nmap.new_try() shouldn't be used in libraries. It results in Lua errors
being thrown that the script can't recover from without resorting to
pcall(). It has been replaced in proxy.lua with proper error handling
which did not require any changes to the scripts (http-open-proxy and
socks-open-proxy) that used it.
@field tag names in NSEdoc must be valid identifiers, so they cannot
contain "-". As a general rule, anything that needs to be quoted like
this: mytable["field-name"] is invalid. In this case, the ajp library
had a field called "status-line", which caused NSEdoc generation to fail
when it was finally documented. This change renames it to "status_line",
which should fix the issue.
http-xssed unconditionally used host.targetname, which is only set when
the target is specified as a name, not an IP address or range. Now we
prefer the targetname, but fall back to the reverse-dns name, and
finally to the IP address. Perhaps we should be more strict, if
xssed.com only allows domain names, for instance?
Check for error 71 (0x47), which means the server is simply not a master
or backup browser and will not respond.
Also teardown the SMB session as far as it has been established, to be
nice.
for lib in nselib/*.lua*; do l=${lib#*/}; l=${l%.lua*}; find . -name \
\*.lua -o -name \*.nse | xargs grep -l "require .$l\>" | xargs grep \
-c "\<$l\." | grep ':0$' | awk -F: '{print "'$l'", $1}'; done
Did not remove calls to stdnse.silent_require since these can be used to
abort script execution if OpenSSL is not included, even if the script
does not directly call openssl.* (perhaps it uses comm.tryssl instead,
for instance).
Also did not remove require "strict", since that library is special and
modifies the environment.
stdnse.print_debug accepts a format string and arguments, making
string.format redundant in calls of this form:
stdnse.print_debug(1, string.format("%s: error", SCRIPT_NAME))
stdnse.print_debug(("length %d"):format(#tab))
These can be rewritten as:
stdnse.print_debug(1, "%s: error", SCRIPT_NAME)
stdnse.print_debug("length %d", #tab)
Mostly in documentation (the description field, for instance), but also
some long literal strings. Lua 5.2 introduces a string escape, "\z",
which escapes any amount of subsequent whitespace, including newlines.
This can be used to wrap string literals without upsetting indentation.
http://www.lua.org/manual/5.2/manual.html#3.1
Mostly found with:
for i in nselib/*.lua scripts/*.nse; do
echo $(perl -lne 'BEGIN{$a=$p=0}next unless $_;/^(\s*)/;' \
-e '$l=length$1;next if$l==$p;$a+=(abs($l-$p)-$a)/$.;' \
-e '$p=$l;END{print$a}' $i) $i
done | sort -nr
And indented with: https://gist.github.com/bonsaiviking/8845871
whois-ip.nse was particularly mangled (probably my fault due to using
vim's built-in indentation script, but it could be structured better)
From this thread: http://seclists.org/nmap-dev/2014/q1/105
* Extensions now better supported in tls.lua
* ssl-enum-ciphers sends all EC options to ensure servers reply with
supported EC suites
* tls.lua supports multiple messages of a single type within 1 record
* tls.record_buffer will read an entire TLS record into a buffer
* ssl-date and tls-nextprotoneg updated to use tls.record_buffer
These implementations were all functionally identical. The replacement
has an extra feature of returning the index where the value was found,
currently unused.
This function will format a MAC address as colon-separated hex bytes.
It's really very simple: stdnse.tohex(mac, {separator=":"})
This commit updates all the instances I could find of the varying
convoluted attempts at performing this conversion.
