nmap/nselib/nmap.luadoc

--- Interface with Nmap internals.
--
-- The <code>nmap</code> module is an interface with Nmap's internal functions
-- and data structures. The API provides target host details such as port
-- states and version detection results. It also offers an interface to the
-- Nsock library for efficient network I/O. 
-- @copyright Same as Nmap--See http://nmap.org/book/man-legal.html

module "nmap"

--- Returns the debugging level as a non-negative integer.
--
-- The debugging level can be set with the <code>-d</code> option.
-- @return The debugging level.
-- @usage if nmap.debugging() > 0 then ... end
function debugging()

--- Determines whether Nmap was compiled with SSL support.
--
-- This can be used to avoid sending SSL probes when SSL is not available. 
-- @return True if Nmap was compiled with SSL support, false otherwise.
function have_ssl()

--- Returns the verbosity level as a non-negative integer.
--
-- The verbosity level can be set with the <code>-v</code> option.
-- @return The verbosity level.
-- @usage if nmap.verbosity() > 0 then ... end
function verbosity()

--- Searches for the specified file and returns a string containing its path if
-- it is found and readable (to the process).
--
-- If the file is not found, not readable, or is a directory, <code>nil</code>
-- is returned.
-- @usage
-- nmap.fetchfile("nmap-rpc") --> "/usr/local/share/nmap/nmap-rpc"
-- @param filename Filename to search for.
-- @return String representing the full path to the file or <code>nil</code>.
function fetchfile(filename)

--- Returns the timing level as a non-negative integer.
--
-- Possible return values vary from <code>0</code> to <code>5</code>,
-- corresponding to the six built-in Nmap timing templates. The timing level
-- can be set with the <code>-T</code> option.
-- @return The timing level.
function timing_level()

--- Gets a port table for a port on a given host.
--
-- This function takes a host table and a port table and returns a port table
-- for the queried port. The port table returned is similar in structure to the
-- ones passed to the <code>hostrule</code>, <code>portrule</code>, and
-- <code>action</code> functions.
--
-- You can of course reuse the host and port tables passed to a script's rule
-- function. The purpose of this call is to be able to match scripts against
-- more than one open port. For example if the target host has an open port 22
-- and a running identd server, then you can write a script which will only fire
-- if both ports are open and there is an identification server on port 113.
-- While it is possible to specify IP addresses different to the currently
-- scanned target, the result will only be correct if the target is in the
-- currently scanned group of hosts.
-- @param host Host table, containing an <code>ip</code> field.
-- @param port Port table, containing <code>number</code> and
-- <code>protocol</code> fields.
-- @return A new port table holding the status and information for the port.
-- @usage p = nmap.get_port_state({ip="127.0.0.1"}, {number="80", protocol="tcp"})
function get_port_state(host, port)

--- Sets the state of a port on a given host.
--
-- Using this function, the final port state, reflected in Nmap's results, can
-- be changed for a target. This is useful when Nmap detects a port as
-- <code>open|filtered</code>, but the script successfully connects to that
-- port. In this case, the script can set the port state to <code>open</code>.
-- This function doesn't change the original port table passed a script's
-- action function.
-- @param host Host table, containing an <code>ip</code> field.
-- @param port Port table, containing <code>number</code> and
-- <code>protocol</code> fields.
-- @param state Port state, like <code>"open"</code> or <code>"closed"</code>.
function set_port_state(host, port, state)

--- Sets version information on a port.
--
-- NSE scripts are sometimes able to determine the service name and application
-- version listening on a port. A whole script category (<code>version</code>)
-- was designed for this purpose. This function is used to record version
-- information when it is discovered.
--
-- The host and port arguments to this function should either be the tables
-- passed to the action method or they should have the same structure. The port
-- argument specifies the port to operate on through its <code>number</code>
-- and <code>protocol</code> fields. and also contains the new version
-- information to set. The version detection fields this function looks at are
-- <code>name</code>, <code>product</code>, <code>version</code>,
-- <code>extrainfo</code>, <code>hostname</code>, <code>ostype</code>,
-- <code>devicetype</code>, and <code>service_tunnel</code>. All these keys are
-- optional.
--
-- The <code>probestate</code> argument describes the state in which the script
-- completed. It is a string, one of: <code>"hardmatched"</code>,
-- <code>"softmatched"</code>, <code>"nomatch"</code>,
-- <code>"tcpwrapped"</code>, or <code>"incomplete"</code>.
-- <code>"hardmatched"</code> is almost always used, as it signifies a
-- successful match. The other possible states are generally only used for
-- standard version detection rather than the NSE enhancement.
-- @param host Host table, containing and <code>ip</code> field.
-- @param port Port table, containing <code>number</code> and
-- <code>protocol</code> fields, as well as any additional version information
-- fields.
-- @param probestate The state of the probe: <code>"hardmatched"</code>,
-- <code>"softmatched"</code>, <code>"nomatch"</code>,
-- <code>"tcpwrapped"</code>, or <code>"incomplete"</code>.
function set_port_version(host, port, probestate)

--- Returns the current date and time in milliseconds.
-- @return The number of milliseconds since the epoch (on most systems this is
-- 01/01/1970).
-- @usage local now = nmap.clock_ms()
function clock_ms()

--- Gets the link-level hardware type of an interface.
--
-- This function takes a dnet-style interface name and returns a string
-- representing the hardware type of the interface. Possible return values are
-- <code>"ethernet"</code>, <code>"loopback"</code>, <code>"p2p"</code>, or
-- <code>nil</code> if none of the other types apply.
-- @param interface_name The name of the interface.
-- @return <code>"ethernet"</code>, <code>"loopback"</code>,
-- <code>"p2p"</code>, or <code>nil</code>.
-- @usage iface_type = nmap.get_interface_list("eth0")
function get_interface_link(interface_name)

--- Create a mutex on an object.
--
-- This function returns another function that works as a mutex on the object
-- passed. This object can be any Lua data type except <code>nil</code>,
-- Booleans, and numbers. The returned function allows you to lock, try to
-- lock, and release the mutex. The returned function takes only one argument,
-- which must be one of
-- * <code>"lock"</code>: makes a blocking lock on the mutex. If the mutex is busy then the thread will yield and wait. The function returns with the mutex locked.
-- * <code>"trylock"</code>: makes a non-blocking lock on the mutex. If the mutex is busy then it immediately returns with a return value of false. Otherwise, the mutex locks the mutex and returns true.
-- * <code>"done"</code>: releases the mutex and allows another thread to lock it. If the thread does not have a lock on the mutex, an error will be raised.
-- * <code>"running"</code>: returns the thread locked on the mutex or <code>nil</code> if no thread is locked. This should only be used for debugging as it interferes with finished threads from being collected.
-- @param object Object to create a mutex for.
-- @return Mutex function which takes one of the following arguments:
-- <code>"lock"</code>, <code>"trylock"</code>, <code>"done"</code>, or
-- <code>"running"</code>.
-- @usage
-- id = "My Script's Unique ID"
--
-- local mutex = nmap.mutex(id)
-- function action(host, port)
--   mutex "lock"
--   -- do stuff
--   mutex "done"
--   return script_output
-- end
function mutex(object)

--- Creates a new exception handler.
--
-- This function returns another function, an exception handler. The returned
-- function takes a variable number of arguments, which are assumed to be the
-- return values of another function. It checks the return values for an
-- exception, which is signalled when the first return value is false. If there
-- is an exception, the script will stop immediately and produce no output. An
-- optional handler function can be called before the script is stopped. In the
-- error handler function you can perform any clean-up operations, such as
-- closing a socket.
-- @param handler Exception handler function (optional).
-- @usage
-- local result, socket, try, catch
-- 
-- result = ""
-- socket = nmap.new_socket()
-- catch = function()
--   socket:close()
-- end
-- try = nmap.new_try(catch)
-- try(socket:connect(host.ip, port.number))
-- result = try(socket:receive_lines(1))
-- try(socket:send(result))
function new_try(handler)

--- Returns a new NSE socket object.
--
-- To allow for efficient and parallelizable network I/O, NSE provides an
-- interface to Nsock, the Nmap socket library. The smart callback mechanism
-- Nsock uses is fully transparent to NSE scripts. The main benefit of NSE's
-- sockets is that they never block on I/O operations, allowing many scripts to
-- be run in parallel. The I/O parallelism is fully transparent to authors of
-- NSE scripts. In NSE you can either program as if you were using a single
-- non-blocking socket or you can program as if your connection is blocking.
-- Seemingly blocking I/O calls still return once a specified timeout has been
-- exceeded.
--
-- NSE sockets are the recommended way to do network I/O. They support
-- <code>connect</code>-style sending and receiving over TCP and UDP (and SSL),
-- as well as raw socket receiving.
-- @return A new NSE socket.
-- @see pcap_open
-- @usage local socket = nmap.new_socket()
function new_socket()

--- Establishes a connection.
--
-- This method puts a socket in a state ready for communication. It takes as
-- arguments a host descriptor (either an IP address or a hostname), a port
-- number and optionally a protocol. The protocol must be one of
-- <code>"tcp"</code>, <code>"udp"</code> or <code>"ssl"</code>; it is
-- <code>"tcp"</code> if not specified.
--
-- On success the function returns true. On failure it returns false and an
-- error string. Those strings are taken from the <code>gai_strerror</code> C
-- function. They are (with the error code in parentheses):
-- * <code>"Address family for hostname not supported"</code> (<code>EAI_ADDRFAMILY</code>)
-- * <code>"Temporary failure in name resolution"</code> (<code>EAI_AGAIN</code>)
-- * <code>"Bad value for ai_flags"</code> (<code>EAI_BADFLAGS</code>)
-- * <code>"Non-recoverable failure in name resolution"</code> (<code>EAI_FAIL</code>)
-- * <code>"ai_family not supported"</code> (<code>EAI_FAMILY</code>)
-- * <code>"Memory allocation failure"</code> (<code>EAI_MEMORY</code>)
-- * <code>"No address associated with hostname"</code> (<code>EAI_NODATA</code>)
-- * <code>"Name or service not known"</code> (<code>EAI_NONAME</code>)
-- * <code>"Servname not supported for ai_socktype"</code> (<code>EAI_SERVICE</code>)
-- * <code>"ai_socktype not supported"</code> (<code>EAI_SOCKTYPE</code>)
-- * <code>"System error"</code> (<code>EAI_SYSTEM</code>)
-- In addition to these standard system error messages there are two
-- NSE-specific errors:
-- * <code>"Sorry, you don't have OpenSSL"</code>: The protocol is <code>"ssl"</code> but but Nmap was compiled without OpenSSL support.
-- * <code>"invalid connection method"</code>: The second parameter is not one of <code>"tcp"</code>, <code>"udp"</code>, and <code>"ssl"</code>.
-- @param hostid Hostname or IP address.
-- @param port Port number.
-- @param protocol <code>"tcp"</code>, <code>"udp"</code>, or
-- <code>"ssl"</code> (default <code>"tcp"</code>).
-- @return Status (true or false).
-- @return Error code (if status is false).
-- @see new_socket
-- @usage local status, err = socket:connect(host.ip, port, "udp")
function connect(hostid, port, protocol)

--- Sends data on an open socket.
--
-- This socket method sends the data contained in the data string through an
-- open connection. On success the function returns true. If the send operation
-- has failed, the function returns true along with an error string. The error
-- strings are
-- * <code>"Trying to send through a closed socket"</code>: There was no call to <code>socket:connect</code> before the send operation.
-- * <code>"TIMEOUT"</code>: The operation took longer than the specified timeout for the socket.
-- * <code>"ERROR"</code>: An error occurred inside the underlying Nsock library.
-- * <code>"CANCELLED"</code>: The operation was cancelled.
-- * <code>"KILL"</code>: For example the script scan is aborted due to a faulty script.
-- * <code>"EOF"</code>: An EOF was read (probably will not occur for a send operation).
-- @param data The data to send.
-- @return Status (true or false).
-- @return Error code (if status is false).
-- @see new_socket
-- @usage local status, err = socket:send(data)
function send(data)

--- Receives data from an open socket.
--
-- The receive method does a non-blocking receive operation on an open socket.
-- On success the function returns true along with the received data. On
-- failure the function returns false along with an error string. A failure
-- occurs for example if <code>receive</code> is called on a closed socket. The
-- receive call returns to the NSE script all the data currently stored in the
-- receive buffer of the socket. Error conditions are the same as for
-- <code>send</code>.
-- @return Status (true or false).
-- @return Data (if status is true) or error string (if status is false).
-- @see new_socket
-- @usage local status, data = socket:receive()
function receive()

--- Receives lines from an open connection.
--
-- Tries to receive at least <code>n</code> lines from an open connection. A
-- line is a string delimited with <code>\n</code> characters.  If no data was
-- was received before the operation times out a <code>"TIMEOUT"</code> error
-- occurs. If even one character was received then it is returned with success.
-- On the other hand, if more than <code>n</code> lines were received, all are
-- returned, not just <code>n</code>. Use <code>stdnse.make_buffer</code> to
-- guarantee only one line is returned per call.
--
-- On success the function returns true along with the received data. If
-- receiving data has failed, the function returns false along with an error
-- string. Error conditions are the same as for <code>send</code>.
-- @param n Minimum number of lines to read.
-- @return Status (true or false).
-- @return Data (if status is true) or error string (if status is false).
-- @see new_socket
-- @usage local status, lines = socket:receive_lines(1)
function receive_lines(n)

--- Receives bytes from an open connection.
--
-- Tries to receive at least <code>n</code> bytes from an open connection. Like
-- in <code>receive_lines</code>, <code>n</code> is the minimum amount of
-- characters we would like to receive. If more arrive, we get all of them. If
-- even one is received then it is returned. If no characters arrive before the
-- operation times out, a <code>"TIMEOUT"</code> error occurs.
--
-- On success the function returns true along with the received data. If
-- receiving data has failed, the function returns false along with an error
-- string. Error conditions are the same as for <code>send</code>.
-- @param n Minimum number of bytes to read.
-- @return Status (true or false).
-- @return Data (if status is true) or error string (if status is false).
-- @see new_socket
-- @usage local status, bytes = socket:receive_bytes(1)
function receive_bytes(n)

--- Reads from a socket using a buffer and an arbitrary delimiter.
--
-- This method reads data from the network until it encounters the given
-- delimiter string (or matches the function passed in). This function
-- continues to read from the network until the delimiter is found or the
-- function times out.  If data is read beyond the delimiter, that data is
-- saved in a buffer for the next call to <code>receive_buf</code>.  This
-- buffer is cleared on subsequent calls to other Network I/O API functions.
--
-- The first argument may be either a pattern or a function. If a pattern, that
-- pattern is used to separate the data. If a function, it must take exactly
-- one parameter (the buffer) and its return values must be in the same format
-- as those of <code>string.find</code> (offsets to the start and the end of
-- the delimiter inside the buffer, or <code>nil</code> if the delimiter is not
-- found).  The nselib <code>match.lua</code> module provides functions for
-- matching against regular expressions or byte counts. These functions are
-- suitable as arguments to <code>receive_buf</code>.
--
-- The second argument to <code>receive_buf</code> is a Boolean value
-- controlling whether the delimiting string is returned along with the
-- received data (true) or discarded (false).
--
-- On success the function returns true along with the received data. On failure
-- the function returns false along with an error string. Possible error
-- messages are the same as those that the other receive functions can return,
-- with the addition of
-- * <code>"Error inside splitting-function"</code>: The first argument was a function which caused an error while being called.
-- * <code>"Error in string.find (nsockobj:receive_buf)!"</code>: A string was provided as the first argument, and string.find() yielded an error while being called.
-- * <code>"Expected either a function or a string!"</code>: The first argument was neither a function nor a string.
-- * <code>"Delimiter has negative size!"</code>: The returned start offset is greater than the end offset.
-- @param delimiter A Lua pattern or a function with return values like those of
-- <code>string.find</code>.
-- @param keeppattern Whether to return the delimiter string with any returned
-- data.
-- @return Status (true or false).
-- @return Data (if status is true) or error string (if status is false).
-- @see new_socket
-- @usage local status, line = socket:receive_buf("\r?\n", false)
function receive_buf(delimiter, keeppattern)

--- Closes an open connection.
--
-- On success the function returns true. If the close fails, the function
-- returns false and an error string. Currently the only error message is
-- <code>"Trying to close a closed socket"</code>, which is issued if the
-- socket has already been closed.
--
-- Sockets are subject to garbage collection. Should you forget to close a
-- socket, it will get closed before it gets deleted (on the next occasion Lua's
-- garbage collector is run). However since garbage collection cycles are
-- difficult to predict, it is considered good practice to close opened sockets.
-- @return Status (true or false).
-- @return Error code (if status is false).
-- @see new_socket
-- @usage socket:close()
function close()

--- Gets information about a socket.
--
-- This function returns information about a socket object. It returns five
-- values. If an error occurred, the first value is <code>nil</code> and the
-- second value is an error string. Otherwise the first value is true and the
-- remaining 4 values describe both endpoints of the TCP connection. If you put
-- the call inside an exception handler created by <code>new_try</code> the
-- status value is consumed. The call can be used for example if you want to
-- query an authentication server.
-- @return Status (true or false).
-- @return Local IP address (if status is true) or error string (if status is
-- false).
-- @return Local port number (if status is true).
-- @return Remote IP address (if status is true).
-- @return Remote port number (if status is true).
-- @see new_socket
-- @usage local status, lhost, lport, rhost, rport = socket:get_info()
function get_info()

--- Sets a timeout for socket input and output operations.
--
-- After this time, given in milliseconds, socket operations will time out and
-- return. The default value is 30,000 (30 seconds). The lowest allowed value is
-- 10 ms, since this is the granularity of NSE network I/O.
-- @param t Timeout in milliseconds.
-- @see new_socket
-- @usage socket:set_timeout(10000)
function set_timeout(t)

--- Opens a socket for raw packet capture.
--
-- The callback function is a function that receives a packet with headers and
-- computes a "packet hash", some value derived from the packet. For example,
-- the callback function could extract the source IP address from a packet. The
-- hash of each packet received is compared against all the strings registered
-- with the <code>pcap_register</code> function.
-- @param device The dnet-style interface name of the device you want to capture
-- from.
-- @param snaplen The length of each packet you want to capture (similar to the
-- <code>-s</code> option to tcpdump)
-- @param promisc Set to 1 if the interface should activate promiscuous mode,
-- and 0 otherwise.
-- @param test_function Callback function used to compute the packet hash.
-- @param bpf A string describing a Berkeley Packet Filter expression (like
-- those provided to tcpdump).
-- @see new_socket, pcap_register, pcap_receive
-- @usage
-- local socket = nmap.new_socket()
-- socket:pcap_open("eth0", 64, 0, callback, "tcp")
function pcap_open(device, snaplen, promisc, test_function, bpf)

--- Starts listening for incoming packets.
--
-- The provided <code>packet_hash</code> is a binary string which has to match
-- the hash returned by the <code>test_function</code> parameter provided to
-- <code>pcap_open</code>. If you want to receive all packets, just provide
-- the empty string (<code>""</code>). There has to be a call to
-- <code>pcap_register</code> before a call to <code>pcap_receive</code>.
-- @param packet_hash A binary string that is compared against packet hashes.
-- @see pcap_open, pcap_receive
-- @usage socket:pcap_register("")
function pcap_register(packet_hash)

--- Receives a captured packet.
--
-- If an error or timeout occurs, the function returns false and an error
-- message. Otherwise, the function returns true followed by the packet length,
-- the layer two header, and the layer three header.
-- @return Status (true or false).
-- @return The length of the captured packet (this may be smaller than the
-- actual packet length since packets are truncated when the Libpcap snaplen
-- parameter is smaller than the total packet length).
-- @return Data from the second OSI layer (e.g. ethernet headers).
-- @return Data from the third OSI layer (e.g. IPv4 headers).
-- @see pcap_open, pcap_register
-- @usage status, plen, l2_data, l3_data = socket:pcap_receive()
function pcap_receive()

--- Closes a pcap device.
-- @see close, pcap_close
-- @usage socket:pcap_close()
function pcap_close()

--- Creates a new dnet object, used to send raw packets.
-- @usage local dnet = nmap.new_dnet()
function new_dnet()

--- Opens an ethernet interface for raw packet sending.
--
-- An error (<code>"device is not valid ethernet interface"</code>) is thrown
-- in case the provided argument is not valid.
-- @param interface_name The dnet-style name of the interface to open.
-- @see new_dnet
-- @usage dnet:ethernet_open("eth0")
function ethernet_open(interface_name)

--- Sends a raw ethernet frame.
--
-- The dnet object must be associated with a previously opened interface. The
-- packet must include the IP and ethernet headers. If there was no previous
-- valid call to <code>ethernet_open</code> an error is thrown
-- (<code>"dnet is not valid opened ethernet interface"</code>).
-- @param packet An ethernet frame to send.
-- @see new_dnet
-- @usage dnet:ethernet_open(packet)
function ethernet_send(packet)

--- Closes an ethernet interface.
--
-- An error (<code>"device is not valid ethernet interface"</code>) is thrown
-- in case the provided argument is not valid.
-- @see new_dnet, ethernet_open
-- @usage dnet:ethernet_close()
function ethernet_close()