str = str .. string.sub(set, random, random)
  end
  return str
 end
 ---Splits a string in the form "domain\user" into domain and user.