Reformat and merge documentation for stdnse, shortport, strbuf, snmp, ssh1,

ssh2, smb, pop3, and msrpc.
2025-12-07 13:11:28 +00:00 · 2008-10-16 00:38:53 +00:00
parent a31f0890d5
commit f58f559b81
10 changed files with 281 additions and 357 deletions
--- a/docs/scripting.xml
+++ b/docs/scripting.xml
@@ -1428,58 +1428,6 @@ if(s) code_to_be_done_on_match end
        <indexterm class="endofrange" startref="nse-openssl-indexterm"/>
    </sect2>

-	<sect2 id="nse-lib-shortport">
-	<title>Short Portrules</title>
-        <indexterm><primary><varname>shortport</varname> NSE module</primary></indexterm>
-	<para>
-	Since portrules are mostly the same for many scripts, the 
-        <literal>shortport</literal> module provides functions for the most common tests.
-	The arguments in brackets (<literal>[]</literal>) are optional. If no 
-        <literal>proto</literal> is provided, <literal>tcp</literal> is used. The default 
-	<literal>state</literal> is <literal>open</literal>
-	</para>
-	<variablelist>
-	    <varlistentry>
-	      <term><option>shortport.portnumber(port,[proto],[state])</option>
-		  </term>
-	      <listitem>
-		  <para>
-		  The port argument is either a number or a table of numbers which are
-		  interpreted as port numbers, against which the script should run.
-		  </para>
-	      </listitem>
-	    </varlistentry>
-	    <varlistentry>
-	      <term><option>shortport.service(service,[proto],[state])</option>
-		  </term>
-	      <listitem>
-		  <para>
-		  The service argument is either a string or a table 
-		  of strings which are interpreted as service names
-		  (e.g. <literal>"http"</literal>, <literal>"https"</literal>, <literal>"smtp"</literal> or <literal>"ftp"</literal>) against which the
-		  script should run. These service names are
-		  determined by Nmap's version scan or (if no version
-		  scan information is available) the service assigned
-		  to the port in <filename>nmap-services</filename>
-		  (e.g. <literal>"http"</literal> for TCP port 80).
-		  </para>
-	      </listitem>
-	    </varlistentry>
-	    <varlistentry>
-	      <term><option>shortport.port_or_service(port,service,[proto],[state])</option>
-		  </term>
-	      <listitem>
-		  <para>
-		  This is a combination of the above functions, since many scripts
-		  explicitly try to run against the well-known ports, but want 
-		  also to run against any other port which was discovered to run the 
-		  named service. A typical example for this function is: 
-		  <literal>portrule = shortport.port_or_service(22,"ssh")</literal>.
-		  </para>
-	      </listitem>
-	    </varlistentry>
-	</variablelist>
-	</sect2>
 	<sect2 id="nse-lib-strbuf">
 	<title>String Buffer Operations</title>
        <indexterm><primary><varname>strbuf</varname> NSE module</primary></indexterm>
@@ -1664,108 +1612,6 @@ if(s) code_to_be_done_on_match end
 	</variablelist>
 	</sect2>

-	</sect2>
-	<sect2 id="nse-lib-stdnse">
-	<title>Various Utility Functions</title>
-        <indexterm><primary><varname>stdnse</varname> NSE module</primary></indexterm>
-	<para>
-	The <literal>stdnse</literal> library contains various handy
-	functions which are too small to justify modules of their own:
-	</para>
-	<variablelist>
-	    <varlistentry>
-	      <term><option>stdnse.print_debug([verbosity,] format, ...)</option>
-		  </term>
-	      <listitem>
-		  <para>
-		  Wrapper function around <literal>print_debug_unformatted()</literal>
-		  in the <literal>nmap</literal> namespace. The first optional numeric
-          argument, <literal>verbosity</literal>, is
-		  used as the necessary debug level to print the message (it defaults
-		  to 1 if omitted). All remaining arguments are processed with
-		  Lua's <literal>string.format()</literal> function, which provides a 
-		  C-style printf interface.
-		  </para>
-	      </listitem>
-	    </varlistentry>
-	    <varlistentry>
-	      <term><option>list = stdnse.strsplit("delimiter", "text")</option>
-		  </term>
-	      <listitem>
-		  <para>
-		  This function will certainly be appreciated by Perl programmers.
-		  It takes two strings as arguments and splits the second one around
-		  all occurrences of the first one, returning a list (table), which
-          contains the substrings without the delimiting string.
-		  </para>
-	      </listitem>
-	    </varlistentry>
-	    <varlistentry>
-	      <term><option>string = stdnse.strjoin("delimiter", list)</option>
-		  </term>
-	      <listitem>
-		  <para>
-		  Inverse function to <literal>strsplit()</literal>. Basically this is
-		  Lua's <literal>table.concat()</literal> function with the parameters
-		  swapped for coherence.
-		  </para>
-	      </listitem>
-	    </varlistentry>
-        <varlistentry>
-          <term><option>string = stdnse.tobinary(n)</option>
-          </term>
-          <listitem>
-            <para>
-              Converts the given number, <literal>n</literal>, to a string
-              in a binary number format (e.g. 5 becomes "101").
-            </para>
-          </listitem>
-        </varlistentry>
-        <varlistentry>
-          <term><option>string = stdnse.tooctal(n)</option>
-          </term>
-          <listitem>
-            <para>
-              Converts the given number, <literal>n</literal>, to a string
-              in an octal number format (e.g. 9 becomes "11").
-            </para>
-          </listitem>
-        </varlistentry>
-        <varlistentry>
-          <term><option>string = stdnse.tohex(s, options)</option>
-          </term>
-          <listitem>
-            <para>
-              Converts the given number or string, <literal>s</literal>, to a
-              string in a hexadecimal number format (e.g. 10 becomes "a"). 
-              <literal>options</literal> is a table containing parameters to
-              control the formatting. You may specify <literal>options.separator</literal>
-              which will be used as separator for groups of consecutive bytes.
-              With <literal>options.group</literal> you can control the group
-              length to be used with <literal>options.separator</literal>.
-            </para>
-          </listitem>
-        </varlistentry>
-        <varlistentry>
-          <term><option>string = stdnse.make_buffer(socket, sep)</option>
-          </term>
-          <listitem>
-            <para>
-              This function operates on a socket attempting to read data.
-              It separates the data by <literal>sep</literal> and, for each
-              invocation, returns a piece of the separated data. Typically
-              this is used to iterate over the lines of data received from a
-              socket (<literal>sep = "\r?\n"</literal>). The returned string
-              does not include the separator. It will return the final data
-              even if it is not followed by the separator. Once an error or
-              EOF is reached, it returns <literal>nil, msg</literal>.
-              <literal>msg</literal> is what is returned by
-              <literal>nmap.receive_lines()</literal>.
-            </para>
-          </listitem>
-        </varlistentry>
-	</variablelist>
-	</sect2>
    <indexterm class="endofrange" startref="nse-library-indexterm"/>
  </sect1>

--- a/nselib/msrpc.lua
+++ b/nselib/msrpc.lua
@@ -1,4 +1,6 @@
--- By making heavy use of the 'smb' library, this library will call various MSRPC 
+--- Call various MSRPC functions.
+-- \n\n
+-- By making heavy use of the smb library, this library will call various MSRPC 
 --  functions. The functions used here can be access over TCP ports 445 and 139, 
 --  with an established session. A NULL session (the default) will work for some 
 --  functions and operating systems (or configurations), but not for others. \n
--- a/nselib/pop3.lua
+++ b/nselib/pop3.lua
@@ -1,4 +1,4 @@
--- POP3 functions
+--- POP3 functions.
 --@copyright See nmaps COPYING for licence

 module(... or "pop3",package.seeall)
@@ -24,9 +24,9 @@ err = {
 }

 ---
-- Checks POP3 response for 
--@param line First line returned from an POP3 request
--@return Found "+OK" string or nil
+-- Check a POP3 response for "+OK".
+--@param line First line returned from an POP3 request.
+--@return Found "+OK" string or nil.
 function stat(line)
   return string.match(line, "+OK")
 end
@@ -34,11 +34,11 @@ end


 ---
-- Try to login using USER/PASS commands
--@param socket Socket connected to POP3 server
--@param user User string
--@param pw Password string
--@return Success as boolean and error code as in err table
+-- Try to log in using USER/PASS commands.
+--@param socket Socket connected to POP3 server.
+--@param user User string.
+--@param pw Password string.
+--@return Success as boolean and error code as in err table.
 function login_user(socket, user, pw)
   socket:send("USER " .. user .. "\r\n")
   status, line = socket:receive_lines(1)
@@ -54,11 +54,11 @@ end


 ---
-- Try to login using AUTH command using SASL/Plain method
--@param socket Socket connected to POP3 server
--@param user User string
--@param pw Password string
--@return Success as boolean and error code as in err table
+-- Try to login using AUTH command using SASL/Plain method.
+--@param socket Socket connected to POP3 server.
+--@param user User string.
+--@param pw Password string.
+--@return Success as boolean and error code as in err table.
 function login_sasl_plain(socket, user, pw)
   
   local auth64 = base64.enc(user .. "\0" .. user .. "\0" .. pw)
@@ -74,11 +74,11 @@ function login_sasl_plain(socket, user, pw)
 end

 ---
-- Try to login using AUTH command using SASL/Login method
--@param user User string
--@param pw Password string
--@param pw String containing password to login
--@return Success as boolean and error code as in err table
+-- Try to login using AUTH command using SASL/Login method.
+--@param user User string.
+--@param pw Password string.
+--@param pw String containing password to login.
+--@return Success as boolean and error code as in err table.
 function login_sasl_login(socket, user, pw)

   local user64 = base64.enc(user)
@@ -112,12 +112,12 @@ function login_sasl_login(socket, user, pw)
 end

 ---
-- Try to login using APOP command
--@param socket Socket connected to POP3 server
--@param user User string
--@param pw Password string
--@param challenge String containing challenge from POP3 server greeting
--@return Success as boolean and error code as in err table
+-- Try to login using APOP command.
+--@param socket Socket connected to POP3 server.
+--@param user User string.
+--@param pw Password string.
+--@param challenge String containing challenge from POP3 server greeting.
+--@return Success as boolean and error code as in err table.
 function login_apop(socket, user, pw, challenge)
   if type(challenge) ~= "string" then return false, err.informationMissing end

@@ -135,9 +135,9 @@ end

 ---
 -- Asks POP3 server for capabilities
--@param host Host to be queried
--@param port Port to connect to
--@return Table containing capabilities
+--@param host Host to be queried.
+--@param port Port to connect to.
+--@return Table containing capabilities.
 function capabilities(host, port)
   local socket = nmap.new_socket()
   local capas = {}
@@ -178,11 +178,11 @@ function capabilities(host, port)
 end

 ---
-- Try to login using AUTH command using SASL/CRAM-MD5 method
--@param socket Socket connected to POP3 server
--@param user User string
--@param pw Password string
--@return Success as boolean and error code as in err table
+-- Try to login using AUTH command using SASL/CRAM-MD5 method.
+--@param socket Socket connected to POP3 server.
+--@param user User string.
+--@param pw Password string.
+--@return Success as boolean and error code as in err table.
 function login_sasl_crammd5(socket, user, pw)

   socket:send("AUTH CRAM-MD5\r\n")
@@ -204,7 +204,7 @@ function login_sasl_crammd5(socket, user, pw)
   end
 end

--- overwrite functions requiring OpenSSL if we got no OpenSSL
+-- Overwrite functions requiring OpenSSL if we got no OpenSSL.
 if not HAVE_SSL then

  local no_ssl = function()
--- a/nselib/shortport.lua
+++ b/nselib/shortport.lua
@@ -1,18 +1,18 @@
--- Functions for common port tests.\n\n
-- Takes a number as its argument and returns that many bytes.
-- It can be used to get a buffered version of sockobj:receive_bytes(n) in
-- case a script requires more than one fixed-size chunk, as the unbuffered
-- version may return more bytes than requested and thus would require you
-- to do the parsing on your own. 
+--- Functions for building short portrules.
+-- \n\n
+-- Since portrules are mostly the same for many scripts, this
+-- module provides functions for the most common tests.
 --@copyright See nmaps COPYING for licence

 module(... or "shortport", package.seeall)

--- The port argument is either a number or a table of numbers which are
-- interpreted as port numbers, against which the script should run. See
-- module description for other arguments.
-- @param port The port or list of ports to run against
+--- Return a portrule that returns true when given an open port matching a
+-- single port number or a list of port numbers.
+-- @param port A single port number or a list of port numbers.
+-- @param _proto The protocol to match against, default "tcp".
+-- @param _state A state or list of states to match against, default {"open", "open|filtered"}.
 -- @return Function for the portrule.
+-- @usage portrule = shortport.portnumber({80, 443})
 portnumber = function(port, _proto, _state)
 	local port_table, state_table
 	local proto = _proto or "tcp"
@@ -45,14 +45,19 @@ portnumber = function(port, _proto, _state)
 	end
 end

--- The service argument is either a string or a table of strings which are
-- interpreted as service names (e.g. "http", "https", "smtp" or "ftp")
-- against which the script should run. These service names are determined
-- by Nmap's version scan or (if no version scan information is available)
-- the service assigned to the port in nmap-services  (e.g. "http" for TCP
-- port 80). 
+--- Return a portrule that returns true when given an open port with a
+--service name matching a single service name or a list of service
+--names.
+-- \n\n
+-- A service name is something like "http", "https", "smtp", or "ftp".
+-- These service names are determined by Nmap's version scan or (if no
+-- version scan information is available) the service assigned to the
+-- port in nmap-services  (e.g. "http" for TCP port 80). 
 -- @param service Service name or a list of names to run against.
+-- @param _proto The protocol to match against, default "tcp".
+-- @param _state A state or list of states to match against, default {"open", "open|filtered"}.
 -- @return Function for the portrule.
+-- @usage portrule = shortport.service("ftp")
 service = function(service, _proto, _state)
 	local service_table, state_table
 	local state = _state or {"open", "open|filtered"}
@@ -85,12 +90,19 @@ service = function(service, _proto, _state)
 	end
 end

--- Run the script if either the port or service is available. This is
-- a combination of shortport.portnumber and shortport.service, since
-- many scripts explicitly try to run against the well-known ports,
-- but want also to run against any other port which was discovered to
-- run the named service.
+--- Return a portrule that returns true when given an open port matching
+-- either a port number or service name.
+-- \n\n
+-- This function is a combination of the portnumber and service
+-- functions. The port and service may be single values or a list of
+-- values as in those functions. Many scripts explicitly try to run
+-- against the well-known ports, but want also to run against any other
+-- port which was discovered to run the named service.
 -- @usage portrule = shortport.port_or_service(22,"ssh"). 
+-- @param _port A single port number or a list of port numbers.
+-- @param _service Service name or a list of names to run against.
+-- @param proto The protocol to match against, default "tcp".
+-- @param _state A state or list of states to match against, default {"open", "open|filtered"}.
 -- @return Function for the portrule.
 port_or_service = function(_port, _service, proto, _state)
 	local state = _state or {"open", "open|filtered"}
--- a/nselib/smb.lua
+++ b/nselib/smb.lua
@@ -1,4 +1,6 @@
--- A library for SMB (Server Message Block) (aka CIFS) traffic. This traffic is normally
+--- A library for SMB (Server Message Block) (aka CIFS) traffic.
+-- \n\n
+-- This traffic is normally
 --  sent to/from ports 139 or 445 of Windows systems, although it's also implemented by
 --  others (the most notable one being Samba). \n
 --\n
--- a/nselib/snmp.lua
+++ b/nselib/snmp.lua
@@ -1,4 +1,4 @@
--- SNMP functions
+--- SNMP functions.
 --@copyright See nmaps COPYING for licence


@@ -6,9 +6,9 @@ module(... or "snmp",package.seeall)


 ---
-- Encodes an Integer according to ASN.1 basic encoding rules
--@param val Value to be encoded
--@return encoded integer 
+-- Encodes an Integer according to ASN.1 basic encoding rules.
+--@param val Value to be encoded.
+--@return encoded integer.
 local function encodeInt(val)
   local lsb = 0
   if val > 0 then
@@ -44,9 +44,9 @@ end


 ---
-- Encodes the length part of a ASN.1 encoding triplet
--@param val Value to be encoded
--@return encoded length value
+-- Encodes the length part of a ASN.1 encoding triplet.
+--@param val Value to be encoded.
+--@return encoded length value.
 local function encodeLength(val)
   if (val >= 128) then
      local valStr = ""
@@ -65,9 +65,9 @@ end

 ---
 -- Encodes a given value according to ASN.1 basic encoding
-- rules for SNMP packet creation
--@param val Value to be encoded
--@return encoded value
+-- rules for SNMP packet creation.
+--@param val Value to be encoded.
+--@return encoded value.
 function encode(val)
   local vtype = type(val)
   if (vtype == 'number') then
@@ -119,10 +119,10 @@ end

 ---
 -- Decodes length part of encoded value according to 
-- ASN.1 basic encoding rules
--@param encStr Encoded string
--@param pos Current position in the string
--@return The position after decoding and the length of the following value
+-- ASN.1 basic encoding rules.
+--@param encStr Encoded string.
+--@param pos Current position in the string.
+--@return The position after decoding and the length of the following value.
 local function decodeLength(encStr, pos)
   local elen
   pos, elen = bin.unpack('C', encStr, pos)
@@ -143,11 +143,11 @@ end

 ---
 -- Decodes an Integer according to ASN.1 basic 
-- encoding rules
--@param encStr Encoded string
--@param len Length of integer in bytes
--@param pos Current position in the string
--@return The position after decoding and the decoded integer
+-- encoding rules.
+--@param encStr Encoded string.
+--@param len Length of integer in bytes.
+--@param pos Current position in the string.
+--@return The position after decoding and the decoded integer.
 local function decodeInt(encStr, len, pos)
   local hexStr
   pos, hexStr = bin.unpack("H" .. len, encStr, pos)
@@ -160,11 +160,11 @@ end

 ---
 -- Decodes a sequence according to ASN.1 basic 
-- encoding rules
--@param encStr Encoded string
--@param len Length of sequence in bytes
--@param pos Current position in the string
--@return The position after decoding and the decoded sequence as a table
+-- encoding rules.
+--@param encStr Encoded string.
+--@param len Length of sequence in bytes.
+--@param pos Current position in the string.
+--@return The position after decoding and the decoded sequence as a table.
 local function decodeSeq(encStr, len, pos)
   local seq = {}
   local sPos = 1
@@ -181,10 +181,10 @@ end

 ---
 -- Decodes an SNMP packet or a part of it according 
-- to ASN.1 basic encoding rules
--@param encStr Encoded string
--@param pos Current position in the string
--@return The position after decoding and the decoded value(s)
+-- to ASN.1 basic encoding rules.
+--@param encStr Encoded string.
+--@param pos Current position in the string.
+--@return The position after decoding and the decoded value(s).
 function decode(encStr, pos)
   local etype, elen
   pos, etype = bin.unpack("H1", encStr, pos)
@@ -273,10 +273,10 @@ end

 ---
 -- Decodes an SNMP packet or a part of it according 
-- to ASN.1 basic encoding rules
--@param encStr Encoded string
--@param pos Current position in the string
--@return The decoded value(s)
+-- to ASN.1 basic encoding rules.
+--@param encStr Encoded string.
+--@param pos Current position in the string.
+--@return The decoded value(s).
 function dec(encStr, pos)
   local result
   local _
@@ -285,10 +285,10 @@ function dec(encStr, pos)
 end

 ---
-- Create SNMP packet
--@param PDU SNMP Protocol Data Unit to be encapsulated in the packet
--@param version SNMP version, default 0 (SNMP V1)
--@param commStr community string, if not already supplied in registry or as script argument
+-- Create SNMP packet.
+--@param PDU SNMP Protocol Data Unit to be encapsulated in the packet.
+--@param version SNMP version, default 0 (SNMP V1).
+--@param commStr community string, if not already supplied in registry or as script argument.
 function buildPacket(PDU, version, commStr)
   local comm = nmap.registry.args.snmpcommunity
   if (not comm) then comm = nmap.registry.snmpcommunity end
@@ -305,10 +305,13 @@ end


 --- 
-- Create SNMP Get Request PDU
--@param options Configure PDU: request ID (reqId), error and error index (err, errIdx)
--@param OIDs Object identifiers to be queried
--@return Table representing PDU
+-- Create SNMP Get Request PDU.
+--@param options A table containing the following keys and values:\n
+--"reqId": request ID\n
+--"err": error\n
+--"errIdx": error index
+--@param ... Object identifiers to be queried.
+--@return Table representing PDU.
 function buildGetRequest(options, ...)
   if not options then options = {} end

@@ -337,10 +340,13 @@ end


 --- 
-- Create SNMP Get Next Request PDU
--@param options Configure PDU: request ID (reqId), error and error index (err, errIdx)
--@param OIDs Object identifiers to be queried
--@return Table representing PDU
+-- Create SNMP Get Next Request PDU.
+--@param options A table containing the following keys and values:\n
+--"reqId": request ID\n
+--"err": error\n
+--"errIdx": error index
+--@param ... Object identifiers to be queried.
+--@return Table representing PDU.
 function buildGetNextRequest(options, ...)
   if not options then options = {} end

@@ -368,12 +374,16 @@ function buildGetNextRequest(options, ...)
 end

 --- 
-- Create SNMP Set Request PDU
-- Takes one OID/value pair or an already prepared table
--@param options Configure PDU: request ID (reqId), error and error index (err, errIdx)
--@param OIDs Object identifiers of object to be set
--@param value To which value object should be set. If given a table, use table instead of OID/value pair
--@return Table representing PDU
+-- Create SNMP Set Request PDU.
+-- \n\n
+-- Takes one OID/value pair or an already prepared table.
+--@param options A table containing the following keys and values:\n
+--"reqId": request ID\n
+--"err": error\n
+--"errIdx": error index
+--@param oid Object identifiers of object to be set.
+--@param value To which value object should be set. If given a table, use table instead of OID/value pair.
+--@return Table representing PDU.
 function buildSetRequest(options, oid, value)
   if not options then options = {} end

@@ -437,12 +447,16 @@ function buildTrap(enterpriseOid, agentIp, genTrap, specTrap, timeStamp)
 end

 --- 
-- Create SNMP Get Response PDU
-- Takes one OID/value pair or an already prepared table
--@param options Configure PDU: request ID (reqId), error and error index (err, errIdx)
--@param OIDs Object identifiers of object to be sent back
--@param value To which value object or returned object. If given a table, use table instead of OID/value pair
--@return Table representing PDU
+-- Create SNMP Get Response PDU.
+-- \n\n
+-- Takes one OID/value pair or an already prepared table.
+--@param options A table containing the following keys and values:\n
+--"reqId": request ID\n
+--"err": error\n
+--"errIdx": error index
+--@param oid Object identifiers of object to be sent back.
+--@param value To which value object or returned object. If given a table, use table instead of OID/value pair.
+--@return Table representing PDU.
 function buildGetResponse(options, oid, value) 
   if not options then options = {} end

@@ -475,9 +489,9 @@ function buildGetResponse(options, oid, value)
 end

 --- 
-- Transforms a string into an object identifier table
--@param oidStr Object identifier as string, for example "1.3.6.1.2.1.1.1.0"
--@return Table representing OID
+-- Transforms a string into an object identifier table.
+--@param oidStr Object identifier as string, for example "1.3.6.1.2.1.1.1.0".
+--@return Table representing OID.
 function str2oid(oidStr)
   local oid = {}
   for n in string.gmatch(oidStr, "%d+") do
@@ -488,18 +502,18 @@ function str2oid(oidStr)
 end

 ---
-- Transforms a table representing an object identifier to a string
--@param oid Object identifier table
--@return OID string
+-- Transforms a table representing an object identifier to a string.
+--@param oid Object identifier table.
+--@return OID string.
 function oid2str(oid)
   if (type(oid) ~= "table") then return 'invalid oid' end
   return table.concat(oid, '.')
 end

 ---
-- Transforms a table representing an IP to a string
--@param ip IP table
--@return IP string
+-- Transforms a table representing an IP to a string.
+--@param ip IP table.
+--@return IP string.
 function ip2str(ip)
   if (type(ip) ~= "table") then return 'invalid ip' end
   return table.concat(ip, '.')
@@ -507,9 +521,9 @@ end


 ---
-- Transforms a string into an IP table
--@param ipStr IP as string
--@return Table representing IP
+-- Transforms a string into an IP table.
+--@param ipStr IP as string.
+--@return Table representing IP.
 function str2ip(ipStr)
   local ip = {}
   for n in string.gmatch(ipStr, "%d+") do
@@ -521,9 +535,9 @@ end


 ---
-- Fetches values from a SNMP response
--@param resp SNMP Response (will be decoded if necessary)
--@result Table with all decoded responses and their OIDs
+-- Fetches values from a SNMP response.
+--@param resp SNMP Response (will be decoded if necessary).
+--@result Table with all decoded responses and their OIDs.
 function fetchResponseValues(resp)
   if (type(resp) == "string") then
      local _
@@ -568,8 +582,8 @@ end

 ---
 -- Fetches first value from a SNMP response.
--@param response SNMP Response (will be decoded if necessary)
--@return First decoded value of the response
+--@param response SNMP Response (will be decoded if necessary).
+--@return First decoded value of the response.
 function fetchFirst(response)
   local result = fetchResponseValues(response)
   if type(result) == "table" and result[1] and result[1][1] then return result[1][1]
--- a/nselib/ssh1.lua
+++ b/nselib/ssh1.lua
@@ -1,5 +1,7 @@
-
-- @author = Sven Klemm <sven@c3d2.de>
+--- Functions for the SSH-1 protocol.
+-- \n\n
+-- This module also contains functions for formatting key fingerprints.
+-- @author Sven Klemm <sven@c3d2.de>
 -- @copyright See nmaps COPYING for licence

 module(... or "ssh1",package.seeall)
@@ -10,9 +12,11 @@ local math = require "math"
 local stdnse = require "stdnse"
 local openssl = require "openssl"

--- fetch SSH1 host key
--@param host nmap host table
--@param port nmap port table
+--- Fetch a SSH-1 host key.
+--@param host Nmap host table.
+--@param port Nmap port table.
+--@return A table with the following keys: "exp", "mod", "bits", "key_type",
+--"fp_input", "full_key", "algorithm", and "fingerprint".
 fetch_host_key = function(host, port)
  local socket = nmap.new_socket()
  local catch = function() socket:close() end
@@ -61,13 +65,13 @@ fetch_host_key = function(host, port)
  end
 end

--- format key as hexadecimal fingerprint
+--- Format a key fingerprint in hexadecimal.
 fingerprint_hex = function( fingerprint, algorithm, bits )
  fingerprint = stdnse.tohex(fingerprint,{separator=":",group=2})
  return ("%d %s (%s)"):format( bits, fingerprint, algorithm )
 end

--- format key as bubblebabble fingerprint
+--- Format a key fingerprint in Bubble Babble.
 fingerprint_bubblebabble = function( fingerprint, algorithm, bits )
  local vowels = {'a','e','i','o','u','y'}
  local consonants = {'b','c','d','f','g','h','k','l','m','n','p','r','s','t','v','z','x'}
@@ -100,8 +104,9 @@ fingerprint_bubblebabble = function( fingerprint, algorithm, bits )
  return ("%d %s (%s)"):format( bits, s, algorithm )
 end

--- format key as visual fingerprint
-- ported from http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/key.c
+--- Format a key fingerprint into a visual ASCII art representation.
+-- \n\n
+-- Ported from http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/key.c.
 fingerprint_visual = function( fingerprint, algorithm, bits )
  local i,j,field,characters,input,fieldsize_x,fieldsize_y,s
  fieldsize_x, fieldsize_y = 17, 9
--- a/nselib/ssh2.lua
+++ b/nselib/ssh2.lua
@@ -1,5 +1,5 @@
-
-- @author = Sven Klemm <sven@c3d2.de>
+--- Functions for the SSH-2 protocol.
+-- @author Sven Klemm <sven@c3d2.de>
 -- @copyright See nmaps COPYING for licence

 module(... or "ssh2",package.seeall)
@@ -12,12 +12,12 @@ require "stdnse"
 -- table holding transport layer functions
 transport = {}

-- table of SSH2 constants
+-- table of SSH-2 constants
 local SSH2

--- pack multiprecision integer for sending
--@param bn openssl bignum 
--@return packed multiprecision integer
+--- Pack a multiprecision integer for sending.
+--@param bn openssl bignum.
+--@return packed multiprecision integer.
 transport.pack_mpint = function( bn )
  local bytes, packed
  bytes = bn:num_bytes()
@@ -29,9 +29,9 @@ transport.pack_mpint = function( bn )
  return bin.pack( ">IA", bytes, packed )
 end

--- build a ssh2 packet
--@param payload payload of the packet
--@return packet to send on the wire
+--- Build an SSH-2 packet.
+--@param payload payload of the packet.
+--@return packet to send on the wire.
 transport.build = function( payload )
  local packet_length, padding_length
  padding_length = 8 - ( (payload:len() + 1 + 4 ) % 8 )
@@ -39,9 +39,9 @@ transport.build = function( payload )
  return bin.pack( ">IcAA", packet_length, padding_length, payload, openssl.rand_pseudo_bytes( padding_length ) )
 end

--- extract the payload from a received SSH2 packet
--@param received SSH2 packet
--@return payload of the SSH2 packet
+--- Extract the payload from a received SSH-2 packet.
+--@param received SSH2 packet.
+--@return payload of the SSH2 packet.
 transport.payload = function( packet )
  local packet_length, padding_length, payload_length, payload, offset
  offset, packet_length, padding_length = bin.unpack( ">Ic", packet )
@@ -50,12 +50,12 @@ transport.payload = function( packet )
  return payload
 end

--- build kexdh_init packet
+--- Build kexdh_init packet.
 transport.kexdh_init = function( e )
  return bin.pack( ">cA", SSH2.SSH_MSG_KEXDH_INIT, transport.pack_mpint( e ) )
 end

--- build kex_init packet
+--- Build kex_init packet.
 transport.kex_init = function( cookie, options )
  options = options or {}
  kex_algorithms = "diffie-hellman-group1-sha1"
@@ -75,8 +75,9 @@ transport.kex_init = function( cookie, options )
  return payload
 end

--- parse kexinit package
-- returns an empty table in case of an error
+--- Parse kexinit package.
+-- \n\n
+-- Returns an empty table in case of an error
 transport.parse_kex_init = function( payload ) 
  local _, offset, msg_code, parsed, fields, fieldname
  parsed = {}
@@ -100,11 +101,11 @@ transport.parse_kex_init = function( payload )
 end


--- fetch SSH2 host key
--@param host nmap host table
--@param port nmap port table
--@param key_type key type to fetch
--@return table containing the key and fingerprint
+--- Fetch an SSH-2 host key.
+--@param host Nmap host table.
+--@param port Nmap port table.
+--@param key_type key type to fetch.
+--@return table containing the key and fingerprint.
 fetch_host_key = function( host, port, key_type )
  local socket = nmap.new_socket()
  local catch = function() socket:close() end
--- a/nselib/stdnse.lua
+++ b/nselib/stdnse.lua
@@ -1,4 +1,6 @@
--- Standard Nmap Engine functions.
+--- Standard Nmap Scripting Engine functions.
+-- \n\n
+-- This module contains various handy functions which are too small to justify modules of their own.
 --@copyright See nmaps COPYING for licence

 local assert = assert;
@@ -14,9 +16,14 @@ local EMPTY = {}; -- Empty constant table

 module(... or "stdnse");

--- Prints debug information according with verbosity <i>level</i>
-- formatted using Lua's standard string.format function.
--@param level Optional argument for verbosity.
+--- Prints a formatted debug message if the current verbosity level is greater
+-- than or equal to a given level.
+-- \n\n
+-- This is a convenience wrapper around nmap.print_debug_unformatted. The first
+-- optional numeric argument, verbosity, is used as the necessary debug level
+-- to print the message (it defaults to 1 if omitted). All remaining arguments
+-- are processed with Lua's string.format() function.
+--@param level Optional verbosity level.
 --@param fmt Format string according to string.format specifiers.
 --@param ... Arguments to format.
 --@see string.format
@@ -29,10 +36,13 @@ print_debug = function(level, fmt, ...)
  end
 end

--- Concat the contents of the parameter list. Each string is
-- separated by the string delimiter (just like in perl).
+--- Join a list of string with a separator string.
+-- \n\n
 -- Example: strjoin(", ", {"Anna", "Bob", "Charlie", "Dolores"})
 -- --> "Anna, Bob, Charlie, Dolores"
+-- \n\n
+-- Basically this is Lua's table.concat() function with the parameters swapped
+-- for coherence.
 --@param delimiter String to delimit each element of the list.
 --@param list Array of strings to concatenate.
 --@return Concatenated string.
@@ -40,12 +50,11 @@ function strjoin(delimiter, list)
  return concat(list, delimiter);
 end

--- Split text into a list consisting of the strings in text,
-- separated by strings matching delimiter (which may be a pattern). 
-- example: strsplit(",%s*", "Anna, Bob, Charlie, Dolores")
+--- Split a string at a given delimiter, which may be a pattern.
+-- Example: strsplit(",%s*", "Anna, Bob, Charlie, Dolores")
 --@param delimiter String which delimits the split strings.
 --@param text String to split.
--@return List of strings.
+--@return List of substrings without the delimiter.
 function strsplit(delimiter, text)
  local list, pos = {}, 1;

@@ -64,7 +73,10 @@ function strsplit(delimiter, text)
  return list;
 end

--- This function operates on a socket attempting to read data. It separates
+--- Return a wrapper closure around a socket that buffers socket reads into
+-- chunks separated by a pattern.
+-- \n\n
+-- This function operates on a socket attempting to read data. It separates
 -- the data by sep and, for each invocation, returns a piece of the
 -- separated data. Typically this is used to iterate over the lines of
 -- data received from a socket (sep = "\r?\n"). The returned string does
@@ -132,7 +144,8 @@ do
    f = "1111"
  };

--- Converts the given number, n, to a string in a binary number format.
+--- Converts the given number, n, to a string in a binary number format (10
+-- becomes "1010").
 --@param n Number to convert.
 --@return String in binary format.
  function tobinary(n)
@@ -141,7 +154,8 @@ do
  end
 end

--- Converts the given number, n, to a string in an octal number format.
+--- Converts the given number, n, to a string in an octal number format (10
+-- becomes "12").
 --@param n Number to convert.
 --@return String in octal format.
 function tooctal(n)
@@ -149,16 +163,22 @@ function tooctal(n)
  return ("%o"):format(n)
 end

--- encode string or number to hexadecimal
-- example: stdnse.tohex("abc") => "616263"
--          stdnse.tohex("abc",{separator=":"}) => "61:62:63"
--          stdnse.tohex("abc",{separator=":",group=4}) => "61:6263"
--          stdnse.tohex(123456) => "1e240"
--          stdnse.tohex(123456,{separator=":"}) => "1:e2:40"
--          stdnse.tohex(123456,{separator=":",group=4}) => "1:e240"
--@param s string or number to be encoded
--@param options table specifiying formatting options
--@return hexadecimal encoded string
+--- Encode a string or number in hexadecimal (10 becomes "a", "A" becomes
+-- "41").
+-- \n\n
+-- The returned string may be chunked into groups of a given size, separated
+-- by a given string.
+-- \n\n
+-- Examples:\n
+-- stdnse.tohex("abc") => "616263"\n
+-- stdnse.tohex("abc",{separator=":"}) => "61:62:63"\n
+-- stdnse.tohex("abc",{separator=":",group=4}) => "61:6263"\n
+-- stdnse.tohex(123456) => "1e240"\n
+-- stdnse.tohex(123456,{separator=":"}) => "1:e2:40"\n
+-- stdnse.tohex(123456,{separator=":",group=4}) => "1:e240"\n
+--@param s string or number to be encoded.
+--@param options table specifiying formatting options.
+--@return hexadecimal encoded string.
 function tohex( s, options ) 
  options = options or EMPTY
  local separator = options.separator
--- a/nselib/strbuf.lua
+++ b/nselib/strbuf.lua
@@ -1,4 +1,38 @@
--- String Buffer Facilities
+--- String Buffer facilities.
+-- \n\n
+-- Lua's string operations are very flexible and offer an easy-to-use way to
+-- manipulate strings. Concatenation using the .. operator is such an
+-- operation. The drawback of the built-in API however is the way it handles
+-- concatenation of many string values. Since strings in Lua are immutable
+-- values, each time you concatenate two strings both get copied into the result
+-- string.
+-- \n\n
+-- The strbuf module offers a workaround for this problem, while
+-- maintaining the nice syntax. This is accomplished by overloading the
+-- concatenation operator (..) the equality operator (==) and the tostring
+-- operator. By overloading these operators, we reduce the overhead of using a
+-- string buffer instead of a plain string to wrap the first literal string
+-- assigned to a variable inside a strbuf.new() call. Afterwards you can append
+-- to the string buffer, or compare two string buffers for equality just as you
+-- would do with normal strings.
+-- \n\n
+-- When looking at the details there are some more
+-- restrictions/oddities: The concatenation operator requires its left-hand
+-- value to be a string buffer. Therefore, if you want to prepend a string to a
+-- given string buffer you have to create a new string buffer out of the string
+-- you want to prepend. The string buffer's tostring operator concatenates the
+-- strings inside the buffer using newlines by default, since this appears to be
+-- the separator used most often.
+-- \n\n
+-- Example usage:\n
+-- local buf = strbuf.new()\n
+-- local buf2 = strbuf.new('hello')\n
+-- buf = buf .. 'string'\n
+-- buf = buf .. 'data'\n
+-- print(buf)                   -- default separator is a new line\n
+-- print(strbuf.dump(buf))      -- no separator\n
+-- print(strbuf.dump(buf, ' ')) -- separated by spaces\n
+-- strbuf.clear(buf)
 --@copyright See nmaps COPYING for license

 -- DEPENDENCIES --
@@ -19,23 +53,10 @@ module(... or "strbuf");
 -- operations are needed a string buffer should be used instead
 -- e.g. for i = 1, 10 do s = s..i end

--[[
-	local buf = strbuf.new()
-	-- from here buf may be used like a string for concatenation operations
-	-- (the lefthand-operand has to be a strbuf, the righthand-operand may be 
-	-- a string or a strbuf)
-	-- alternativly you can assign a value (which will become the first string
-	-- inside the buffer) with new
-	local buf2 = strbuf.new('hello')
-	buf = buf .. 'string'
-	buf = buf .. 'data'
-	print(buf)                   -- default seperator is a new line
-	print(strbuf.dump(buf))      -- no seperator
-	print(strbuf.dump(buf, ' ')) -- seperated by spaces
-	strbuf.clear(buf)
--]]
-
 --- Dumps the string buffer as a string.
+-- \n\n
+-- The second parameter is used as a delimiter between the strings stored inside
+-- strbuf.
 --@name dump
 --@class function
 --@param sbuf String buffer to dump.
@@ -102,10 +123,11 @@ local mt = {
  __index = _M,
 };

--- Create a new string buffer. The equals and tostring operators for String
+--- Create a new string buffer.
+-- \n\n
+-- The optional arguments are added to the string buffer. The result of adding
+-- non-strings is undefined. The equals and tostring operators for string
 -- buffers are overloaded to be strbuf.eqbuf and strbuf.tostring respectively.
-- All functions in strbuf can be accessed by a String buffer using the self
-- calling mechanism in Lua (e.g. strbuf:dump(...)).
 --@param ... Strings to add to the buffer initially.
 --@return String buffer.
 function new(...)