1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
|
---
-- Interface with Nmap internals.
--
-- The <code>nmap</code> module is an interface with Nmap's internal functions
-- and data structures. The API provides target host details such as port
-- states and version detection results. It also offers an interface to the
-- Nsock library for efficient network I/O.
-- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html
module "nmap"
--- Returns the debugging level as a non-negative integer.
--
-- The debugging level can be set with the <code>-d</code> option.
-- @return The debugging level.
-- @usage if nmap.debugging() > 0 then ... end
function debugging()
--- Determines whether Nmap was compiled with SSL support.
--
-- This can be used to avoid sending SSL probes when SSL is not available.
-- @return True if Nmap was compiled with SSL support, false otherwise.
function have_ssl()
--- Returns the version intensity as a non-negative integer.
--
-- The version intensity can be set for all version probes with the
-- <code>--version-intensity</code> option. The intensity for version scripts
-- can be overridden with the <code>script-intensity</code> script argument.
-- If overridden, nmap.version_intensity() returns the overridden value
-- automatically. If neither <code>--version-intensity</code> nor the script
-- argument <code>script-intensity</code> are used, the version intensity
-- defaults to 7.
-- When a version script is given by name with the <code>--script</code>
-- option, as opposed to being selected automatically due to <code>-sV</code>,
-- its version intensity is automatically set to maximum (9).
-- @return The version intensity.
-- @usage
-- portrule = function(host, port)
-- return ...
-- ...
-- and nmap.version_intensity() >= 7
-- end
function version_intensity()
--- Returns the verbosity level as a non-negative integer.
--
-- The verbosity level can be set with the <code>-v</code> option. When
-- a script is given by name with the <code>--script</code> option, as
-- opposed to being selected by default or by category, its verbosity
-- level is automatically increased by one.
-- @return The verbosity level.
-- @usage if nmap.verbosity() > 0 then ... end
function verbosity()
--- Returns whether a script should be able to perform privileged operations
--
-- @return True if Nmap is running privileged, false otherwise.
function is_privileged()
--- Resolves the specified host name using the optional address family and
-- returns a table containing all of the matching addresses.
--
-- If no address family is given, resolve() will return all addresses for the
-- name.
--
-- @param host Host name to resolve
-- @param family Address family string (such as "inet") to specify the type
-- of addresses returned
-- @see address_family
-- @return Status (true or false)
-- @return Table containing addresses resolved from the host name if status
-- is true, or an error string if status is false
-- @usage local status, t = nmap.resolve("www.kame.net", nmap.address_family())
function resolve(host, family)
--- Returns the address family Nmap is using.
--
-- For example, if Nmap is run with the -6 option, then "inet6" is returned.
--
-- @return The address family as a string ("inet" or "inet6")
-- @usage local family = nmap.address_family()
function address_family()
--- Returns the interface name (dnet-style) that Nmap is using.
--
-- For example in the pre-scanning (<code>"prerule"</code> scripts) phase
-- if Nmap is run with the <code>-e eth0</code>, then "eth0" can be
-- returned, however Nmap can return an other interface name since it
-- can determine the best interface suited for the job.
-- Other <code>"hostrule"</code> and <code>"portrule"</code> scripts
-- should use the interface field of the <code>host</code> table:
-- <code>host.interface</code>.
--
-- The result of this function can be used to get the interface information
-- table, example: <code>nmap.get_interface_info("eth0")</code>.
--
-- @return A string containing the interface name (dnet-style) on
-- success, or a nil value on failures.
-- @usage local interface_name = nmap.get_interface()
function get_interface()
--- Gets the interface network information.
--
-- This function takes a dnet-style interface name and returns a table
-- containing the network information of the interface.
--
-- Keys of the returned table:
-- * <code>device</code> The interface name, can be an interface alias.
-- * <code>shortname</code> A simple short name of the device.
-- * <code>netmask</code> The netmask bits (CIDR) of the interface.
-- * <code>address</code> The string representing the IP address assigned to the interface.
-- * <code>link</code> The string representing the hardware type of the interface. Possible values are: <code>"ethernet"</code>, <code>"loopback"</code>, <code>"p2p"</code> or <code>"other"</code>.
-- * <code>mac</code> MAC address (six-byte-long binary string) of the interface if the type of the interface is <code>"ethernet"</code>, otherwise it is <code>nil</code>.
-- * <code>broadcast</code> The string representing the broadcast address assigned to the interface if the interface type is <code>"ethernet"</code> and if the used address is IPv4, otherwise it is <code>nil</code>.
-- * <code>up</code> The state of the interface, possible values are <code>"up"</code> or <code>"down"</code>.
-- * <code>mtu</code> The MTU size of the interface.
--
-- @param interface_name The name of the interface.
-- @return Table containing the network information of the interface on
-- success, or nil and an error message on failures.
-- @usage local iface, err = nmap.get_interface_info("eth0")
function get_interface_info(interface_name)
--- Lists network interfaces
--
-- This script enumerates all network interfaces and returns a list of tables
-- containing information about every interface. If an interface has more than
-- one network address configured (such as IPv4, IPv6 link-local, IPv6 public)
-- then the list will have a separate entry for each address.
--
-- Keys of each table:
-- * <code>device</code> The interface name, can be an interface alias.
-- * <code>shortname</code> A simple short name of the device.
-- * <code>netmask</code> The netmask bits (CIDR) of the interface.
-- * <code>address</code> The string representing the IP address assigned to the interface.
-- * <code>link</code> The string representing the hardware type of the interface. Possible values are: <code>"ethernet"</code>, <code>"loopback"</code>, <code>"p2p"</code> or <code>"other"</code>.
-- * <code>mac</code> MAC address (six-byte-long binary string) of the interface if the type of the interface is <code>"ethernet"</code>, otherwise it is <code>nil</code>.
-- * <code>broadcast</code> The string representing the broadcast address assigned to the interface if the interface type is <code>"ethernet"</code> and if the used address is IPv4, otherwise it is <code>nil</code>.
-- * <code>up</code> The state of the interface, possible values are <code>"up"</code> or <code>"down"</code>.
-- * <code>mtu</code> The MTU size of the interface.
--
-- @return Array of tables containing information about every discovered interface.
-- @usage local interfaces, err = nmap.list_interfaces()
function list_interfaces()
--- Returns the TTL (time to live) value selected by the --ttl option
--
-- If there is no value specified or if the value specified with the --ttl
-- option is out of the range 0 to 255 (inclusive) this function returns 64,
-- which is the default TTL for an IP packet. This function would be most
-- useful in crafting packets, which we want to comply with the selected
-- Nmap TTL value.
--
-- @return A number containing the TTL value
-- @usage local ttl = nmap.get_ttl()
function get_ttl()
--- Returns the payload data length selected with the --data-length option
--
-- Used when a script is crafting ICMP packets and needs to comply with the
-- selected payload data length. If there is no value specified this function
-- returns 0 which is the default length of the ICMP payload for Nmap.
--
-- @return A number containing the value of the payload length
-- @usage local payload_length = nmap.get_payload_length
function get_payload_length()
--- Searches for the specified file relative to Nmap's search paths and returns
-- a string containing its path if it is found and readable (to the process).
-- Absolute paths and paths relative to the current directory will not be
-- searched.
--
-- If the file is not found, not readable, or is a directory, <code>nil</code>
-- is returned.
-- @usage
-- nmap.fetchfile("nmap-rpc") --> "/usr/local/share/nmap/nmap-rpc"
-- @param filename Filename to search for.
-- @return String representing the full path to the file or <code>nil</code>.
function fetchfile(filename)
--- Returns the timing level as a non-negative integer.
--
-- Possible return values vary from <code>0</code> to <code>5</code>,
-- corresponding to the six built-in Nmap timing templates. The timing level
-- can be set with the <code>-T</code> option.
-- @return The timing level.
function timing_level()
--- Gets a port table for a port on a given host.
--
-- This function takes a host table and a port table and returns a port table
-- for the queried port. The port table returned is similar in structure to the
-- ones passed to the <code>hostrule</code>, <code>portrule</code>, and
-- <code>action</code> functions. If the given port was not scanned the function
-- returns <code>nil</code>.
--
-- You can of course reuse the host and port tables passed to a script's rule
-- function. The purpose of this call is to be able to match scripts against
-- more than one open port. For example if the target host has an open port 22
-- and a running identd server, then you can write a script which will only fire
-- if both ports are open and there is an identification server on port 113.
-- While it is possible to specify IP addresses different to the currently
-- scanned target, the result will only be correct if the target is in the
-- currently scanned group of hosts.
-- @param host Host table, containing an <code>ip</code> field.
-- @param port Port table, containing <code>number</code> and
-- <code>protocol</code> fields.
-- @return A new port table holding the status and information for the port, or <code>nil</code>.
-- @usage p = nmap.get_port_state({ip="127.0.0.1"}, {number="80", protocol="tcp"})
function get_port_state(host, port)
--- Iterates over port tables matching protocol and state for a given host
--
-- This function takes a host table, previous port table, port protocol and
-- port state to return matching port tables on a host.
--
-- The first time you call this function, pass <code>nil</code> for the port
-- parameter to get the first matching port table. From then on, pass the
-- previous port table returned by this function to the port parameter for the
-- next matching port table.
--
-- @param host Host table, containing an <code>ip</code> field
-- @param port Port table, containing a <code>number</code> field; or <code>nil</code>
-- for first port
-- @param proto Port protocol, such as <code>"tcp"</code>
-- @param state Port state, such as <code>"open"</code>
-- @return Next port table for host, or <code>nil</code> when exhausted
-- @usage port = nmap.get_ports(host, port, "tcp", "open")
function get_ports(host, port, proto, state)
--- Sets the state of a port on a given host.
--
-- Using this function, the final port state, reflected in Nmap's results, can
-- be changed for a target. This is useful when Nmap detects a port as
-- <code>open|filtered</code>, but the script successfully connects to that
-- port. In this case, the script can set the port state to <code>open</code>.
-- This function doesn't change the original port table passed a script's
-- action function.
-- @param host Host table, containing an <code>ip</code> field.
-- @param port Port table, containing <code>number</code> and
-- <code>protocol</code> fields.
-- @param state Port state, like <code>"open"</code> or <code>"closed"</code>.
function set_port_state(host, port, state)
--- Sets version information on a port.
--
-- NSE scripts are sometimes able to determine the service name and application
-- version listening on a port. A whole script category (<code>version</code>)
-- was designed for this purpose. This function is used to record version
-- information when it is discovered.
--
-- The host and port arguments to this function should either be the tables
-- passed to the action method or they should have the same structure. The port
-- argument specifies the port to operate on through its <code>number</code>
-- and <code>protocol</code> fields. and also contains the new version
-- information to set. The version detection fields this function looks at are
-- <code>name</code>, <code>product</code>, <code>version</code>,
-- <code>extrainfo</code>, <code>hostname</code>, <code>ostype</code>,
-- <code>devicetype</code>, <code>service_tunnel</code>, and <code>cpe</code>.
-- All these keys are optional.
--
-- The <code>probestate</code> argument describes the state in which the script
-- completed. It is a string, one of: <code>"hardmatched"</code>,
-- <code>"softmatched"</code>, <code>"nomatch"</code>,
-- <code>"tcpwrapped"</code>, or <code>"incomplete"</code>.
-- <code>"hardmatched"</code> is almost always used (and is the default),
-- as it signifies a
-- successful match. The other possible states are generally only used for
-- standard version detection rather than the NSE enhancement.
-- @param host Host table, containing an <code>ip</code> field.
-- @param port Port table, containing <code>number</code> and
-- <code>protocol</code> fields, as well as any additional version information
-- fields.
-- @param probestate The state of the probe: <code>"hardmatched"</code>,
-- <code>"softmatched"</code>, <code>"nomatch"</code>,
-- <code>"tcpwrapped"</code>, or <code>"incomplete"</code>.
function set_port_version(host, port, probestate)
--- Returns the current date and time in seconds.
-- @return The number of seconds since the epoch (on most systems this is
-- 01/01/1970) as a floating point value.
-- @usage local now = nmap.clock()
function clock()
--- Returns the current date and time in milliseconds.
-- @return The number of milliseconds since the epoch (on most systems this is
-- 01/01/1970).
-- @usage local now = nmap.clock_ms()
function clock_ms()
--- Create a mutex on an object.
--
-- This function returns another function that works as a mutex on the object
-- passed. This object can be any Lua data type except <code>nil</code>,
-- Booleans, and Numbers. The Mutex (the returned function) allows you to lock,
-- try to lock, and release the mutex. The Mutex function takes only one
-- argument, which must be one of
-- * <code>"lock"</code>: makes a blocking lock on the mutex. If the mutex is busy then the thread will yield and wait. The function returns with the mutex locked.
-- * <code>"trylock"</code>: makes a non-blocking lock on the mutex. If the mutex is busy then it immediately returns a false value. Otherwise, the mutex locks the mutex and returns true.
-- * <code>"done"</code>: releases the mutex and allows another thread to lock it. If the thread does not have a lock on the mutex, an error will be raised.
-- * <code>"running"</code>: returns the thread locked on the mutex or <code>nil</code> if no thread is locked. This should only be used for debugging as it interferes with finished threads from being collected.
--
-- NSE maintains a weak reference to the Mutex function so other calls to
-- nmap.mutex with the same object will return the same function (Mutex);
-- however, if you discard your reference to the Mutex then it may be collected
-- and subsequent calls to nmap.mutex with the object will return a different
-- Mutex!
-- @param object Object to create a mutex for.
-- @return Mutex function which takes one of the following arguments:
-- <code>"lock"</code>, <code>"trylock"</code>, <code>"done"</code>, or
-- <code>"running"</code>.
-- @usage
-- id = "My Script's Unique ID"
--
-- local mutex = nmap.mutex(id)
-- function action(host, port)
-- mutex "lock"
-- -- do stuff
-- mutex "done"
-- return script_output
-- end
function mutex(object)
--- Create a condition variable for an object.
--
-- This function returns a function that works as a Condition Variable for the
-- given object parameter. The object can be any Lua data type except
-- <code>nil</code>, Booleans, and Numbers. The Condition Variable (returned
-- function) allows you wait, signal, and broadcast on the condition variable.
-- The Condition Variable function takes only one argument, which must be one of
-- * <code>"wait"</code>: Wait on the condition variable until another thread wakes us.
-- * <code>"signal"</code>: Wake up a single thread from the waiting set of threads for this condition variable.
-- * <code>"broadcast"</code>: Wake up all threads in the waiting set of threads for this condition variable.
--
-- NSE maintains a weak reference to the Condition Variable so other calls to
-- nmap.condvar with the same object will return the same function (Condition
-- Variable); however, if you discard your reference to the Condition
-- Variable then it may be collected; and, subsequent calls to nmap.condvar with
-- the object will return a different Condition Variable function!
--
-- In NSE, Condition Variables are typically used to coordinate with threads
-- created using the stdnse.new_thread facility. The worker threads must
-- wait until work is available that the controller thread (the actual running
-- script) will provide. Once work is created, the controller thread will awaken
-- one or more workers so that the work can be done.
--
-- It is important to check the predicate (the test to see if your worker
-- thread should "wait" or not) BEFORE and AFTER the call to wait. You are
-- not guaranteed spurious wakeups will not occur (that is, there is no
-- guarantee your thread will not be awakened when no thread called
-- <code>"signal"</code> or <code>"broadcast"</code> on the condition variable).
-- One important check for your worker threads, before and after waiting,
-- should be to check that the controller thread is still alive.
-- (To check that the controller thread is alive, obtain the "base" thread
-- using stdnse.base and use coroutine.status). You do not want your worker
-- threads to continue when the script has ended for reasons unknown to your
-- worker thread. You are guaranteed that all threads waiting on a
-- condition variable will be awakened if any thread that has accessed
-- the condition variable via <code>nmap.condvar</code> ends for any
-- reason. This is essential to prevent deadlock with threads
-- waiting for another thread to awaken
-- them that has ended unexpectedly.
-- @see stdnse.new_thread
-- @see stdnse.base
-- @param object Object to create a condition variable for.
-- @return ConditionVariable Condition variable function.
-- @usage
-- local myobject = {}
-- local cv = nmap.condvar(myobject)
-- cv "wait" -- waits until another thread calls cv "signal"
function condvar(object)
--- Creates a new exception handler.
--
-- This function returns an exception handler function. The exception handler is
-- meant to be wrapped around other function calls that may raise an exception.
-- A function raises an exception by making its first return value false and its
-- second return value a message describing the error. When an exception occurs,
-- the exception handler optionally calls a user-provided cleanup function, then
-- terminates the script. When an exception does not occur (the wrapped
-- function's first return value is true), the exception handler strips off the
-- first return value and returns the rest.
--
-- The optional cleanup function is passed as the sole argument to
-- <code>new_try</code>. It can be used to release sockets or other resources
-- before the script terminates.
--
-- A function that may raise an exception must follow the return protocol
-- understood by this function: on an exception its return values are
-- <code>false</code> or <code>nil</code> followed by an error message; on
-- success its return values are any true value followed by any other results.
-- @param handler User cleanup function (optional).
-- @usage
-- local result, socket, try, catch
--
-- result = ""
-- socket = nmap.new_socket()
-- catch = function()
-- socket:close()
-- end
-- try = nmap.new_try(catch)
-- try(socket:connect(host, port))
-- result = try(socket:receive_lines(1))
-- try(socket:send(result))
function new_try(handler)
--- Returns a new NSE socket object.
--
-- To allow for efficient and parallelizable network I/O, NSE provides an
-- interface to Nsock, the Nmap socket library. The smart callback mechanism
-- Nsock uses is fully transparent to NSE scripts. The main benefit of NSE's
-- sockets is that they never block on I/O operations, allowing many scripts to
-- be run in parallel. The I/O parallelism is fully transparent to authors of
-- NSE scripts. In NSE you can either program as if you were using a single
-- non-blocking socket or you can program as if your connection is blocking.
-- Seemingly blocking I/O calls still return once a specified timeout has been
-- exceeded.
--
-- NSE sockets are the recommended way to do network I/O. They support
-- <code>connect</code>-style sending and receiving over TCP and UDP (and SSL),
-- as well as raw socket receiving.
-- @param protocol a protocol string (optional, defaults to <code>"tcp"</code>).
-- @param af an address family string (optional, defaults to <code>"inet"</code>).
-- @return A new NSE socket.
-- @see pcap_open
-- @usage local socket = nmap.new_socket()
function new_socket(protocol, af)
--- Sets the local address of a socket.
--
-- This socket method sets the local address and port of a socket. It must be
-- called before <code>connect</code>. The address set by <code>bind</code>
-- overrides Nmap's source address and port set by the <code>-S</code> and
-- <code>-g</code> options.
-- @param addr Address string or <code>nil</code> (optional).
-- @param port Port number or <code>nil</code> (optional).
-- @return Status (true or false).
-- @return Error string (if status is false).
-- @usage
-- try = nmap.new_try()
-- try(socket:bind(nil, 53))
-- try(socket:bind("1.2.3.4"))
-- try(socket:bind("2001:db8::1"))
-- try(socket:bind("1.2.3.4", 53))
function bind(addr, port)
--- Establishes a connection.
--
-- This method puts a socket in a state ready for communication. It takes as
-- arguments a host descriptor (a host table, IP address, or hostname), a port
-- descriptor (a port table or number), and optionally a protocol. If given, the
-- protocol must be one of <code>"tcp"</code>, <code>"udp"</code> or
-- <code>"ssl"</code>. The default value for the protocol is
-- <code>port.protocol</code> if <code>port</code> is a port table, otherwise
-- <code>"tcp"</code>.
--
-- If <code>host</code> is a host table, it must contain at least one of the
-- keys <code>ip</code> or <code>name</code>. If <code>name</code>
-- is given, it is used to request the correct certificate in SSL connections.
-- Passing a string instead of a host table acts like <code>host.ip</code> and
-- <code>host.name</code> were set to the same value. If <code>port</code>
-- is a table, it must contain the <code>number</code> key.
--
-- On success the function returns a true value. On failure it returns a false
-- value (<code>false</code> or <code>nil</code>) and an error string. Those
-- strings are taken from the <code>gai_strerror</code> C function. They are
-- (with the error code in parentheses):
-- * <code>"Address family for hostname not supported"</code> (<code>EAI_ADDRFAMILY</code>)
-- * <code>"Temporary failure in name resolution"</code> (<code>EAI_AGAIN</code>)
-- * <code>"Bad value for ai_flags"</code> (<code>EAI_BADFLAGS</code>)
-- * <code>"Non-recoverable failure in name resolution"</code> (<code>EAI_FAIL</code>)
-- * <code>"ai_family not supported"</code> (<code>EAI_FAMILY</code>)
-- * <code>"Memory allocation failure"</code> (<code>EAI_MEMORY</code>)
-- * <code>"No address associated with hostname"</code> (<code>EAI_NODATA</code>)
-- * <code>"Name or service not known"</code> (<code>EAI_NONAME</code>)
-- * <code>"Servname not supported for ai_socktype"</code> (<code>EAI_SERVICE</code>)
-- * <code>"ai_socktype not supported"</code> (<code>EAI_SOCKTYPE</code>)
-- * <code>"System error"</code> (<code>EAI_SYSTEM</code>)
-- In addition to these standard system error messages there are two
-- NSE-specific errors:
-- * <code>"Sorry, you don't have OpenSSL"</code>: The protocol is <code>"ssl"</code> but Nmap was compiled without OpenSSL support.
-- * <code>"invalid connection method"</code>: The second parameter is not one of <code>"tcp"</code>, <code>"udp"</code>, and <code>"ssl"</code>.
-- @param host Host table, hostname or IP address.
-- @param port Port table or number.
-- @param protocol <code>"tcp"</code>, <code>"udp"</code>, or
-- <code>"ssl"</code> (default <code>"tcp"</code>, or whatever was set in
-- <code>new_socket</code>).
-- @return Status (true or false).
-- @return Error code (if status is false).
-- @see new_socket
-- @usage
-- local status, err = socket:connect(host, port)
-- if not status then
-- return string.format("Can't connect: %s", err)
-- end
function connect(host, port, protocol)
--- Reconnect the open (connected) socket with SSL.
--
-- It is sometimes desirable to request SSL over an established connection.
-- The internal buffers for the socket are cleared when the reconnection is
-- made. Any received data that has not yet been read through a call to receive
-- is lost.
-- @usage
-- local status, err = socket:reconnect_ssl()
-- if not status then
-- return string.format("Can't reconnect with ssl: %s", err)
-- end
function reconnect_ssl()
--- Sends data on an open socket.
--
-- This socket method sends the data contained in the data string through an
-- open connection. On success the function returns a true value. If the send
-- operation fails, the function returns a false value (<code>false</code> or
-- <code>nil</code>) along with an error string. The error strings are
-- * <code>"Trying to send through a closed socket"</code>: There was no call to <code>socket:connect</code> before the send operation.
-- * <code>"TIMEOUT"</code>: The operation took longer than the specified timeout for the socket.
-- * <code>"ERROR"</code>: An error occurred inside the underlying Nsock library.
-- * <code>"CANCELLED"</code>: The operation was cancelled.
-- * <code>"KILL"</code>: For example the script scan is aborted due to a faulty script.
-- * <code>"EOF"</code>: An EOF was read (probably will not occur for a send operation).
-- @param data The data to send.
-- @return Status (true or false).
-- @return Error code (if status is false).
-- @see new_socket
-- @usage local status, err = socket:send(data)
function send(data)
--- Sends data on an unconnected socket to a given destination.
--
-- Sockets that have not been connected do not have an implicit
-- destination address, so the <code>send</code> function doesn't work. Instead
-- the destination must be given with each send using this function. The
-- protocol and address family of the socket must have been set in
-- <code>new_socket</code>. On
-- success the function returns a true value. If the send operation fails, the
-- function returns a false value (<code>false</code> or <code>nil</code>) along
-- with an error string. The error strings are
-- * <code>"TIMEOUT"</code>: The operation took longer than the specified timeout for the socket.
-- * <code>"ERROR"</code>: An error occurred inside the underlying Nsock library.
-- * <code>"CANCELLED"</code>: The operation was cancelled.
-- * <code>"KILL"</code>: For example the script scan is aborted due to a faulty script.
-- * <code>"EOF"</code>: An EOF was read (probably will not occur for a send operation).
-- @param host The hostname or IP address to send to.
-- @param port The port number to send to.
-- @param data The data to send.
-- @return Status (true or false).
-- @return Error code (if status is false).
-- @usage local status, err = socket:sendto(host, port, data)
function sendto(host, port, data)
--- Receives data from an open socket.
--
-- The receive method does a non-blocking receive operation on an open socket.
-- On success the function returns true along with the received data. On
-- failure the function returns a false value (<code>false</code> or
-- <code>nil</code>) along with an error string. A failure occurs for example if
-- <code>receive</code> is called on a closed socket. The receive call returns
-- to the NSE script all the data currently stored in the receive buffer of the
-- socket. Error conditions are the same as for <code>send</code>.
-- @return Status (true or false).
-- @return Data (if status is true) or error string (if status is false).
-- @see new_socket
-- @usage local status, data = socket:receive()
function receive()
--- Receives lines from an open connection.
--
-- Tries to receive at least <code>n</code> lines from an open connection. A
-- line is a string delimited with <code>\n</code> characters. If no data was
-- was received before the operation times out a <code>"TIMEOUT"</code> error
-- occurs. If even one character was received then it is returned with success.
-- On the other hand, if more than <code>n</code> lines were received, all are
-- returned, not just <code>n</code>. Use <code>stdnse.make_buffer</code> to
-- guarantee only one line is returned per call.
--
-- The return values and error codes are the same as for <code>send</code>.
-- @param n Minimum number of lines to read.
-- @return Status (true or false).
-- @return Data (if status is true) or error string (if status is false).
-- @see new_socket
-- @usage local status, lines = socket:receive_lines(1)
function receive_lines(n)
--- Receives bytes from an open connection.
--
-- Tries to receive at least <code>n</code> bytes from an open connection. Like
-- in <code>receive_lines</code>, <code>n</code> is the minimum amount of
-- characters we would like to receive. If more arrive, we get all of them. If
-- even one is received then it is returned. If no characters arrive before the
-- operation times out, a <code>"TIMEOUT"</code> error occurs.
--
-- The return values and error codes are the same as for <code>send</code>.
-- @param n Minimum number of bytes to read.
-- @return Status (true or false).
-- @return Data (if status is true) or error string (if status is false).
-- @see new_socket
-- @usage local status, bytes = socket:receive_bytes(1)
function receive_bytes(n)
--- Reads from a socket using a buffer and an arbitrary delimiter.
--
-- This method reads data from the network until it encounters the given
-- delimiter string (or matches the function passed in). This function
-- continues to read from the network until the delimiter is found or the
-- function times out. If data is read beyond the delimiter, that data is
-- saved in a buffer for the next call to <code>receive_buf</code>.
--
-- The first argument may be either a pattern or a function. If a pattern, that
-- pattern is used to separate the data. If a function, it must take exactly
-- one parameter (the buffer) and its return values must be in the same format
-- as those of <code>string.find</code> (offsets to the start and the end of
-- the delimiter inside the buffer, or <code>nil</code> if the delimiter is not
-- found). The nselib <code>match.lua</code> module provides functions for
-- matching against regular expressions or byte counts. These functions are
-- suitable as arguments to <code>receive_buf</code>.
--
-- NOTE: If a pattern is used, receive_buf will continue to receive data until
-- the pattern matches or there is a timeout. If the service never stops
-- sending non-matching data, receive_buf will never return. Using
-- <code>match.pattern_limit</code> can avoid this by imposing a limit on how
-- many bytes to read before returning the entire non-matching buffer.
--
-- The second argument to <code>receive_buf</code> is a Boolean value
-- controlling whether the delimiting string is returned along with the
-- received data (true) or discarded (false).
--
-- On success the function returns true along with the received data. On failure
-- the function returns <code>false</code> or <code>nil</code> along with an
-- receive error string. This function may also throw errors for incorrect usage.
-- @param delimiter A Lua pattern or a function with return values like those of
-- <code>string.find</code>.
-- @param keeppattern Whether to return the delimiter string with any returned
-- data.
-- @return Status (true or false).
-- @return Data (if status is true) or error string (if status is false).
-- @see new_socket
-- @see match
-- @usage local status, line = socket:receive_buf("\r?\n", false)
function receive_buf(delimiter, keeppattern)
--- Closes an open connection.
--
-- On success the function returns true. If the close fails, the function
-- returns <code>false</code> or <code>nil</code> and an error string. Currently
-- the only error message is <code>"Trying to close a closed socket"</code>,
-- which is issued if the socket has already been closed.
--
-- Sockets are subject to garbage collection. Should you forget to close a
-- socket, it will get closed before it gets deleted (on the next occasion Lua's
-- garbage collector is run). However since garbage collection cycles are
-- difficult to predict, it is considered good practice to close opened sockets.
-- @return Status (true or false).
-- @return Error code (if status is false).
-- @see new_socket
-- @usage socket:close()
function close()
--- Gets information about a socket.
--
-- This function returns information about a socket object. It returns five
-- values. If an error occurred, the first value is <code>false</code> or
-- <code>nil</code> and the second value is an error string. Otherwise the first
-- value is true and the remaining 4 values describe both endpoints of the TCP
-- connection. If you put the call inside an exception handler created by
-- <code>new_try</code> the status value is consumed. The call can be used for
-- example if you want to query an authentication server.
-- @return Status (true or false).
-- @return Local IP address (if status is true) or error string (if status is
-- false).
-- @return Local port number (if status is true).
-- @return Remote IP address (if status is true).
-- @return Remote port number (if status is true).
-- @see new_socket
-- @usage local status, lhost, lport, rhost, rport = socket:get_info()
function get_info()
--- Sets a timeout for socket input and output operations.
--
-- After this time, given in milliseconds, socket operations will time out and
-- return. The default value is 30,000 (30 seconds). The lowest allowed value is
-- 10 ms, since this is the granularity of NSE network I/O.
-- @param t Timeout in milliseconds.
-- @see new_socket
-- @usage socket:set_timeout(10000)
function set_timeout(t)
--- Opens a socket for raw packet capture.
--
-- @param device The dnet-style interface name of the device you want to capture
-- from.
-- @param snaplen The length of each packet you want to capture (similar to the
-- <code>-s</code> option to tcpdump)
-- @param promisc Boolean value for whether the interface should activate
-- promiscuous mode.
-- @param bpf A string describing a Berkeley Packet Filter expression (like
-- those provided to tcpdump).
-- @see new_socket, pcap_receive
-- @usage
-- local socket = nmap.new_socket()
-- socket:pcap_open("eth0", 64, false, "tcp")
function pcap_open(device, snaplen, promisc, bpf)
--- Receives a captured packet.
--
-- If an error or timeout occurs, the function returns false and an error
-- message. Otherwise, the function returns true followed by the packet length,
-- layer two header, layer three header and packet capture time.
-- @return Status (true or false).
-- @return The length of the captured packet (this may be smaller than the
-- actual packet length since packets are truncated when the
-- libpcap snaplen parameter is smaller than the total packet length).
-- @return Data from the second OSI layer (e.g. ethernet headers).
-- @return Data from the third OSI layer (e.g. IPv4 headers).
-- @return Packet capture time, as floating point seconds since the epoch
-- @see pcap_open
-- @usage status, plen, l2_data, l3_data, time = socket:pcap_receive()
function pcap_receive()
--- Closes a pcap device.
-- @see close, pcap_close
-- @usage socket:pcap_close()
function pcap_close()
---
-- Retrieves the SSL certificate of the peer. The returned value can be accessed
-- like a table and has the following members:
--
-- <code>
-- subject = { commonName = "...", countryName = "...",
-- { "2", "5", "4", "15" } = "...", ... },
-- issuer = { commonName = "...", ... },
-- pubkey = { type = "rsa", bits = 1024 },
-- validity = { notBefore = { year = 2020, month = 5, day = 5,
-- hour = 0, min = 0, sec = 0 },
-- notAfter = { year = 2021, month = 5, day = 5,
-- hour = 0, min = 0, sec = 0 } },
-- pem = "-----BEGIN CERTIFICATE-----\nMIIFxzCCBK+gAwIBAgIQX02QuADDB7CVj..."
-- </code>
--
-- If the <code>pubkey</code> is type <code>"rsa"</code>, it will also have an
-- <code>exponent</code> member, containing the public exponent as a bignum. If
-- the type is <code>"ec"</code>, it will have an <code>ecdhparams.curve_params</code>
-- member, containing a table with <code>ec_curve_type</code> and
-- <code>curve</code> keys as strings.
--
-- It also has the following member functions:
--
-- * <code>digest(algorithm)</code> returns the digest of the certificate using the given digest algorithm, which is any of the strings returned by <code>openssl.supported_digests</code>, typically something like <code>"md5"</code> or <code>"sha1"</code>.
--
-- The <code>"subject"</code> and <code>"issuer"</code> fields hold each
-- distinguished name. Fields with an unknown OID are represented as an array
-- whose elements are the numeric components of the OID, encoded as strings.
--
-- The <code>"validity"</code> table has the members <code>"notBefore"</code>
-- and <code>"notAfter"</code>. Each of these is a table as returned by
-- <code>os.date("!*t")</code> if the date in the certificate could be parsed,
-- except that they lack the <code>"wday"</code> and <code>"yday"</code>
-- members. If the date could not be parsed, the value will be a string
-- containing the raw byte values of the field. If absent, the value will be
-- <code>nil</code>.
--
-- The <code>"pem"</code> field contains a PEM-encoded string of the entire
-- contents of the certificate.
-- @return A table as described above.
-- @usage
-- local s = nmap.new_socket()
-- local status, error = s:connect(host, port, "ssl")
-- if status then
-- local cert = s:get_ssl_certificate()
-- local digest = cert:digest("md5")
-- end
function get_ssl_certificate()
--- Creates a new dnet object, used to send raw packets.
-- @usage local dnet = nmap.new_dnet()
function new_dnet()
--- Opens an ethernet interface for raw packet sending.
--
-- An error (<code>"device is not valid ethernet interface"</code>) is thrown
-- in case the provided argument is not valid.
-- @param interface_name The dnet-style name of the interface to open.
-- @see new_dnet
-- @usage dnet:ethernet_open("eth0")
function ethernet_open(interface_name)
--- Sends a raw ethernet frame.
--
-- The dnet object must be associated with a previously opened interface. The
-- packet must include the IP and ethernet headers. If there was no previous
-- valid call to <code>ethernet_open</code> an error is thrown
-- (<code>"dnet is not valid opened ethernet interface"</code>).
-- @param packet An ethernet frame to send.
-- @see new_dnet
-- @usage dnet:ethernet_send(packet)
function ethernet_send(packet)
--- Closes an ethernet interface.
--
-- An error (<code>"device is not valid ethernet interface"</code>) is thrown
-- in case the provided argument is not valid.
-- @see new_dnet, ethernet_open
-- @usage dnet:ethernet_close()
function ethernet_close()
--- Opens a socket for raw IPv4 packet sending.
-- @see new_dnet
-- @usage dnet:ip_open()
function ip_open()
--- Sends a raw IPv4 or IPv6 packet.
--
-- The dnet object must be associated with a previously opened socket. The
-- packet must begin with an IP header. If there was no previous valid call
-- to <code>ip_open</code> an error is thrown.
-- @param packet An IP packet to send.
-- @param dst A destination address, as a host table or string. If omitted, the
-- destination address is read from the packet; however this is deprecated, because
-- the packet does not contain the scope ID required to send to certain IPv6
-- addresses.
-- @see new_dnet
-- @usage dnet:ip_send(packet, dst)
function ip_send(packet, dst)
--- Closes a raw IPv4 socket.
-- @see new_dnet, ip_open
-- @usage dnet:ip_close()
function ip_close()
--- Writes to a log file.
--
-- Writes <code>string</code> to <code>file</code> ("stdout" or "stderr").
-- Use stdnse.debug to print debug information based on the
-- debugging level.
-- @see stdnse.debug
function log_write(file, string)
|