/nselib/nmap.luadoc
Unknown | 825 lines | 776 code | 49 blank | 0 comment | 0 complexity | bbc397819ac41ca89136fa39db3c7894 MD5 | raw file
Possible License(s): BSD-3-Clause, GPL-2.0, Apache-2.0, LGPL-2.0, LGPL-2.1, MIT
- ---
- -- Interface with Nmap internals.
- --
- -- The <code>nmap</code> module is an interface with Nmap's internal functions
- -- and data structures. The API provides target host details such as port
- -- states and version detection results. It also offers an interface to the
- -- Nsock library for efficient network I/O.
- -- @copyright Same as Nmap--See http://nmap.org/book/man-legal.html
- module "nmap"
- --- Returns the debugging level as a non-negative integer.
- --
- -- The debugging level can be set with the <code>-d</code> option.
- -- @return The debugging level.
- -- @usage if nmap.debugging() > 0 then ... end
- function debugging()
- --- Determines whether Nmap was compiled with SSL support.
- --
- -- This can be used to avoid sending SSL probes when SSL is not available.
- -- @return True if Nmap was compiled with SSL support, false otherwise.
- function have_ssl()
- --- Returns the version intensity as a non-negative integer.
- --
- -- The version intensity can be set for all version probes with the
- -- <code>--version-intensity</code> option. The intensity for version scripts
- -- can be overridden with the <code>script-intensity</code> script argument.
- -- If overridden, nmap.version_intensity() returns the overridden value
- -- automatically. If neither <code>--version-intensity</code> nor the script
- -- argument <code>script-intensity</code> are used, the version intensity
- -- defaults to 7.
- -- When a version script is given by name with the <code>--script</code>
- -- option, as opposed to being selected automatically due to <code>-sV</code>,
- -- its version intensity is automatically set to maximum (9).
- -- @return The version intensity.
- -- @usage
- -- portrule = function(host, port)
- -- return ...
- -- ...
- -- and nmap.version_intensity() >= 7
- -- end
- function version_intensity()
- --- Returns the verbosity level as a non-negative integer.
- --
- -- The verbosity level can be set with the <code>-v</code> option. When
- -- a script is given by name with the <code>--script</code> option, as
- -- opposed to being selected by default or by category, its verbosity
- -- level is automatically increased by one.
- -- @return The verbosity level.
- -- @usage if nmap.verbosity() > 0 then ... end
- function verbosity()
- --- Returns whether a script should be able to perform privileged operations
- --
- -- @return True if Nmap is running privileged, false otherwise.
- function is_privileged()
- --- Resolves the specified host name using the optional address family and
- -- returns a table containing all of the matching addresses.
- --
- -- If no address family is given, resolve() will return all addresses for the
- -- name.
- --
- -- @param host Host name to resolve
- -- @param family Address family string (such as "inet") to specify the type
- -- of addresses returned
- -- @see address_family
- -- @return Status (true or false)
- -- @return Table containing addresses resolved from the host name if status
- -- is true, or an error string if status is false
- -- @usage local status, t = nmap.resolve("www.kame.net", nmap.address_family())
- function resolve(host, family)
- --- Returns the address family Nmap is using.
- --
- -- For example, if Nmap is run with the -6 option, then "inet6" is returned.
- --
- -- @return The address family as a string ("inet" or "inet6")
- -- @usage local family = nmap.address_family()
- function address_family()
- --- Returns the interface name (dnet-style) that Nmap is using.
- --
- -- For example in the pre-scanning (<code>"prerule"</code> scripts) phase
- -- if Nmap is run with the <code>-e eth0</code>, then "eth0" can be
- -- returned, however Nmap can return an other interface name since it
- -- can determine the best interface suited for the job.
- -- Other <code>"hostrule"</code> and <code>"portrule"</code> scripts
- -- should use the interface field of the <code>host</code> table:
- -- <code>host.interface</code>.
- --
- -- The result of this function can be used to get the interface information
- -- table, example: <code>nmap.get_interface_info("eth0")</code>.
- --
- -- @return A string containing the interface name (dnet-style) on
- -- success, or a nil value on failures.
- -- @usage local interface_name = nmap.get_interface()
- function get_interface()
- --- Gets the interface network information.
- --
- -- This function takes a dnet-style interface name and returns a table
- -- containing the network information of the interface.
- --
- -- Keys of the returned table:
- -- * <code>device</code> The interface name, can be an interface alias.
- -- * <code>shortname</code> A simple short name of the device.
- -- * <code>netmask</code> The netmask bits (CIDR) of the interface.
- -- * <code>address</code> The string representing the IP address assigned to the interface.
- -- * <code>link</code> The string representing the hardware type of the interface. Possible values are: <code>"ethernet"</code>, <code>"loopback"</code>, <code>"p2p"</code> or <code>"other"</code>.
- -- * <code>mac</code> MAC address (six-byte-long binary string) of the interface if the type of the interface is <code>"ethernet"</code>, otherwise it is <code>nil</code>.
- -- * <code>broadcast</code> The string representing the broadcast address assigned to the interface if the interface type is <code>"ethernet"</code> and if the used address is IPv4, otherwise it is <code>nil</code>.
- -- * <code>up</code> The state of the interface, possible values are <code>"up"</code> or <code>"down"</code>.
- -- * <code>mtu</code> The MTU size of the interface.
- --
- -- @param interface_name The name of the interface.
- -- @return Table containing the network information of the interface on
- -- success, or nil and an error message on failures.
- -- @usage local iface, err = nmap.get_interface_info("eth0")
- function get_interface_info(interface_name)
- --- Lists network interfaces
- --
- -- This script enumerates all network interfaces and returns a list of tables
- -- containing information about every interface.
- --
- -- Keys of each table:
- -- * <code>device</code> The interface name, can be an interface alias.
- -- * <code>shortname</code> A simple short name of the device.
- -- * <code>netmask</code> The netmask bits (CIDR) of the interface.
- -- * <code>address</code> The string representing the IP address assigned to the interface.
- -- * <code>link</code> The string representing the hardware type of the interface. Possible values are: <code>"ethernet"</code>, <code>"loopback"</code>, <code>"p2p"</code> or <code>"other"</code>.
- -- * <code>mac</code> MAC address (six-byte-long binary string) of the interface if the type of the interface is <code>"ethernet"</code>, otherwise it is <code>nil</code>.
- -- * <code>broadcast</code> The string representing the broadcast address assigned to the interface if the interface type is <code>"ethernet"</code> and if the used address is IPv4, otherwise it is <code>nil</code>.
- -- * <code>up</code> The state of the interface, possible values are <code>"up"</code> or <code>"down"</code>.
- -- * <code>mtu</code> The MTU size of the interface.
- --
- -- @return Array of tables containing information about every discovered interface.
- -- @usage local interfaces, err = nmap.list_interfaces()
- function list_interfaces()
- --- Returns the TTL (time to live) value selected by the --ttl option
- --
- -- If there is no value specified or if the value specified with the --ttl
- -- option is out of the range 0 to 255 (inclusive) this function returns 64,
- -- which is the default TTL for an IP packet. This function would be most
- -- useful in crafting packets, which we want to comply with the selected
- -- Nmap TTL value.
- --
- -- @return A number containing the TTL value
- -- @usage local ttl = nmap.get_ttl()
- function get_ttl()
- --- Returns the payload data length selected with the --data-length option
- --
- -- Used when a script is crafting ICMP packets and needs to comply with the
- -- selected payload data length. If there is no value specified this function
- -- returns 0 which is the default length of the ICMP payload for Nmap.
- --
- -- @return A number containing the value of the payload length
- -- @usage local payload_length = nmap.get_payload_length
- function get_payload_length()
- --- Searches for the specified file relative to Nmap's search paths and returns
- -- a string containing its path if it is found and readable (to the process).
- -- Absolute paths and paths relative to the current directory will not be
- -- searched.
- --
- -- If the file is not found, not readable, or is a directory, <code>nil</code>
- -- is returned.
- -- @usage
- -- nmap.fetchfile("nmap-rpc") --> "/usr/local/share/nmap/nmap-rpc"
- -- @param filename Filename to search for.
- -- @return String representing the full path to the file or <code>nil</code>.
- function fetchfile(filename)
- --- Returns the timing level as a non-negative integer.
- --
- -- Possible return values vary from <code>0</code> to <code>5</code>,
- -- corresponding to the six built-in Nmap timing templates. The timing level
- -- can be set with the <code>-T</code> option.
- -- @return The timing level.
- function timing_level()
- --- Gets a port table for a port on a given host.
- --
- -- This function takes a host table and a port table and returns a port table
- -- for the queried port. The port table returned is similar in structure to the
- -- ones passed to the <code>hostrule</code>, <code>portrule</code>, and
- -- <code>action</code> functions. If the given port was not scanned the function
- -- returns <code>nil</code>.
- --
- -- You can of course reuse the host and port tables passed to a script's rule
- -- function. The purpose of this call is to be able to match scripts against
- -- more than one open port. For example if the target host has an open port 22
- -- and a running identd server, then you can write a script which will only fire
- -- if both ports are open and there is an identification server on port 113.
- -- While it is possible to specify IP addresses different to the currently
- -- scanned target, the result will only be correct if the target is in the
- -- currently scanned group of hosts.
- -- @param host Host table, containing an <code>ip</code> field.
- -- @param port Port table, containing <code>number</code> and
- -- <code>protocol</code> fields.
- -- @return A new port table holding the status and information for the port, or <code>nil</code>.
- -- @usage p = nmap.get_port_state({ip="127.0.0.1"}, {number="80", protocol="tcp"})
- function get_port_state(host, port)
- --- Iterates over port tables matching protocol and state for a given host
- --
- -- This function takes a host table, previous port table, port protocol and
- -- port state to return matching port tables on a host.
- --
- -- The first time you call this function, pass <code>nil</code> for the port
- -- parameter to get the first matching port table. From then on, pass the
- -- previous port table returned by this function to the port parameter for the
- -- next matching port table.
- --
- -- @param host Host table, containing an <code>ip</code> field
- -- @param port Port table, containing a <code>number</code> field; or <code>nil</code>
- -- for first port
- -- @param proto Port protocol, such as <code>"tcp"</code>
- -- @param state Port state, such as <code>"open"</code>
- -- @return Next port table for host, or <code>nil</code> when exhausted
- -- @usage port = nmap.get_ports(host, port, "tcp", "open")
- function get_ports(host, port, proto, state)
- --- Sets the state of a port on a given host.
- --
- -- Using this function, the final port state, reflected in Nmap's results, can
- -- be changed for a target. This is useful when Nmap detects a port as
- -- <code>open|filtered</code>, but the script successfully connects to that
- -- port. In this case, the script can set the port state to <code>open</code>.
- -- This function doesn't change the original port table passed a script's
- -- action function.
- -- @param host Host table, containing an <code>ip</code> field.
- -- @param port Port table, containing <code>number</code> and
- -- <code>protocol</code> fields.
- -- @param state Port state, like <code>"open"</code> or <code>"closed"</code>.
- function set_port_state(host, port, state)
- --- Sets version information on a port.
- --
- -- NSE scripts are sometimes able to determine the service name and application
- -- version listening on a port. A whole script category (<code>version</code>)
- -- was designed for this purpose. This function is used to record version
- -- information when it is discovered.
- --
- -- The host and port arguments to this function should either be the tables
- -- passed to the action method or they should have the same structure. The port
- -- argument specifies the port to operate on through its <code>number</code>
- -- and <code>protocol</code> fields. and also contains the new version
- -- information to set. The version detection fields this function looks at are
- -- <code>name</code>, <code>product</code>, <code>version</code>,
- -- <code>extrainfo</code>, <code>hostname</code>, <code>ostype</code>,
- -- <code>devicetype</code>, <code>service_tunnel</code>, and <code>cpe</code>.
- -- All these keys are optional.
- --
- -- The <code>probestate</code> argument describes the state in which the script
- -- completed. It is a string, one of: <code>"hardmatched"</code>,
- -- <code>"softmatched"</code>, <code>"nomatch"</code>,
- -- <code>"tcpwrapped"</code>, or <code>"incomplete"</code>.
- -- <code>"hardmatched"</code> is almost always used (and is the default),
- -- as it signifies a
- -- successful match. The other possible states are generally only used for
- -- standard version detection rather than the NSE enhancement.
- -- @param host Host table, containing an <code>ip</code> field.
- -- @param port Port table, containing <code>number</code> and
- -- <code>protocol</code> fields, as well as any additional version information
- -- fields.
- -- @param probestate The state of the probe: <code>"hardmatched"</code>,
- -- <code>"softmatched"</code>, <code>"nomatch"</code>,
- -- <code>"tcpwrapped"</code>, or <code>"incomplete"</code>.
- function set_port_version(host, port, probestate)
- --- Returns the current date and time in seconds.
- -- @return The number of seconds since the epoch (on most systems this is
- -- 01/01/1970) as a floating point value.
- -- @usage local now = nmap.clock()
- function clock()
- --- Returns the current date and time in milliseconds.
- -- @return The number of milliseconds since the epoch (on most systems this is
- -- 01/01/1970).
- -- @usage local now = nmap.clock_ms()
- function clock_ms()
- --- Create a mutex on an object.
- --
- -- This function returns another function that works as a mutex on the object
- -- passed. This object can be any Lua data type except <code>nil</code>,
- -- Booleans, and Numbers. The Mutex (the returned function) allows you to lock,
- -- try to lock, and release the mutex. The Mutex function takes only one
- -- argument, which must be one of
- -- * <code>"lock"</code>: makes a blocking lock on the mutex. If the mutex is busy then the thread will yield and wait. The function returns with the mutex locked.
- -- * <code>"trylock"</code>: makes a non-blocking lock on the mutex. If the mutex is busy then it immediately returns a false value. Otherwise, the mutex locks the mutex and returns true.
- -- * <code>"done"</code>: releases the mutex and allows another thread to lock it. If the thread does not have a lock on the mutex, an error will be raised.
- -- * <code>"running"</code>: returns the thread locked on the mutex or <code>nil</code> if no thread is locked. This should only be used for debugging as it interferes with finished threads from being collected.
- --
- -- NSE maintains a weak reference to the Mutex function so other calls to
- -- nmap.mutex with the same object will return the same function (Mutex);
- -- however, if you discard your reference to the Mutex then it may be collected
- -- and subsequent calls to nmap.mutex with the object will return a different
- -- Mutex!
- -- @param object Object to create a mutex for.
- -- @return Mutex function which takes one of the following arguments:
- -- <code>"lock"</code>, <code>"trylock"</code>, <code>"done"</code>, or
- -- <code>"running"</code>.
- -- @usage
- -- id = "My Script's Unique ID"
- --
- -- local mutex = nmap.mutex(id)
- -- function action(host, port)
- -- mutex "lock"
- -- -- do stuff
- -- mutex "done"
- -- return script_output
- -- end
- function mutex(object)
- --- Create a condition variable for an object.
- --
- -- This function returns a function that works as a Condition Variable for the
- -- given object parameter. The object can be any Lua data type except
- -- <code>nil</code>, Booleans, and Numbers. The Condition Variable (returned
- -- function) allows you wait, signal, and broadcast on the condition variable.
- -- The Condition Variable function takes only one argument, which must be one of
- -- * <code>"wait"</code>: Wait on the condition variable until another thread wakes us.
- -- * <code>"signal"</code>: Wake up a single thread from the waiting set of threads for this condition variable.
- -- * <code>"broadcast"</code>: Wake up all threads in the waiting set of threads for this condition variable.
- --
- -- NSE maintains a weak reference to the Condition Variable so other calls to
- -- nmap.condvar with the same object will return the same function (Condition
- -- Variable); however, if you discard your reference to the Condition
- -- Variable then it may be collected; and, subsequent calls to nmap.condvar with
- -- the object will return a different Condition Variable function!
- --
- -- In NSE, Condition Variables are typically used to coordinate with threads
- -- created using the stdnse.new_thread facility. The worker threads must
- -- wait until work is available that the master thread (the actual running
- -- script) will provide. Once work is created, the master thread will awaken
- -- one or more workers so that the work can be done.
- --
- -- It is important to check the predicate (the test to see if your worker
- -- thread should "wait" or not) BEFORE and AFTER the call to wait. You are
- -- not guaranteed spurious wakeups will not occur (that is, there is no
- -- guarantee your thread will not be awakened when no thread called
- -- <code>"signal"</code> or <code>"broadcast"</code> on the condition variable).
- -- One important check for your worker threads, before and after waiting,
- -- should be to check that the master script thread is still alive.
- -- (To check that the master script thread is alive, obtain the "base" thread
- -- using stdnse.base and use coroutine.status). You do not want your worker
- -- threads to continue when the script has ended for reasons unknown to your
- -- worker thread. You are guaranteed that all threads waiting on a
- -- condition variable will be awakened if any thread that has accessed
- -- the condition variable via <code>nmap.condvar</code> ends for any
- -- reason. This is essential to prevent deadlock with threads
- -- waiting for another thread to awaken
- -- them that has ended unexpectedly.
- -- @see stdnse.new_thread
- -- @see stdnse.base
- -- @param object Object to create a condition variable for.
- -- @return ConditionVariable Condition variable function.
- -- @usage
- -- local myobject = {}
- -- local cv = nmap.condvar(myobject)
- -- cv "wait" -- waits until another thread calls cv "signal"
- function condvar(object)
- --- Creates a new exception handler.
- --
- -- This function returns an exception handler function. The exception handler is
- -- meant to be wrapped around other function calls that may raise an exception.
- -- A function raises an exception by making its first return value false and its
- -- second return value a message describing the error. When an exception occurs,
- -- the exception handler optionally calls a user-provided cleanup function, then
- -- terminates the script. When an exception does not occur (the wrapped
- -- function's first return value is true), the exception handler strips off the
- -- first return value and returns the rest.
- --
- -- The optional cleanup function is passed as the sole argument to
- -- <code>new_try</code>. It can be used to release sockets or other resources
- -- before the script terminates.
- --
- -- A function that may raise an exception must follow the return protocol
- -- understood by this function: on an exception its return values are
- -- <code>false</code> or <code>nil</code> followed by an error message; on
- -- success its return values are any true value followed by any other results.
- -- @param handler User cleanup function (optional).
- -- @usage
- -- local result, socket, try, catch
- --
- -- result = ""
- -- socket = nmap.new_socket()
- -- catch = function()
- -- socket:close()
- -- end
- -- try = nmap.new_try(catch)
- -- try(socket:connect(host, port))
- -- result = try(socket:receive_lines(1))
- -- try(socket:send(result))
- function new_try(handler)
- --- Returns a new NSE socket object.
- --
- -- To allow for efficient and parallelizable network I/O, NSE provides an
- -- interface to Nsock, the Nmap socket library. The smart callback mechanism
- -- Nsock uses is fully transparent to NSE scripts. The main benefit of NSE's
- -- sockets is that they never block on I/O operations, allowing many scripts to
- -- be run in parallel. The I/O parallelism is fully transparent to authors of
- -- NSE scripts. In NSE you can either program as if you were using a single
- -- non-blocking socket or you can program as if your connection is blocking.
- -- Seemingly blocking I/O calls still return once a specified timeout has been
- -- exceeded.
- --
- -- NSE sockets are the recommended way to do network I/O. They support
- -- <code>connect</code>-style sending and receiving over TCP and UDP (and SSL),
- -- as well as raw socket receiving.
- -- @param protocol a protocol string (optional, defaults to <code>"tcp"</code>).
- -- @param af an address family string (optional, defaults to <code>"inet"</code>).
- -- @return A new NSE socket.
- -- @see pcap_open
- -- @usage local socket = nmap.new_socket()
- function new_socket(protocol, af)
- --- Sets the local address of a socket.
- --
- -- This socket method sets the local address and port of a socket. It must be
- -- called before <code>connect</code>. The address set by <code>bind</code>
- -- overrides Nmap's source address and port set by the <code>-S</code> and
- -- <code>-g</code> options.
- -- @param addr Address string or <code>nil</code> (optional).
- -- @param port Port number or <code>nil</code> (optional).
- -- @return Status (true or false).
- -- @return Error string (if status is false).
- -- @usage
- -- try = nmap.new_try()
- -- try(socket:bind(nil, 53))
- -- try(socket:bind("1.2.3.4"))
- -- try(socket:bind("2001:db8::1"))
- -- try(socket:bind("1.2.3.4", 53))
- function bind(addr, port)
- --- Establishes a connection.
- --
- -- This method puts a socket in a state ready for communication. It takes as
- -- arguments a host descriptor (a host table, IP address, or hostname), a port
- -- descriptor (a port table or number), and optionally a protocol. If given, the
- -- protocol must be one of <code>"tcp"</code>, <code>"udp"</code> or
- -- <code>"ssl"</code>. The default value for the protocol is
- -- <code>port.protocol</code> if <code>port</code> is a port table, otherwise
- -- <code>"tcp"</code>.
- --
- -- If <code>host</code> is a host table, it must contain at least one of the
- -- keys <code>ip</code> or <code>name</code>. If <code>name</code>
- -- is given, it is used to request the correct certificate in SSL connections.
- -- Passing a string instead of a host table acts like <code>host.ip</code> and
- -- <code>host.name</code> were set to the same value. If <code>port</code>
- -- is a table, it must contain the <code>number</code> key.
- --
- -- On success the function returns a true value. On failure it returns a false
- -- value (<code>false</code> or <code>nil</code>) and an error string. Those
- -- strings are taken from the <code>gai_strerror</code> C function. They are
- -- (with the error code in parentheses):
- -- * <code>"Address family for hostname not supported"</code> (<code>EAI_ADDRFAMILY</code>)
- -- * <code>"Temporary failure in name resolution"</code> (<code>EAI_AGAIN</code>)
- -- * <code>"Bad value for ai_flags"</code> (<code>EAI_BADFLAGS</code>)
- -- * <code>"Non-recoverable failure in name resolution"</code> (<code>EAI_FAIL</code>)
- -- * <code>"ai_family not supported"</code> (<code>EAI_FAMILY</code>)
- -- * <code>"Memory allocation failure"</code> (<code>EAI_MEMORY</code>)
- -- * <code>"No address associated with hostname"</code> (<code>EAI_NODATA</code>)
- -- * <code>"Name or service not known"</code> (<code>EAI_NONAME</code>)
- -- * <code>"Servname not supported for ai_socktype"</code> (<code>EAI_SERVICE</code>)
- -- * <code>"ai_socktype not supported"</code> (<code>EAI_SOCKTYPE</code>)
- -- * <code>"System error"</code> (<code>EAI_SYSTEM</code>)
- -- In addition to these standard system error messages there are two
- -- NSE-specific errors:
- -- * <code>"Sorry, you don't have OpenSSL"</code>: The protocol is <code>"ssl"</code> but Nmap was compiled without OpenSSL support.
- -- * <code>"invalid connection method"</code>: The second parameter is not one of <code>"tcp"</code>, <code>"udp"</code>, and <code>"ssl"</code>.
- -- @param host Host table, hostname or IP address.
- -- @param port Port table or number.
- -- @param protocol <code>"tcp"</code>, <code>"udp"</code>, or
- -- <code>"ssl"</code> (default <code>"tcp"</code>, or whatever was set in
- -- <code>new_socket</code>).
- -- @return Status (true or false).
- -- @return Error code (if status is false).
- -- @see new_socket
- -- @usage
- -- local status, err = socket:connect(host, port)
- -- if not status then
- -- return string.format("Can't connect: %s", err)
- -- end
- function connect(host, port, protocol)
- --- Reconnect the open (connected) socket with SSL.
- --
- -- It is sometimes desirable to request SSL over an established connection.
- -- The internal buffers for the socket are cleared when the reconnection is
- -- made. Any received data that has not yet been read through a call to receive
- -- is lost.
- -- @usage
- -- local status, err = socket:reconnect_ssl()
- -- if not status then
- -- return string.format("Can't reconnect with ssl: %s", err)
- -- end
- function reconnect_ssl()
- --- Sends data on an open socket.
- --
- -- This socket method sends the data contained in the data string through an
- -- open connection. On success the function returns a true value. If the send
- -- operation fails, the function returns a false value (<code>false</code> or
- -- <code>nil</code>) along with an error string. The error strings are
- -- * <code>"Trying to send through a closed socket"</code>: There was no call to <code>socket:connect</code> before the send operation.
- -- * <code>"TIMEOUT"</code>: The operation took longer than the specified timeout for the socket.
- -- * <code>"ERROR"</code>: An error occurred inside the underlying Nsock library.
- -- * <code>"CANCELLED"</code>: The operation was cancelled.
- -- * <code>"KILL"</code>: For example the script scan is aborted due to a faulty script.
- -- * <code>"EOF"</code>: An EOF was read (probably will not occur for a send operation).
- -- @param data The data to send.
- -- @return Status (true or false).
- -- @return Error code (if status is false).
- -- @see new_socket
- -- @usage local status, err = socket:send(data)
- function send(data)
- --- Sends data on an unconnected socket to a given destination.
- --
- -- Sockets that have not been connected do not have an implicit
- -- destination address, so the <code>send</code> function doesn't work. Instead
- -- the destination must be given with each send using this function. The
- -- protocol and address family of the socket must have been set in
- -- <code>new_socket</code>. On
- -- success the function returns a true value. If the send operation fails, the
- -- function returns a false value (<code>false</code> or <code>nil</code>) along
- -- with an error string. The error strings are
- -- * <code>"TIMEOUT"</code>: The operation took longer than the specified timeout for the socket.
- -- * <code>"ERROR"</code>: An error occurred inside the underlying Nsock library.
- -- * <code>"CANCELLED"</code>: The operation was cancelled.
- -- * <code>"KILL"</code>: For example the script scan is aborted due to a faulty script.
- -- * <code>"EOF"</code>: An EOF was read (probably will not occur for a send operation).
- -- @param host The hostname or IP address to send to.
- -- @param port The port number to send to.
- -- @param data The data to send.
- -- @return Status (true or false).
- -- @return Error code (if status is false).
- -- @usage local status, err = socket:sendto(host, port, data)
- function sendto(host, port, data)
- --- Receives data from an open socket.
- --
- -- The receive method does a non-blocking receive operation on an open socket.
- -- On success the function returns true along with the received data. On
- -- failure the function returns a false value (<code>false</code> or
- -- <code>nil</code>) along with an error string. A failure occurs for example if
- -- <code>receive</code> is called on a closed socket. The receive call returns
- -- to the NSE script all the data currently stored in the receive buffer of the
- -- socket. Error conditions are the same as for <code>send</code>.
- -- @return Status (true or false).
- -- @return Data (if status is true) or error string (if status is false).
- -- @see new_socket
- -- @usage local status, data = socket:receive()
- function receive()
- --- Receives lines from an open connection.
- --
- -- Tries to receive at least <code>n</code> lines from an open connection. A
- -- line is a string delimited with <code>\n</code> characters. If no data was
- -- was received before the operation times out a <code>"TIMEOUT"</code> error
- -- occurs. If even one character was received then it is returned with success.
- -- On the other hand, if more than <code>n</code> lines were received, all are
- -- returned, not just <code>n</code>. Use <code>stdnse.make_buffer</code> to
- -- guarantee only one line is returned per call.
- --
- -- The return values and error codes are the same as for <code>send</code>.
- -- @param n Minimum number of lines to read.
- -- @return Status (true or false).
- -- @return Data (if status is true) or error string (if status is false).
- -- @see new_socket
- -- @usage local status, lines = socket:receive_lines(1)
- function receive_lines(n)
- --- Receives bytes from an open connection.
- --
- -- Tries to receive at least <code>n</code> bytes from an open connection. Like
- -- in <code>receive_lines</code>, <code>n</code> is the minimum amount of
- -- characters we would like to receive. If more arrive, we get all of them. If
- -- even one is received then it is returned. If no characters arrive before the
- -- operation times out, a <code>"TIMEOUT"</code> error occurs.
- --
- -- The return values and error codes are the same as for <code>send</code>.
- -- @param n Minimum number of bytes to read.
- -- @return Status (true or false).
- -- @return Data (if status is true) or error string (if status is false).
- -- @see new_socket
- -- @usage local status, bytes = socket:receive_bytes(1)
- function receive_bytes(n)
- --- Reads from a socket using a buffer and an arbitrary delimiter.
- --
- -- This method reads data from the network until it encounters the given
- -- delimiter string (or matches the function passed in). This function
- -- continues to read from the network until the delimiter is found or the
- -- function times out. If data is read beyond the delimiter, that data is
- -- saved in a buffer for the next call to <code>receive_buf</code>.
- --
- -- The first argument may be either a pattern or a function. If a pattern, that
- -- pattern is used to separate the data. If a function, it must take exactly
- -- one parameter (the buffer) and its return values must be in the same format
- -- as those of <code>string.find</code> (offsets to the start and the end of
- -- the delimiter inside the buffer, or <code>nil</code> if the delimiter is not
- -- found). The nselib <code>match.lua</code> module provides functions for
- -- matching against regular expressions or byte counts. These functions are
- -- suitable as arguments to <code>receive_buf</code>.
- --
- -- The second argument to <code>receive_buf</code> is a Boolean value
- -- controlling whether the delimiting string is returned along with the
- -- received data (true) or discarded (false).
- --
- -- On success the function returns true along with the received data. On failure
- -- the function returns <code>false</code> or <code>nil</code> along with an
- -- receive error string. This function may also throw errors for incorrect usage.
- -- @param delimiter A Lua pattern or a function with return values like those of
- -- <code>string.find</code>.
- -- @param keeppattern Whether to return the delimiter string with any returned
- -- data.
- -- @return Status (true or false).
- -- @return Data (if status is true) or error string (if status is false).
- -- @see new_socket
- -- @see match
- -- @usage local status, line = socket:receive_buf("\r?\n", false)
- function receive_buf(delimiter, keeppattern)
- --- Closes an open connection.
- --
- -- On success the function returns true. If the close fails, the function
- -- returns <code>false</code> or <code>nil</code> and an error string. Currently
- -- the only error message is <code>"Trying to close a closed socket"</code>,
- -- which is issued if the socket has already been closed.
- --
- -- Sockets are subject to garbage collection. Should you forget to close a
- -- socket, it will get closed before it gets deleted (on the next occasion Lua's
- -- garbage collector is run). However since garbage collection cycles are
- -- difficult to predict, it is considered good practice to close opened sockets.
- -- @return Status (true or false).
- -- @return Error code (if status is false).
- -- @see new_socket
- -- @usage socket:close()
- function close()
- --- Gets information about a socket.
- --
- -- This function returns information about a socket object. It returns five
- -- values. If an error occurred, the first value is <code>false</code> or
- -- <code>nil</code> and the second value is an error string. Otherwise the first
- -- value is true and the remaining 4 values describe both endpoints of the TCP
- -- connection. If you put the call inside an exception handler created by
- -- <code>new_try</code> the status value is consumed. The call can be used for
- -- example if you want to query an authentication server.
- -- @return Status (true or false).
- -- @return Local IP address (if status is true) or error string (if status is
- -- false).
- -- @return Local port number (if status is true).
- -- @return Remote IP address (if status is true).
- -- @return Remote port number (if status is true).
- -- @see new_socket
- -- @usage local status, lhost, lport, rhost, rport = socket:get_info()
- function get_info()
- --- Sets a timeout for socket input and output operations.
- --
- -- After this time, given in milliseconds, socket operations will time out and
- -- return. The default value is 30,000 (30 seconds). The lowest allowed value is
- -- 10 ms, since this is the granularity of NSE network I/O.
- -- @param t Timeout in milliseconds.
- -- @see new_socket
- -- @usage socket:set_timeout(10000)
- function set_timeout(t)
- --- Opens a socket for raw packet capture.
- --
- -- @param device The dnet-style interface name of the device you want to capture
- -- from.
- -- @param snaplen The length of each packet you want to capture (similar to the
- -- <code>-s</code> option to tcpdump)
- -- @param promisc Boolean value for whether the interface should activate
- -- promiscuous mode.
- -- @param bpf A string describing a Berkeley Packet Filter expression (like
- -- those provided to tcpdump).
- -- @see new_socket, pcap_receive
- -- @usage
- -- local socket = nmap.new_socket()
- -- socket:pcap_open("eth0", 64, false, "tcp")
- function pcap_open(device, snaplen, promisc, bpf)
- --- Receives a captured packet.
- --
- -- If an error or timeout occurs, the function returns false and an error
- -- message. Otherwise, the function returns true followed by the packet length,
- -- layer two header, layer three header and packet capture time.
- -- @return Status (true or false).
- -- @return The length of the captured packet (this may be smaller than the
- -- actual packet length since packets are truncated when the
- -- libpcap snaplen parameter is smaller than the total packet length).
- -- @return Data from the second OSI layer (e.g. ethernet headers).
- -- @return Data from the third OSI layer (e.g. IPv4 headers).
- -- @return Packet capture time, as floating point seconds since the epoch
- -- @see pcap_open
- -- @usage status, plen, l2_data, l3_data, time = socket:pcap_receive()
- function pcap_receive()
- --- Closes a pcap device.
- -- @see close, pcap_close
- -- @usage socket:pcap_close()
- function pcap_close()
- ---
- -- Retrieves the SSL certificate of the peer. The returned value can be accessed
- -- like a table and has the following members:
- --
- -- <code>
- -- subject = { commonName = "...", countryName = "...",
- -- { "2", "5", "4", "15" } = "...", ... },
- -- issuer = { commonName = "...", ... },
- -- pubkey = { type = "rsa", bits = 1024 },
- -- validity = { notBefore = { year = 2020, month = 5, day = 5,
- -- hour = 0, min = 0, sec = 0 },
- -- notAfter = { year = 2021, month = 5, day = 5,
- -- hour = 0, min = 0, sec = 0 } },
- -- pem = "-----BEGIN CERTIFICATE-----\nMIIFxzCCBK+gAwIBAgIQX02QuADDB7CVj..."
- -- </code>
- --
- -- It also has the following member functions:
- --
- -- * <code>digest(algorithm)</code> returns the digest of the certificate using the given digest algorithm, which is any of the strings returned by <code>openssl.supported_digests</code>, typically something like <code>"md5"</code> or <code>"sha1"</code>.
- --
- -- The <code>"subject"</code> and <code>"issuer"</code> fields hold each
- -- distinguished name. Fields with an unknown OID are represented as an array
- -- whose elements are the numeric components of the OID, encoded as strings.
- --
- -- The <code>"validity"</code> table has the members <code>"notBefore"</code>
- -- and <code>"notAfter"</code>. Each of these is a table as returned by
- -- <code>os.date("!*t")</code> if the date in the certificate could be parsed,
- -- except that they lack the <code>"wday"</code> and <code>"yday"</code>
- -- members. If the date could not be parsed, the value will be a string
- -- containing the raw byte values of the field. If absent, the value will be
- -- <code>nil</code>.
- --
- -- The <code>"pem"</code> field contains a PEM-encoded string of the entire
- -- contents of the certificate.
- -- @return A table as described above.
- -- @usage
- -- local s = nmap.new_socket()
- -- local status, error = s:connect(host, port, "ssl")
- -- if status then
- -- local cert = s:get_ssl_certificate()
- -- local digest = cert:digest("md5")
- -- end
- function get_ssl_certificate()
- --- Creates a new dnet object, used to send raw packets.
- -- @usage local dnet = nmap.new_dnet()
- function new_dnet()
- --- Opens an ethernet interface for raw packet sending.
- --
- -- An error (<code>"device is not valid ethernet interface"</code>) is thrown
- -- in case the provided argument is not valid.
- -- @param interface_name The dnet-style name of the interface to open.
- -- @see new_dnet
- -- @usage dnet:ethernet_open("eth0")
- function ethernet_open(interface_name)
- --- Sends a raw ethernet frame.
- --
- -- The dnet object must be associated with a previously opened interface. The
- -- packet must include the IP and ethernet headers. If there was no previous
- -- valid call to <code>ethernet_open</code> an error is thrown
- -- (<code>"dnet is not valid opened ethernet interface"</code>).
- -- @param packet An ethernet frame to send.
- -- @see new_dnet
- -- @usage dnet:ethernet_send(packet)
- function ethernet_send(packet)
- --- Closes an ethernet interface.
- --
- -- An error (<code>"device is not valid ethernet interface"</code>) is thrown
- -- in case the provided argument is not valid.
- -- @see new_dnet, ethernet_open
- -- @usage dnet:ethernet_close()
- function ethernet_close()
- --- Opens a socket for raw IPv4 packet sending.
- -- @see new_dnet
- -- @usage dnet:ip_open()
- function ip_open()
- --- Sends a raw IPv4 or IPv6 packet.
- --
- -- The dnet object must be associated with a previously opened socket. The
- -- packet must begin with an IP header. If there was no previous valid call
- -- to <code>ip_open</code> an error is thrown.
- -- @param packet An IP packet to send.
- -- @param dst A destination address, as a host table or string. If omitted, the
- -- destination address is read from the packet; however this is deprecated, because
- -- the packet does not contain the scope ID required to send to certain IPv6
- -- addresses.
- -- @see new_dnet
- -- @usage dnet:ip_send(packet, dst)
- function ip_send(packet, dst)
- --- Closes a raw IPv4 socket.
- -- @see new_dnet, ip_open
- -- @usage dnet:ip_close()
- function ip_close()
- --- Writes to a log file.
- --
- -- Writes <code>string</code> to <code>file</code> ("stdout" or "stderr").
- -- Use stdnse.debug to print debug information based on the
- -- debugging level.
- -- @see stdnse.debug
- function log_write(file, string)