From dd97499f04f431ca6cd007477bfe48a25323eff1 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sat, 12 Aug 2017 03:48:09 +0000
Subject: [PATCH] Fix some missing requires, globals, whitespace

---
 scripts/http-jsonp-detection.nse | 60 ++++++++++++++++----------------
 scripts/puppet-naivesigning.nse  |  1 +
 2 files changed, 31 insertions(+), 30 deletions(-)

diff --git a/scripts/http-jsonp-detection.nse b/scripts/http-jsonp-detection.nse
index b62ee2959..d390a290c 100755
--- a/scripts/http-jsonp-detection.nse
+++ b/scripts/http-jsonp-detection.nse
@@ -1,3 +1,4 @@
+local nmap = require "nmap"
 local http = require "http"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
@@ -12,8 +13,8 @@ Attempts to discover JSONP endpoints in web servers. JSONP endpoints can be
 used to bypass Same-origin Policy restrictions in web browsers.
 
 The script searches for callback functions in the response to detect JSONP
-endpoints. It also tries to determine callback function through URL(callback 
-function may be fully or partially controllable from URL) and also tries to 
+endpoints. It also tries to determine callback function through URL(callback
+function may be fully or partially controllable from URL) and also tries to
 bruteforce the most common callback variables through the URL.
 
 References : https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
@@ -26,18 +27,18 @@ References : https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
 --
 -- @output
 -- 80/tcp open  http    syn-ack
--- | http-jsonp-detection: 
--- | The following JSONP endpoints were detected: 
+-- | http-jsonp-detection:
+-- | The following JSONP endpoints were detected:
 -- |_/rest/contactsjp.php  Completely controllable from URL
--- 
+--
 --
 -- @xmloutput
 -- <table key='jsonp_endpoints'>
 -- <elem>/rest/contactsjp.php</elem>
 -- </table>
--- 
+--
 -- @args http-jsonp-detection.path The URL path to request. The default path is "/".
---- 
+---
 
 author = {"Vinamra Bhatia"}
 license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
@@ -49,10 +50,9 @@ local callbacks = {"callback", "cb", "jsonp", "jsonpcallback", "jcb", "call"}
 
 --Checks the body and returns if valid json data is present in callback function
 local checkjson = function(body)
-  
-  local func, json_data
-  _, _, _, func, json_data = string.find(body, "^(%S-)([%w_]+)%((.*)%);?$")
-  
+
+  local _, _, _, func, json_data = string.find(body, "^(%S-)([%w_]+)%((.*)%);?$")
+
   --Check if the json_data is valid
   --If valid, we have a JSONP endpoint with func as the function name
 
@@ -80,7 +80,7 @@ local callback_url = function(host, port, target, callback_variable)
         report = "Completely controllable from URL"
       else
         local p = string.find(func, value)
-        if p then 
+        if p then
           report = "Partially controllable from URL"
         end
       end
@@ -92,18 +92,18 @@ end
 --The function tries to bruteforce through the most common callback variable
 local callback_bruteforce = function(host, port, target)
   local response, path, report
-  for _,p in ipairs(callbacks) do 
+  for _,p in ipairs(callbacks) do
     path = target
     path = path .. "?" .. p .. "=test"
     response = http.get(host, port, path)
-    if response and response.body and response.status and response.status==200 then 
+    if response and response.body and response.status and response.status==200 then
 
       local status, func
       status, func = checkjson(response.body)
 
-      if status == true then  
+      if status == true then
         report = callback_url(host, port, target, p)
-        if report ~= nil then 
+        if report ~= nil then
           report = string.format("%s\t%s", target, report)
         else
           report = target
@@ -111,16 +111,16 @@ local callback_bruteforce = function(host, port, target)
         break
       end
     end
-  end 
+  end
   return report
-end 
+end
 
 action = function(host, port)
   local path = stdnse.get_script_args(SCRIPT_NAME .. ".path") or "/"
   local output_xml = stdnse.output_table()
   output_xml = {}
   output_xml['jsonp-endpoints'] = {}
-  local output_str = "\nThe following JSONP endpoints were detected: " 
+  local output_str = "\nThe following JSONP endpoints were detected: "
 
   -- crawl to find jsonp endpoints urls
   local crawler = httpspider.Crawler:new(host, port, path, {scriptname = SCRIPT_NAME})
@@ -136,7 +136,7 @@ action = function(host, port)
     if (not(status)) then
       if (r.err) then
         return stdnse.format_output(false, r.reason)
-      else 
+      else
         break
       end
     end
@@ -145,7 +145,7 @@ action = function(host, port)
     target = url.parse(target)
     target = target.path
 
-    -- First we try to get the response and look for jsonp endpoint there 
+    -- First we try to get the response and look for jsonp endpoint there
     if r.response and r.response.body and r.response.status and r.response.status==200 then
 
       local status, func, report
@@ -154,16 +154,16 @@ action = function(host, port)
       if status == true then
         --We have found JSONP endpoint
         --Put it inside a returnable table.
-        output_str = string.format("%s\n%s", output_str, target) 
+        output_str = string.format("%s\n%s", output_str, target)
         table.insert(output_xml['jsonp-endpoints'], target)
 
-        --Try if the callback function is controllable from URL.     
-        report = callback_url(host, port, target)        
+        --Try if the callback function is controllable from URL.
+        report = callback_url(host, port, target)
         if report ~= nil then
           output_str = string.format("%s\t%s", output_str, report)
         end
 
-      else 
+      else
 
         --Try to bruteforce through most comman callback URLs
         report = callback_bruteforce(host, port, target)
@@ -171,14 +171,14 @@ action = function(host, port)
           table.insert(output_xml['jsonp-endpoints'], target)
           output_str = string.format("%s\n%s", output_str, report)
         end
-      end 
+      end
 
-    end 
+    end
 
   end
 
-  --A way to print returnable 
-  if next(output_xml['jsonp-endpoints']) then 
+  --A way to print returnable
+  if next(output_xml['jsonp-endpoints']) then
     return output_xml, output_str
   else
     if nmap.verbosity() > 1 then
@@ -186,4 +186,4 @@ action = function(host, port)
     end
   end
 
-end 
\ No newline at end of file
+end
diff --git a/scripts/puppet-naivesigning.nse b/scripts/puppet-naivesigning.nse
index f6a727291..f8736367d 100644
--- a/scripts/puppet-naivesigning.nse
+++ b/scripts/puppet-naivesigning.nse
@@ -1,5 +1,6 @@
 local shortport = require "shortport"
 local stdnse = require "stdnse"
+local string = require "string"
 local http = require "http"
 local table = require "table"
 local io = require "io"