mirror of
https://github.com/nmap/nmap.git
synced 2025-12-29 19:09:01 +00:00
06b661f2ef
nmap.new_try is not a function accepting another function, it is a function taking a variable number of arguments, assumed to be the return value of some function. In other words, the returned try function is not responsible for running other functions, it only sees their return values.
445 lines
22 KiB
Plaintext
445 lines
22 KiB
Plaintext
--- Interface with Nmap internals.
|
|
-- \n\n
|
|
-- The nmap module is an interface with Nmap's internal functions and data
|
|
-- structures. The API provides target host details such as port states and
|
|
-- version detection results. It also offers an interface to the Nsock library
|
|
-- for efficient network I/O.
|
|
|
|
module "nmap"
|
|
|
|
--- Returns the debugging level as a non-negative integer.
|
|
-- \n\n
|
|
-- The debugging level can be set with the -d option.
|
|
-- @return The debugging level.
|
|
-- @usage if nmap.debugging() > 0 then ... end
|
|
function nmap.debugging()
|
|
|
|
--- Determines whether Nmap was compiled with SSL support.
|
|
-- \n\n
|
|
-- This can be used to avoid sending SSL probes when SSL is not available.
|
|
-- @return true if Nmap was compiled with SSL support, false otherwise.
|
|
function nmap.have_ssl()
|
|
|
|
--- Returns the verbosity level as a non-negative integer.
|
|
-- \n\n
|
|
-- The verbosity level can be set with the -v option.
|
|
-- @return The verbosity level.
|
|
-- @usage if nmap.verbosity() > 0 then ... end
|
|
function nmap.verbosity()
|
|
|
|
--- Searches for the specified file and returns a string containing its path if
|
|
-- it is found and readable (to the process).
|
|
-- \n\n
|
|
-- If the file is not found, not readable, or is a directory, nil is returned.
|
|
-- The call nmap.fetchfile("nmap-rpc") will search for the data file nmap-rpc
|
|
-- and, assuming it's found (which it should be), return a string like
|
|
-- "/usr/local/share/nmap/nmap-rpc".
|
|
-- @param filename Filename to search for.
|
|
-- @return String representing the full path to the file or nil.
|
|
function nmap.fetchfile(filename)
|
|
|
|
--- Returns the timing level as a non-negative integer. Possible return values
|
|
-- vary from 0 to 5, corresponding to the six built-in Nmap timing templates.
|
|
-- The timing level can be set with the -T option.
|
|
-- @return The timing level.
|
|
function nmap.timing_level()
|
|
|
|
--- Gets a port table for a port on a given host.
|
|
-- \n\n
|
|
-- This function takes a host table and a port table and returns a port table
|
|
-- for the queried port. The port table returned is similar in structure to the
|
|
-- ones passed to the rule and action functions.
|
|
-- \n\n
|
|
-- You can of course reuse the host and port tables passed to the port rule
|
|
-- function. The purpose of this call is to be able to match scripts against
|
|
-- more than one open port. For example if the target host has an open port 22
|
|
-- and a running identd server, then you can write a script which will only fire
|
|
-- if both ports are open and there is an identification server on port 113.
|
|
-- While it is possible to specify IP addresses different to the currently
|
|
-- scanned target, the result will only be correct if the target is in the
|
|
-- currently scanned group of hosts.
|
|
-- @param host Host table, containing an "ip" field.
|
|
-- @param port Port table, containing "number" and "protocol" fields.
|
|
-- @param protocol Protocol string ("tcp" or "udp")
|
|
-- @return A new port table holding the status and information for the port.
|
|
-- @usage p = nmap.get_port_state({ip="127.0.0.1"}, {number="80", protocol="tcp"})
|
|
function nmap.get_port_state(host, port)
|
|
|
|
--- Sets the state of a port on a given host.
|
|
-- \n\n
|
|
-- Using this function, the final port state, reflected in Nmap's results,
|
|
-- can be changed for a target. This is useful when Nmap detects a port as
|
|
-- "open|filtered", but the script successfully connects to that port. In this
|
|
-- case, the script can set the port state to "open". Note that the port.state
|
|
-- value, which is passed to the script's action function will not be changed by
|
|
-- this call.
|
|
-- @param host Host table, containing an "ip" field.
|
|
-- @param port Port table, containing "number" and "protocol" fields.
|
|
-- @param state Port state, like "open" or "closed".
|
|
function nmap.set_port_state(host, port, state)
|
|
|
|
--- Sets version information on a port.
|
|
-- \n\n
|
|
-- NSE scripts are sometimes able to determine the service name and application
|
|
-- version listening on a port. A whole script category (version) was designed
|
|
-- for this purpose. set_port_version function is used to record version
|
|
-- information when it is discovered.
|
|
-- \n\n
|
|
-- The host and port arguments to this function should either be the tables
|
|
-- passed to the action method or they should have the same structure. The port
|
|
-- argument specifies the port to operate on through its "number" and "protocol"
|
|
-- fields. and also contains the new version information to set. The version
|
|
-- detection fields this function looks at are "name", "product", "version",
|
|
-- "extrainfo", "hostname", "ostype", "devicetype", and "service_tunnel". All
|
|
-- these keys are optional.
|
|
-- \n\n
|
|
-- The probestate argument describes the state in which the script completed. It
|
|
-- is a string, one of: "hardmatched", "softmatched", "nomatch", "tcpwrapped",
|
|
-- or "incomplete". "hardmatched" is almost always used, as it signifies a
|
|
-- successful match. The other possible states are generally only used for
|
|
-- standard version detection rather than the NSE enhancement.
|
|
-- @param host Host table, containing and "ip" field.
|
|
-- @param port Port table, containing "number" and "protocol" fields, as well as
|
|
-- any additional version information fields.
|
|
-- @param probestate The state of the probe: "hardmatched", "softmatched",
|
|
-- "nomatch", "tcpwrapped", or "incomplete".
|
|
function nmap.set_port_version(host, port, probestate)
|
|
|
|
--- Returns the current date and time in milliseconds.
|
|
-- @return The number of milliseconds since the epoch (on most systems this is
|
|
-- 01/01/1970).
|
|
function nmap.clock_ms()
|
|
|
|
--- Gets the link-level hardware type of an interface.
|
|
-- \n\n
|
|
-- This function takes a dnet-style interface name and returns a string
|
|
-- representing the hardware type of the interface. Possible return values are
|
|
-- "ethernet", "loopback", "p2p", or nil if none of the other types apply.
|
|
-- @param interface_name The name of the interface.
|
|
-- @return "ethernet", "loopback", "p2p", or nil.
|
|
function nmap.get_interface_link(interface_name)
|
|
|
|
--- Create a mutex on an object.
|
|
-- \n\n
|
|
-- This function returns another function that works as a mutex on the object
|
|
-- passed. This object can be any Lua data type except nil, booleans, and
|
|
-- numbers. The returned function allows you to lock, try to lock, and release
|
|
-- the mutex. The returned function takes only one argument, which must be one
|
|
-- of\n
|
|
-- "lock": makes a blocking lock on the mutex. If the mutex is busy then
|
|
-- the thread will yield and wait. The function returns with the mutex locked.\n
|
|
-- "trylock": makes a non-blocking lock on the mutex. If the mutex is
|
|
-- busy then it immediately returns with a return value of false. Otherwise,
|
|
-- the mutex locks the mutex and returns true.\n
|
|
-- "done": releases the mutex and allows another thread to lock it. If
|
|
-- the thread does not have a lock on the mutex, an error will be raised.\n
|
|
-- "running": returns the thread locked on the mutex or nil if no thread
|
|
-- is locked. This should only be used for debugging as it interferes with
|
|
-- finished threads from being collected.
|
|
-- @param object Object to create a mutex for.
|
|
-- @return Mutex function which takes one of the following arguments: "lock",
|
|
-- "trylock", "done", or "running".
|
|
-- @usage
|
|
-- id = "My Script's Unique ID";\n
|
|
-- \n
|
|
-- local mutex = nmap.mutex(id);\n
|
|
-- function action(host, port)\n
|
|
-- mutex "lock";\n
|
|
-- -- do stuff\n
|
|
-- mutex "done";\n
|
|
-- return script_output;\n
|
|
-- end
|
|
function nmap.mutex(object)
|
|
|
|
--- Creates a new exception handler.
|
|
-- \n\n
|
|
-- This function returns another function, an exception handler. The returned
|
|
-- function takes a variable number of arguments, which are assumed to be the
|
|
-- return values of another function. It checks the return values for an
|
|
-- exception, which is signalled when the first return value is false. If there
|
|
-- is an exception, the script will stop immediately and produce no output. An
|
|
-- optional handler function can be called before the script is stopped. In the
|
|
-- error handler function you can perform any clean-up operations, such as
|
|
-- closing a socket.
|
|
-- @param handler Exception handler function (optional).
|
|
-- @usage
|
|
-- local result, socket, try, catch\n
|
|
-- \n
|
|
-- result = ""\n
|
|
-- socket = nmap.new_socket()\n
|
|
-- catch = function()\n
|
|
-- socket:close()\n
|
|
-- end\n
|
|
-- try = nmap.new_try(catch)\n
|
|
-- try(socket:connect(host.ip, port.number))\n
|
|
-- result = try(socket:receive_lines(1))\n
|
|
-- try(socket:send(result))
|
|
function nmap.new_try(handler)
|
|
|
|
--- Returns a new NSE socket object.
|
|
-- \n\n
|
|
-- To allow for efficient and parallelizable network I/O, NSE provides an
|
|
-- interface to Nsock, the Nmap socket library. The smart callback mechanism
|
|
-- Nsock uses is fully transparent to NSE scripts. The main benefit of NSE's
|
|
-- sockets is that they never block on I/O operations, allowing many scripts to
|
|
-- be run in parallel. The I/O parallelism is fully transparent to authors of
|
|
-- NSE scripts. In NSE you can either program as if you were using a single non
|
|
-- blocking socket or you can program as if your connection is blocking.
|
|
-- Seemingly blocking I/O calls still return once a specified timeout has been
|
|
-- exceeded.
|
|
-- \n\n
|
|
-- NSE sockets are the recommended way to do network I/O. They support
|
|
-- connect-style sending and receiving over TCP and UDP (and SSL), as well as
|
|
-- raw socket receiving.
|
|
-- @return A new NSE socket.
|
|
-- @see nmap.new_dnet
|
|
function nmap.new_socket()
|
|
|
|
--- Establishes a connection.
|
|
-- \n\n
|
|
-- The connect puts a socket in a state ready for communication. It takes as
|
|
-- arguments a host descriptor (either an IP address or a hostname), a port
|
|
-- number and optionally a protocol. The protocol must be one of "tcp", "udp" or
|
|
-- "ssl"; it is "tcp" if not specified.
|
|
-- \n\n
|
|
-- On success the function returns true. On failure it returns false and an
|
|
-- error string. Those strings are taken from the gai_strerror C function. They
|
|
-- are (with the error code in parentheses):\n
|
|
-- "Address family for hostname not supported" (EAI_ADDRFAMILY)\n
|
|
-- "Temporary failure in name resolution" (EAI_AGAIN)\n
|
|
-- "Bad value for ai_flags" (EAI_BADFLAGS)\n
|
|
-- "Non-recoverable failure in name resolution" (EAI_FAIL)\n
|
|
-- "ai_family not supported" (EAI_FAMILY)\n
|
|
-- "Memory allocation failure" (EAI_MEMORY)\n
|
|
-- "No address associated with hostname" (EAI_NODATA)\n
|
|
-- "Name or service not known" (EAI_NONAME)\n
|
|
-- "Servname not supported for ai_socktype" (EAI_SERVICE)\n
|
|
-- "ai_socktype not supported" (EAI_SOCKTYPE)\n
|
|
-- "System error" (EAI_SYSTEM)\n
|
|
-- In addition to these standard system error based messages are the following
|
|
-- two NSE-specific errors:\n
|
|
-- "Sorry, you don't have OpenSSL" occurs if the protocol is "ssl" but but Nmap
|
|
-- was compiled without OpenSSL support.\n
|
|
-- "invalid connection method" occurs if the second parameter is not one of
|
|
-- "tcp", "udp", and "ssl".
|
|
-- @param hostid Hostname or IP address.
|
|
-- @param port Port number.
|
|
-- @param protocol "tcp", "udp", or "ssl" (default "tcp").
|
|
-- @return Status (true or false).
|
|
-- @return Error code (if status is false).
|
|
function socket:connect(hostid, port, protocol)
|
|
|
|
--- Sends data on an open socket.
|
|
-- \n\n
|
|
-- The send method sends the data contained in the data string through an open
|
|
-- connection. On success the returns true. If the send
|
|
-- operation has failed, the function returns true along with an error string.
|
|
-- The error strings are:\n
|
|
-- "Trying to send through a closed socket": there was no call to socket:connect
|
|
-- before the send operation.\n
|
|
-- "TIMEOUT": the operation took longer than the specified timeout for the
|
|
-- socket.\n
|
|
-- "ERROR": an error occurred inside the underlying Nsock library.\n
|
|
-- "CANCELLED": the operation was cancelled.\n
|
|
-- "KILL": for example the script scan is aborted due to a faulty script.\n
|
|
-- "EOF": an EOF was read (probably will not occur for a send operation).\n
|
|
-- @param data The data to send.
|
|
-- @return Status (true or false).
|
|
-- @return Error code (if status is false).
|
|
function socket:send(data)
|
|
|
|
--- Receives data from an open socket.
|
|
-- \n\n
|
|
-- The receive method does a non-blocking receive operation on an open socket.
|
|
-- On success the function returns true along with the received data. If
|
|
-- receiving data has failed, the function returns false along with an error
|
|
-- string. A failure occurs for example if receive is called on a closed socket.
|
|
-- The receive call returns to the NSE script all the data currently stored in
|
|
-- the receive buffer of the socket. Error conditions are the same as for the
|
|
-- send operation.
|
|
-- @return Status (true or false).
|
|
-- @return Data (if status is true) or error string (if status is false).
|
|
function socket:receive()
|
|
|
|
--- Receives lines from an open connection.
|
|
-- \n\n
|
|
-- Tries to receive at least n lines from an open connection. A line is a string
|
|
-- delimited with \n characters. If it was not possible to receive at least n
|
|
-- lines before the operation times out a "TIMEOUT" error occurs. On the other
|
|
-- hand, if more than n lines were received, all are returned, not just n. Use
|
|
-- stdnse.make_buffer to guarantee one line is returned per call.
|
|
-- \n\n
|
|
-- On success the function returns true along with the received data. If
|
|
-- receiving data has failed, the function returns false along with an error
|
|
-- string. Error conditions are the same as for the send operation.
|
|
-- @param n Minimum number of lines to read.
|
|
-- @return Status (true or false).
|
|
-- @return Data (if status is true) or error string (if status is false).
|
|
function socket:receive_lines(n)
|
|
|
|
--- Receives bytes from an open connection.
|
|
-- \n\n
|
|
-- Tries to receive at least n bytes from an open connection. Like in
|
|
-- receive_lines, n is the minimum amount of characters we would like to
|
|
-- receive. If more arrive, we get all of them. If fewer than n characters
|
|
-- arrive before the operation times out, a "TIMEOUT" error occurs.
|
|
-- \n\n
|
|
-- On success the function returns true along with the received data. If
|
|
-- receiving data has failed, the function returns false along with an error
|
|
-- string. Error conditions are the same as for the send operation.
|
|
-- @param n Minimum number of bytes to read.
|
|
-- @return Status (true or false).
|
|
-- @return Data (if status is true) or error string (if status is false).
|
|
function socket:receive_bytes(n)
|
|
|
|
--- Reads from a socket using a buffer and an arbitrary delimiter.
|
|
-- \n\n
|
|
-- The receive_buf method reads data from the network until it encounters the
|
|
-- given delimiter string (or matches the function passed in). This function
|
|
-- continues to read from the network until the delimiter is found or the
|
|
-- function times out. If data is read beyond the delimiter, that data is saved
|
|
-- in a buffer for the next call to receive_buf. This buffer is cleared on
|
|
-- subsequent calls to other Network I/O API functions.
|
|
-- \n\n
|
|
-- The first argument may be either a pattern or a function. If a pattern, that
|
|
-- pattern is used to separate the data. If a function, it must take exactly one
|
|
-- parameter (the buffer) and its return values must be in the same format as
|
|
-- string.find (offsets to the start and the end of the delimiter inside the
|
|
-- buffer, or nil if the delimiter is not found). The nselib match.lua module
|
|
-- provides functions for matching against regular expressions or byte counts.
|
|
-- These functions are suitable as arguments to receive_buf.
|
|
-- \n\n
|
|
-- The second argument to receive_buf is a Boolean value controlling whether the
|
|
-- delimiting string is returned along with the received data (true) or
|
|
-- discarded (false).
|
|
-- \n\n
|
|
-- On success the function returns true along with the received data. If
|
|
-- receiving data has failed, the function returns false along with an error
|
|
-- string. Possible error messages are the same as those that the other receive
|
|
-- function can return, with the addition of\n
|
|
-- "Error inside splitting-function": the first argument was a function which
|
|
-- caused an error while being called.\n
|
|
-- "Error in string.find (nsockobj:receive_buf)!": a string was provided as the
|
|
-- first argument, and string.find() yielded an error while being called.\n
|
|
-- "Expected either a function or a string!": the first argument was neither a
|
|
-- function nor a string.\n
|
|
-- "Delimiter has negative size!": the returned start offset is greater than the
|
|
-- end offset.\n
|
|
-- @param delimiter A Lua pattern or a function with return values like those of
|
|
-- string.find.
|
|
-- @param keeppattern Whether to return the delimiter string with any returned
|
|
-- data.
|
|
-- @return Status (true or false).
|
|
-- @return Data (if status is true) or error string (if status is false).
|
|
function socket:receive_buf(delimiter, keeppattern)
|
|
|
|
--- Closes an open connection.
|
|
-- \n\n
|
|
-- On success the function returns true. If the close fails, the function
|
|
-- returns false and an error string. Currently the only error message is
|
|
-- "Trying to close a closed socket", which is issued if the socket has already
|
|
-- been closed.
|
|
-- \n\n
|
|
-- Sockets are subject to garbage collection. Should you forget to close a
|
|
-- socket, it will get closed before it gets deleted (on the next occasion Lua's
|
|
-- garbage collector is run). However since garbage collection cycles are
|
|
-- difficult to predict, it is considered good practice to close opened sockets.
|
|
-- @return Status (true or false).
|
|
-- @return Error code (if status is false).
|
|
function socket:close()
|
|
|
|
--- Gets information about a socket.
|
|
-- \n\n
|
|
-- This function returns information about the socket object. It returns 5
|
|
-- values. If an error occurred, the first value is nil and the second value
|
|
-- describes the error condition. Otherwise the first value describes the
|
|
-- success of the operation and the remaining 4 values describe both endpoints
|
|
-- of the TCP connection. If you put the call in a try() statement the status
|
|
-- value is consumed. The call can be used for example if you want to query an
|
|
-- authentication server.
|
|
-- @return Status (true or false).
|
|
-- @return Local IP address (if status is true) or error string (if status is
|
|
-- false).
|
|
-- @return Local port number (if status is true).
|
|
-- @return Remote IP address (if status is true).
|
|
-- @return Remote port number (if status is true).
|
|
function socket:get_info()
|
|
|
|
--- Sets a timeout for socket input and output operations.
|
|
-- \n\n
|
|
-- After this time, given in milliseconds, socket operations will time out and
|
|
-- return. The default value is 30,000 (30 seconds). The lowest allowed value is
|
|
-- 10 ms, since this is the granularity of NSE network I/O.
|
|
-- @param t Timeout in milliseconds.
|
|
function socket:set_timeout(t)
|
|
|
|
--- Opens a socket for raw packet capture.
|
|
-- \n\n
|
|
-- The callback function is a function that receives a packet with headers and
|
|
-- computes a "packet hash"--some value derived from the packet. For example,
|
|
-- the callback function could extract the source IP address from a packet. The
|
|
-- hash of each packet received is compared against all the strings registered
|
|
-- with the pcap_register function.
|
|
-- @param device The dnet-style interface name of the device you want to capture
|
|
-- from.
|
|
-- @param snaplen The length of each packet you want to capture (similar to the
|
|
-- -s option to tcpdump)\n
|
|
-- @param promisc Should be set to 1 if the interface should activate
|
|
-- promiscuous mode, and 0 otherwise.
|
|
-- @param test_function Callback function used to compute the packet hash.
|
|
-- @param bpf A string describing a Berkeley packet filter expression (like
|
|
-- those provided to tcpdump).
|
|
-- @see socket:pcap_register
|
|
function socket:pcap_open(device, snaplen, promisc, test_function, bpf)
|
|
|
|
--- Starts listening for incoming packages.
|
|
-- \n\n
|
|
-- The provided packet_hash is a binary string which has to match the hash
|
|
-- returned by the test_function parameter provided to pcap_open(). If you want
|
|
-- to receive all packets, just provide the empty string (""). There has to be a
|
|
-- call to pcap_register() before a call to pcap_receive().
|
|
-- @param packet_hash A binary string that is compared against packet hashes.
|
|
-- @see socket:pcap_open
|
|
function socket:pcap_register(packet_hash)
|
|
|
|
--- Receives a captured packet.
|
|
-- \n\n
|
|
-- If an error or timeout occurs, the function returns false and an error
|
|
-- message. Otherwise, the function returns true followed by the packet length,
|
|
-- the layer two header, and the layer three header.
|
|
-- @return Status (true or false).
|
|
-- @return The length of the captured packet (this may be smaller than the
|
|
-- actual packet length since packets are truncated when the Libpcap snaplen
|
|
-- parameter is smaller than the total packet length).
|
|
-- @return Data from the second OSI layer (e.g. ethernet headers).
|
|
-- @return Data from the third OSI layer (e.g. IPv4 headers).
|
|
function socket:pcap_receive()
|
|
|
|
--- Closes the pcap device.
|
|
function socket:pcap_close()
|
|
|
|
--- Creates a new dnet object, used to send raw packets.
|
|
function nmap.new_dnet()
|
|
|
|
--- Opens an ethernet interface for raw packet sending.
|
|
-- \n\n
|
|
-- An error ("device is not valid ethernet interface") is thrown in case the
|
|
-- provided argument is not valid.
|
|
-- @param interface_name The dnet-style name of the interface to open.
|
|
function dnet:ethernet_open(interface_name)
|
|
|
|
--- Sends a raw ethernet frame.
|
|
-- \n\n
|
|
-- The dnet object must be associated with a previously opened interface. The
|
|
-- packet must include the IP and ethernet headers. including IP header and
|
|
-- ethernet header. If there was no previous valid call to ethernet_open() an
|
|
-- error is thrown ("dnet is not valid opened ethernet interface").
|
|
-- @param packet
|
|
function dnet:ethernet_send(packet)
|
|
|
|
--- Closes an ethernet interface.
|
|
-- \n\n
|
|
-- An error ("device is not valid ethernet interface") is thrown in case the
|
|
-- provided argument is not valid.
|
|
function dnet:ethernet_close()
|