Standardize random string generation on stdnse.generate_random_string

2025-12-07 21:21:31 +00:00 · 2015-02-25 05:06:08 +00:00
parent f6733b2d89
commit db717c7543
10 changed files with 15 additions and 119 deletions
--- a/nselib/anyconnect.lua
+++ b/nselib/anyconnect.lua
@@ -50,12 +50,7 @@ Cisco = {
    -- generate a random hex-string of length 'length'
    --
    generate_random = function(length)
-      local rnd = ""
-
-      for i=1, length do
-        rnd = rnd .. string.format("%.2X", math.random(255))
-      end
-      return rnd
+      return stdnse.generate_random_string(length * 2, '0123456789ABCDEF')
    end,

    connect = function(self)
--- a/nselib/ike.lua
+++ b/nselib/ike.lua
@@ -137,12 +137,7 @@ end
 -- generate a random hex-string of length 'length'
 --
 local function generate_random(length)
-  local rnd = ""
-
-  for i=1, length do
-    rnd = rnd .. string.format("%.2X", math.random(255))
-  end
-  return rnd
+  return stdnse.generate_random_string(length * 2, '0123456789ABCDEF')
 end


--- a/nselib/sip.lua
+++ b/nselib/sip.lua
@@ -738,23 +738,9 @@ Util = {
  -- @param set    (optional) The set of letters to choose from. Default: upper, lower, numbers, and underscore.
  -- @return The random string.
  get_random_string = function(length, set)
-    if(length == nil) then
-      length = 8
-    end
-
-    if(set == nil) then
-      set = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"
-    end
-
-    local str = ""
-
-    for i = 1, length, 1 do
-      local random = math.random(#set)
-      str = str .. string.sub(set, random, random)
-    end
-
-    return str
-  end
+    return stdnse.generate_random_string(length or 8,
+      set or "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_")
+  end,

 }

--- a/nselib/stun.lua
+++ b/nselib/stun.lua
@@ -286,9 +286,9 @@ Util = {
  -- @param len number containing the length of the generated random string
  -- @return str containing the random string
  randomString = function(len)
-    local str = ""
-    for i=1, len do str = str .. string.char(math.random(255)) end
-    return str
+    local str = {}
+    for i=1, len do str[i] = string.char(math.random(255)) end
+    return table.concat(str)
  end

 }
--- a/scripts/broadcast-ataoe-discover.nse
+++ b/scripts/broadcast-ataoe-discover.nse
@@ -52,7 +52,7 @@ ATAoE = {
        minor = 0xff,
        error = 0,
        cmd = ATAoE.Cmd.QUERY_CONFIG_INFORMATION,
-        tag = tag or createRandomTag(),
+        tag = tag or math.random(0,0xffffffff),
      }
      setmetatable(o, self)
      self.__index = self
@@ -98,13 +98,6 @@ ATAoE = {
  }
 }

-- Creates a random AoE header tag
-function createRandomTag()
-  local str = ""
-  for i=1, 4 do str = str .. string.char(math.random(255)) end
-  return select(2, bin.unpack(">I", str))
-end
-
 -- Send a Config Info Request to the ethernet broadcast address
 -- @param iface table as returned by nmap.get_interface_info()
 local function sendConfigInfoRequest(iface)
--- a/scripts/http-userdir-enum.nse
+++ b/scripts/http-userdir-enum.nse
@@ -146,25 +146,3 @@ function init()
  stdnse.debug1("Testing %d usernames.", #usernames)
  return nil
 end
-
-
-
---
-- Uses openssl.rand_pseudo_bytes (if available, os.time() if not) and base64.enc
-- to produce a randomish string of at least 11 alphanumeric chars.
-- @return String
-
-function randomstring()
-  local rnd, s, l, _
-  local status, openssl = pcall(require, "openssl")
-  if status then
-    rnd = openssl.rand_pseudo_bytes
-  end
-  s = rnd and rnd(8) or tostring( os.time() )
-  -- increase the length of the string by 0 to 7 chars
-  _, l = bin.unpack(">C", s, 8) -- eighth byte should be safe for os.time() too
-  s = l%8 > 0 and s .. s:sub(1,l%8) or s
-  -- base 64 encode and replace any non alphanum chars (with 'n' for nmap!)
-  s = base64.enc(s):sub(1,-2):gsub("%W", "n")
-  return s
-end
--- a/scripts/irc-botnet-channels.nse
+++ b/scripts/irc-botnet-channels.nse
@@ -162,13 +162,7 @@ local function irc_compose_message(prefix, command, ...)
 end

 local function random_nick()
-  local nick = {}
-
-  for i = 1, 9 do
-    nick[#nick + 1] = string.char(math.random(string.byte("a"), string.byte("z")))
-  end
-
-  return table.concat(nick)
+  return stdnse.generate_random_string(9, "abcdefghijklmnopqrstuvwxyz")
 end

 local function splitlines(s)
--- a/scripts/irc-info.nse
+++ b/scripts/irc-info.nse
@@ -51,11 +51,7 @@ portrule = shortport.port_or_service({6666,6667,6697,6679},{"irc","ircs"})
 local banner_timeout = 60

 local function random_nick ()
-  local t = {}
-  for i = 1, 9 do -- minimum 9 char nick
-    t[i] = math.random(97, 122) -- lowercase ascii
-  end
-  return ("%c"):rep(#t):format(table.unpack(t))
+  return stdnse.generate_random_string(9, "abcdefghijklmnopqrstuvwxyz")
 end

 function action (host, port)
--- a/scripts/oracle-enum-users.nse
+++ b/scripts/oracle-enum-users.nse
@@ -28,8 +28,6 @@ servers (this bug was fixed in Oracle's October 2009 Critical Patch Update).
 -- |   noob is a valid user account
 -- |_  patrik is a valid user account
 --
-- The get_random_string function was stolen from Ron's smb code
--
 -- @args oracle-enum-users.sid the instance against which to attempt user
 --       enumeration

@@ -70,32 +68,6 @@ local function checkAccount( host, port, user )
  return true, auth["AUTH_VFR_DATA"]
 end

---Generates a random string of the requested length. This can be used to check how hosts react to
-- weird username/password combinations.
--@param length (optional) The length of the string to return. Default: 8.
--@param set    (optional) The set of letters to choose from. Default: upper, lower, numbers, and underscore.
--@return The random string.
-local function get_random_string(length, set)
-  if(length == nil) then
-    length = 8
-  end
-
-  if(set == nil) then
-    set = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"
-  end
-
-  local str = ""
-
-  for i = 1, length, 1 do
-    local random = math.random(#set)
-    str = str .. string.sub(set, random, random)
-  end
-
-  return str
-end
-
-
-
 action = function( host, port )

  local known_good_accounts = { "system", "sys", "dbsnmp", "scott" }
@@ -131,7 +103,8 @@ action = function( host, port )
  -- Check for some known bad accounts
  count = 0
  for i=1, 10 do
-    local user = get_random_string(10)
+    local user = stdnse.generate_random_string(10,
+      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_")
    status, salt = checkAccount(host, port, user)
    if( not(status) ) then return salt  end
    if ( salt ) then
--- a/scripts/smb-brute.nse
+++ b/scripts/smb-brute.nse
@@ -175,22 +175,8 @@ local special_passwords = { USERNAME, USERNAME_REVERSED }
 --@param set    (optional) The set of letters to choose from. Default: upper, lower, numbers, and underscore.
 --@return The random string.
 local function get_random_string(length, set)
-  if(length == nil) then
-    length = 8
-  end
-
-  if(set == nil) then
-    set = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"
-  end
-
-  local str = ""
-
-  for i = 1, length, 1 do
-    local random = math.random(#set)
-    str = str .. string.sub(set, random, random)
-  end
-
-  return str
+  return stdnse.generate_random_string(length or 8,
+    set or "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_")
 end

 ---Splits a string in the form "domain\user" into domain and user.