string.gsub returns 2 values, the new string and the number of
replacements made. It also has a 4th argument, the number of
replacements to make. So when you use the return value of gsub as the
3rd argument, and no replacements were made, it instructs the next call
to not make any replacements. Thanks to Ron Bowes for reporting this
issue.
A user reported this crash when scanning a target whose name contained
the '%' character:
NSE: Script Engine Scan Aborted.
An error was thrown by the engine: nse_main.lua:322: invalid capture index
stack traceback:
[C]: in function 'gsub'
nse_main.lua:322: in function 'd'
nse_main.lua:377: in function 'start'
nse_main.lua:912: in function 'run'
nse_main.lua:1390: in function <nse_main.lua:1293>
[C]: in ?
I'm not sure how a name with '%' got resolved, but I was able to
reproduce the crash by adding this line to /etc/hosts:
127.0.0.1 a%40b
and then running
./nmap --script=banner a%40b -d --top-ports 5
The gsub function recognizes "%d", where d is a digit, as a capture
index. The constructed string is then passed to print_debug, which is
like printf. Therefore we escape every occurrence of "%" twice, to get
"%%%%".
final script-args table. The rationale is, unfortunately shells interpret
quotes differently and so it can be hard to tell exactly what NSE ends up
seeing/producing. [Some discussion in #nmap on Freenode resulted in this
addition.]
o Moved some specific behavior for resuming a thread to Thread:resume().
o Cleaned up the inheritance mechanism to use a static metatable (the Class
table itself).
o Worker main functions are no longer wrapped with a function to truncate to 0
results. Instead, we just check if a thread is a worker in Thread:set_output()
to prevent adding output by worker threads.
NSE: Script Engine Scan Aborted.
An error was thrown by the engine: attempt to get length of a number
value
stack traceback:
[C]: in function 'port_set_output'
/home/rt/builds/nmap/nse_main.lua:314: in function 'set_output'
/home/rt/builds/nmap/nse_main.lua:947: in function 'run'
/home/rt/builds/nmap/nse_main.lua:1330: in function
</home/rt/builds/nmap/nse_main.lua:1237>
[C]: in ?
This now allows return of anything stringifiable as second return value
without crashing (though this may not be what the script author intends,
better to not crash)
Scripts may now return a key–value table, or such a table in addition to
a string. The table will be automatically formatted for normal output
and will appear as a hierarchy of elements in XML output.
Some history and discussion of this development can be found at
https://secwiki.org/w/Nmap/Structured_Script_Output.
This is a merge of r29484:29569 from /nmap-exp/david/xml-output.
* replace require function calls with stndse.silent_require
* fixed a bug in nse_main that would fail creating scripts.db when a script
fails to load
* reworked some code to provide limited functionality even though SSL is not
present
The loaders list determines the order in which places are checked for
Lua modules. I had a problem on Windows when the nmap.exe directory
contained WinPcap's packet.dll. There was a runtime error when liblua
tried to open packet.dll instead of our packet.lua. This way we check
for our own files first.
the name of a file containing all of your desired NSE script
arguments. The arguments may be separated with commas or newlines
and may be overridden by arguments specified on the command-line
with --script-args. [Daniel Miller]
directories that nmap will search, e.g. ~/.nmap/nselib $NMAPDIR/nselib
/usr/share/nmap/nselib etc.
Resolves Daniel Miller's request [1].
[1] http://seclists.org/nmap-dev/2011/q3/817
where the Script.new failed:
chosen_scripts[#chosen_scripts+1] = Script.new(path);
if Script.new returns nil, then the operation is a no-op (as intended). So,
just add the script to the array. Script.new now accepts a selected_by_name
argument so we don't set it manually.
then looks in the scripts subdirectory, then in the current directory.
cnse.fetchfile_absolute now checks for an absolute path, then calls
nmap_fetchfile if that fails (and no longer looks in scripts/). Use
cnse.fetchscript when accessing files that should be in the scripts
subdirectory.
