Building a string with var = var .. "something" has miserable time
complexities. This commit cleans up a lot of that in scripts, focusing
on packing of data with bin.pack and concatenations within loops.
Additionally, a few instances were replaced with string.rep
psl_tree now takes an accumulator argument. It adds lines to the result
table instead of concatenating them together in a string. Then psl_print
concats all the lines together.
stdnse.debug writes the IP to messages so scripts don't have to.
A couple of functions no longer needed the target IP passed to them: their
signature and nsedoc were updated accordingly, along with any calls to them.
Also fix some white space.
In most cases (e.g. any of the nmap.socket operations), functions can
take full host and port tables instead of just host.ip and port.number.
This makes for cleaner-looking code and easier extensibility if we
decide to check for a protocol on both TCP and UDP, for instance.
Had a report via service fingerprint correction of netbus-version
reporting an unrelated service as NetBuster. This would happen for any
service on port 12345 that responds with a banner containing less than 2
carriage returns, or which closes the connection after the first NetBus
protocol message. Now, all netbus-* scripts require the banner to begin
with "NetBus" before they will continue.
Use of the "H" bin.unpack template should be discouraged, since it leads
to use of blobs of hex data without dissection. NSE scripts should be
self-documenting with regard to packet contents. Similarly, chaining
bin.pack and bin.unpack is usually an anti-pattern for some simpler
construct. In this case, converting a number to hex, padding it with
"0", and packing it is unnecessary, since the original number can be
packed directly with the proper endianness and width.
Summary of changes:
* Clarified LIKELY_VULN status, since actual DoS may not be possible
(false positive)
* Made worker threads closures to simplify/fix testing multiple servers
at once.
* Added debug statements at script exit locations to clarify status when
script terminates early.
* Added CVE reference.
We recently became dependent on OpenSSL for some of ssl-enum-ciphers's
functionality (parsing certificates). We should have a decent fallback
(e.g. don't parse the certificate, issue a warning, and use a dummy
score).
[ci skip] This tells Travis to skip the CI build when this commit is
pushed, useful for documentation changes that don't affect the build.
