NSE committed

nmap · Dec 11, 2006 · b361685 · b361685
1 parent cc451cd
commit b361685
Show file tree

Hide file tree

Showing 136 changed files with 23,553 additions and 201 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,4 +1,16 @@
 # Nmap Changelog ($Id$); -*-text-*-
+
+o Integrated the Nmap Scripting Engine (NSE) into mainline Nmap.
+ Diman Todorov and I have been working on this for more than six months, and
+ we hope it will expand Nmap's capabilities in many cool ways. We're
+ accepting (and writing) general purpose scripts to put into Nmap
+ proper, and you can also write personal scripts to deal with issues
+ specific to your environment. The system is documented at
+ http:https://insecure.org/nmap/nse/ .
+
+o Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
+ (http:https://standards.ieee.org/regauth/oui/oui.txt) as of December 7.
+
 4.20
 
 o Integrated the latest OS fingerprint submissions. The 2nd
@@ -11,9 +23,9 @@ o Fixed a segmentation fault in the new OS detection system
 
 o Fixed a TCP sequence prediction difficulty indicator bug. The index
  is supposed to go from 0 ("trivial joke") to about 260 (OpenBSD).
- But some systems generated ISNs so insecurely, that Nmap went
+ But some systems generated ISNs so insecurely that Nmap went
  berserk and reported a negative difficulty index. This generally
- only affects some printers, crappy consumer devices, and Microsoft
+ only affects some printers, crappy cable modems, and Microsoft
  Windows (old versions). Thanks to Sebastian Garcia for helping me
  track down the problem.
 
@@ -28,7 +40,7 @@ o Integrated all of your OS detection submissions since RC1. The DB
 
 o Fixed (I hope) the "getinterfaces: intf_loop() failed" error which
  was seen on Windows Vista. The problem was apparently in
- intf-win32.c of libcnet (need to define MIB_IF_TYPE_MAX to
+ intf-win32.c of libdnet (need to define MIB_IF_TYPE_MAX to
  MAX_IF_TYPE rather than 32). Thanks to Dan Griffin
  (dan(a)jwsecure.com) for tracking this down!
 

diff --git a/FingerPrintResults.cc b/FingerPrintResults.cc
@@ -117,6 +117,7 @@ FingerPrintResults::FingerPrintResults() {
  doesn't support maxOSTries() */
  FPs = (FingerPrint **) safe_zalloc(MAX(o.maxOSTries(), 10) * sizeof(FingerPrint *));
  maxTimingRatio = 0;
+ maxTimingRatio = 0;
  numFPs = goodFP = 0;
 }
 

diff --git a/MACLookup.cc b/MACLookup.cc
@@ -145,7 +145,7 @@ static void mac_prefix_init() {
  MacTable.table = (struct MAC_entry **) safe_zalloc(MacTable.table_capacity * sizeof(struct MAC_entry *));
 
  /* Now it is time to read in all of the entries ... */
- if (nmap_fetchfile(filename, sizeof(filename), "nmap-mac-prefixes") == -1){
+ if (nmap_fetchfile(filename, sizeof(filename), "nmap-mac-prefixes") != 1){
  error("Cannot find nmap-mac-prefixes: Ethernet vendor corolation will not be performed");
  return;
  }

diff --git a/Makefile.in b/Makefile.in
@@ -1,4 +1,4 @@
-export NMAP_VERSION = 4.20
+export NMAP_VERSION = 4.21BETA1
 NMAP_NAME= Nmap
 NMAP_URL= http:https://insecure.org
 NMAP_PLATFORM=@host@
@@ -13,6 +13,7 @@ deskdir = $(prefix)/share/applications
 
 export NBASEDIR=@NBASEDIR@
 export NSOCKDIR=@NSOCKDIR@
+export LIBLUADIR = @LIBLUADIR@
 CC = @CC@
 CXX = @CXX@
 CCOPT = 
@@ -30,7 +31,7 @@ CPPFLAGS = @CPPFLAGS@
 # CFLAGS = $(DEFS) $(INCLS)
 STATIC =
 LDFLAGS = @LDFLAGS@ $(DBGFLAGS) $(STATIC)
-LIBS = @LIBNBASE_LIBS@ @LIBNSOCK_LIBS@ @LIBPCRE_LIBS@ @LIBPCAP_LIBS@ @OPENSSL_LIBS@ @LIBDNET_LIBS@ @LIBS@
+LIBS = @LIBNBASE_LIBS@ @LIBNSOCK_LIBS@ @LIBPCRE_LIBS@ @LIBPCAP_LIBS@ @OPENSSL_LIBS@ @LIBDNET_LIBS@ @LIBLUA_LIBS@ @LIBS@
 # LIBS = -lefence @LIBS@
 # LIBS = -lrmalloc @LIBS@
 SHTOOL = ./shtool
@@ -47,21 +48,21 @@ DESTDIR =
 TARGET = nmap
 TARGETNMAPFE=@TARGETNMAPFE@
 INSTALLNMAPFE=@INSTALLNMAPFE@
+INSTALLNSE=@INSTALLNSE@
 
-export SRCS = main.cc nmap.cc targets.cc tcpip.cc nmap_error.cc utils.cc idle_scan.cc osscan.cc osscan2.cc output.cc scan_engine.cc timing.cc charpool.cc services.cc protocols.cc nmap_rpc.cc portlist.cc NmapOps.cc TargetGroup.cc Target.cc FingerPrintResults.cc service_scan.cc NmapOutputTable.cc MACLookup.cc nmap_tty.cc nmap_dns.cc @COMPAT_SRCS@
+export SRCS = main.cc nmap.cc targets.cc tcpip.cc nmap_error.cc utils.cc idle_scan.cc osscan.cc osscan2.cc output.cc scan_engine.cc timing.cc charpool.cc services.cc protocols.cc nmap_rpc.cc portlist.cc NmapOps.cc TargetGroup.cc Target.cc FingerPrintResults.cc service_scan.cc NmapOutputTable.cc MACLookup.cc nmap_tty.cc nmap_dns.cc nse_main.cc nse_auxiliar.cc nse_nsock.cc nse_init.cc nse_nmaplib.cc nse_debug.cc nse_bitlib.cc nse_pcrelib.cc nse_string.cc @COMPAT_SRCS@
 
-export HDRS = charpool.h FingerPrintResults.h global_structures.h idle_scan.h MACLookup.h nmap_amigaos.h nmap_dns.h nmap_error.h nmap.h NmapOps.h NmapOutputTable.h nmap_rpc.h nmap_tty.h nmap_winconfig.h osscan.h osscan2.h output.h portlist.h protocols.h scan_engine.h service_scan.h services.h TargetGroup.h Target.h targets.h tcpip.h timing.h utils.h
+export HDRS = charpool.h FingerPrintResults.h global_structures.h idle_scan.h MACLookup.h nmap_amigaos.h nmap_dns.h nmap_error.h nmap.h NmapOps.h NmapOutputTable.h nmap_rpc.h nmap_tty.h nmap_winconfig.h osscan.h osscan2.h output.h portlist.h protocols.h scan_engine.h service_scan.h services.h TargetGroup.h Target.h targets.h tcpip.h timing.h utils.h nse_main.h nse_auxiliar.h nse_nsock.h nse_init.h nse_nmaplib.h nse_debug.h nse_macros.h nse_bitlib.h nse_pcrelib.h nse_string.h
 
-OBJS = main.o nmap.o targets.o tcpip.o nmap_error.o utils.o idle_scan.o osscan.o osscan2.o output.o scan_engine.o timing.o charpool.o services.o protocols.o nmap_rpc.o portlist.o NmapOps.o TargetGroup.o Target.o FingerPrintResults.o service_scan.o NmapOutputTable.o MACLookup.o nmap_tty.o nmap_dns.o @COMPAT_OBJS@
+OBJS = main.o nmap.o targets.o tcpip.o nmap_error.o utils.o idle_scan.o osscan.o osscan2.o output.o scan_engine.o timing.o charpool.o services.o protocols.o nmap_rpc.o portlist.o NmapOps.o TargetGroup.o Target.o FingerPrintResults.o service_scan.o NmapOutputTable.o MACLookup.o nmap_tty.o nmap_dns.o nse_main.o nse_auxiliar.o nse_nsock.o nse_init.o nse_nmaplib.o nse_debug.o nse_bitlib.o nse_pcrelib.o nse_string.o @COMPAT_OBJS@
 
 # %.o : %.cc -- nope this is a GNU extension
 .cc.o:
  $(CXX) -c $(CPPFLAGS) $(CXXFLAGS) $< -o $@
 
-all: $(TARGET) $(TARGETNMAPFE)
-
-$(TARGET): $(DEPS) @PCAP_DEPENDS@ @PCRE_DEPENDS@ @DNET_DEPENDS@ $(NBASEDIR)/libnbase.a $(NSOCKDIR)/src/libnsock.a $(OBJS)
- @echo Compiling nmap
+all: $(TARGET) $(TARGETNMAPFE) 
+$(TARGET): $(DEPS) @LUA_DEPENDS@ @PCAP_DEPENDS@ @PCRE_DEPENDS@ @DNET_DEPENDS@ $(NBASEDIR)/libnbase.a $(NSOCKDIR)/src/libnsock.a $(OBJS)
+ echo Compiling nmap
  rm -f $@
  $(CXX) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
 
@@ -86,6 +87,9 @@ $(NSOCKDIR)/src/libnsock.a: $(NSOCKDIR)/src/Makefile FORCE
  @echo Compiling libnsock;
  cd $(NSOCKDIR)/src && $(MAKE)
 
+$(LIBLUADIR)/liblua.a: $(LIBLUADIR)/Makefile FORCE
+ @echo Compiling liblua; cd $(LIBLUADIR) && $(MAKE) posix
+
 #$(LIBPCAPDIR)/Makefile:
 # @echo Configuring libpcap; cd $(LIBPCAPDIR); ./configure
 
@@ -112,7 +116,7 @@ distro:
 web:
  cd dev && $(MAKE) web
 
-clean: @PCAP_CLEAN@ @PCRE_CLEAN@ @DNET_CLEAN@ nmapfe_clean nsock_clean nbase_clean my_clean
+clean: @LUA_CLEAN@ @PCAP_CLEAN@ @PCRE_CLEAN@ @DNET_CLEAN@ nmapfe_clean nsock_clean nbase_clean my_clean 
 
 my_clean:
  rm -f dependencies.mk
@@ -129,6 +133,8 @@ nbase_clean:
  -cd $(NBASEDIR) && $(MAKE) clean
 nsock_clean:
  -cd $(NSOCKDIR)/src && $(MAKE) clean
+lua_clean:
+ -cd $(LIBLUADIR) && $(MAKE) clean
 pcap_dist_clean:
  -cd $(LIBPCAPDIR) && $(MAKE) distclean
 pcre_dist_clean:
@@ -137,14 +143,16 @@ dnet_dist_clean:
  -cd $(LIBDNETDIR) && $(MAKE) distclean
 nmapfe_dist_clean:
  -cd nmapfe && $(MAKE) distclean
+lua_dist_clean:
+ -cd $(LIBLUADIR) && $(MAKE) clean
 nbase_dist_clean:
  -cd $(NBASEDIR) && $(MAKE) distclean
 nsock_dist_clean:
  -cd $(NSOCKDIR)/src && $(MAKE) distclean
 debugclean:
  rm -f *.gcov *.gcda *.gcno gmon.out
 
-distclean: my_clean my_distclean @PCAP_DIST_CLEAN@ @PCRE_DIST_CLEAN@ @DNET_DIST_CLEAN@ nmapfe_dist_clean nbase_dist_clean nsock_dist_clean
+distclean: my_clean my_distclean @LUA_DIST_CLEAN@ @PCAP_DIST_CLEAN@ @PCRE_DIST_CLEAN@ @DNET_DIST_CLEAN@ nmapfe_dist_clean 
 
 my_distclean:
  rm -f Makefile Makefile.bak makefile.dep config.h stamp-h stamp-h.in \
@@ -169,7 +177,10 @@ install-nmapfe: $(TARGETNMAPFE)
  @echo "If the next command fails -- you cannot use the X front end"
  -test -f nmapfe/nmapfe && $(INSTALL) -c -m 755 -s nmapfe/nmapfe $(DESTDIR)$(bindir)/nmapfe && rm -f $(DESTDIR)$(bindir)/xnmap && $(SHTOOL) mkln -f -s $(DESTDIR)$(bindir)/nmapfe $(DESTDIR)$(bindir)/xnmap && $(INSTALL) -c -m 644 nmapfe.desktop $(DESTDIR)$(deskdir)/nmapfe.desktop && $(INSTALL) -c -m 644 docs/nmapfe.1 $(DESTDIR)$(mandir)/man1/nmapfe.1 && $(INSTALL) -c -m 644 docs/xnmap.1 $(DESTDIR)$(mandir)/man1/xnmap.1
 
-install: install-nmap $(INSTALLNMAPFE)
+install-nse: $(TARGET)
+ cp -r scripts/ $(DESTDIR)$(nmapdatadir)/
+
+install: install-nmap $(INSTALLNMAPFE) $(INSTALLNSE)
 
 uninstall:
  rm -f $(bindir)/$(TARGET) $(bindir)/nmapfe $(bindir)/xnmap

diff --git a/NmapOps.cc b/NmapOps.cc
@@ -259,7 +259,12 @@ void NmapOps::Initialize() {
  ipopt_firsthop = 0;
  ipopt_lasthop = 0; 
  release_memory = false;
-
+#ifndef NOLUA
+ script = 0;
+ scriptversion = 0;
+ scripttrace = 0;
+ scriptupdatedb = 0;
+#endif
 }
 
 bool NmapOps::TCPScan() {
@@ -525,3 +530,15 @@ void NmapOps::setSpoofMACAddress(u8 *mac_data) {
  memcpy(spoof_mac, mac_data, 6);
  spoof_mac_set = true;
 }
+
+#ifndef NOLUA
+void NmapOps::chooseScripts(char* argument) {
+ char *ap;
+
+ ap = strtok(argument, ",");
+ while(ap != NULL) {
+ chosenScripts.push_back(std::string(ap));
+ ap = strtok(NULL, ",");
+ }
+}
+#endif
diff --git a/NmapOps.h b/NmapOps.h
@@ -302,13 +302,21 @@ class NmapOps {
  char *dns_servers;
  bool log_errors;
 
+#ifndef NOLUA
+ int script;
+ int scriptversion;
+ int scripttrace;
+ int scriptupdatedb;
+ void chooseScripts(char* argument);
+ std::vector<std::string> chosenScripts;
+#endif
+
  /* ip options used in build_*_raw() */
  u8 *ipoptions;
  int ipoptionslen;
  int ipopt_firsthop; // offset in ipoptions where is first hop for source/strict routing
  int ipopt_lasthop; // offset in ipoptions where is space for targets ip for source/strict routing
 
-
  // Statistics Options set in nmap.cc
  int numhosts_scanned;
  int numhosts_up;

diff --git a/NmapOutputTable.cc b/NmapOutputTable.cc
@@ -140,6 +140,20 @@ NmapOutputTable::~NmapOutputTable() {
  if (tableout) free(tableout);
 }
 
+void NmapOutputTable::addItem(unsigned int row, unsigned int column, bool fullrow,
+ bool copy, const char *item, int itemlen) {
+ struct NmapOutputTableCell *cell;
+ int mc = maxColLen[column];
+
+ addItem(row, column, copy, item, itemlen);
+
+ maxColLen[column] = mc;
+ cell = getCellAddy(row, column);
+ cell->fullrow = fullrow;
+
+ return;
+}
+
 void NmapOutputTable::addItem(unsigned int row, unsigned int column, bool copy, const char *item, 
  int itemlen) {
  struct NmapOutputTableCell *cell;
@@ -174,11 +188,12 @@ void NmapOutputTable::addItem(unsigned int row, unsigned int column, bool copy,
  return;
 }
 
-// Like addItem except this version takes a printf-style format string 
-// followed by varargs
 void NmapOutputTable::addItemFormatted(unsigned int row, 
- unsigned int column, 
+ unsigned int column,
+ bool fullrow,
  const char *fmt, ...) {
+ struct NmapOutputTableCell *cell;
+ int mc = maxColLen[column];
  unsigned int res;
  va_list ap; 
  va_start(ap,fmt);
@@ -189,24 +204,35 @@ void NmapOutputTable::addItemFormatted(unsigned int row,
  if (res > sizeof(buf))
  fatal("NmapOutputTable only supports adding up to 4096 to a cell via addItemFormatString.");
 
- addItem(row, column, true, buf, res);
+ addItem(row, column, fullrow, true, buf, res);
 
- return;
+ maxColLen[column] = mc;
+ cell = getCellAddy(row, column);
+ cell->fullrow = fullrow;
 }
 
 // Returns the maximum size neccessary to create a printableTable() (the 
 // actual size could be less);
 int NmapOutputTable::printableSize() {
 
+ struct NmapOutputTableCell *cell;
  int rowlen = 0;
  unsigned int i;
 
  for(i = 0; i < numColumns; i++) {
- rowlen += maxColLen[i];
+ rowlen += maxColLen[i]; 
  }
 
  /* Add the delimeter between each column, and the final newline */
  rowlen += numColumns;
+
+ // if one of the fullrow tables is larger than the single column
+ // roles then the maximal rowlen needs to be adjusted.
+ for(i = 0; i < numRows; i++) {
+ cell = getCellAddy(i, 0);
+ if(cell->fullrow && cell->strlength > rowlen)
+ rowlen = cell->strlength;
+ }
 
  return rowlen * numRows;
 
@@ -235,18 +261,25 @@ char *NmapOutputTable::printableTable(int *size) {
 
  for(row = 0; row < numRows; row++) {
  validthisrow = 0;
- for(col = 0; col < numColumns; col++) {
- cell = getCellAddy(row, col);
- clen = maxColLen[col];
- if (cell->strlength > 0) {
- memcpy(p, cell->str, cell->strlength);
- p += cell->strlength;
- validthisrow++;
- }
- // No point leaving trailing spaces ...
- if (validthisrow < itemsInRow[row]) {
- for(i=cell->strlength; i <= clen; i++) // one extra because of space between columns
- *(p++) = ' ';
+
+ cell = getCellAddy(row, 0);
+ if(cell->fullrow && cell->strlength > 0) {
+ memcpy(p, cell->str, cell->strlength);
+ p += cell->strlength;
+ } else {
+ for(col = 0; col < numColumns; col++) {
+ cell = getCellAddy(row, col);
+ clen = maxColLen[col];
+ if (cell->strlength > 0) {
+ memcpy(p, cell->str, cell->strlength);
+ p += cell->strlength;
+ validthisrow++;
+ }
+ // No point leaving trailing spaces ...
+ if (validthisrow < itemsInRow[row]) {
+ for(i=cell->strlength; i <= clen; i++) // one extra because of space between columns
+ *(p++) = ' ';
+ }
  }
  }
  *(p++) = '\n';

diff --git a/NmapOutputTable.h b/NmapOutputTable.h
@@ -118,6 +118,7 @@ struct NmapOutputTableCell {
  char *str;
  int strlength;
  bool weAllocated; // If we allocated str, we must free it.
+ bool fullrow;
 };
 
 class NmapOutputTable {
@@ -130,9 +131,12 @@ class NmapOutputTable {
  // ptr (and you better not free it until this table is destroyed ). Skip the itemlen parameter if you
  // don't know (and the function will use strlen).
  void addItem(unsigned int row, unsigned int column, bool copy, const char *item, int itemlen = -1);
+ void addItem(unsigned int row, unsigned int column, bool fullrow, bool copy, const char *item, int itemlen = -1);
+
  // Like addItem except this version takes a printf-style format string followed by varargs
- void addItemFormatted(unsigned int row, unsigned int column, const char *fmt, ...)
- __attribute__ ((format (printf, 4, 5)));
+ void addItemFormatted(unsigned int row, unsigned int column, bool fullrow, const char *fmt, ...)
+ __attribute__ ((format (printf, 4, 5)));
+
  // Returns the maximum size neccessary to create a printableTable() (the 
  // actual size could be less);
  int printableSize();

diff --git a/Target.cc b/Target.cc
@@ -140,7 +140,17 @@ void Target::Initialize() {
  htn.msecs_used = 0;
  htn.toclock_running = false;
  interface_type = devt_other;
- devname[0] = devfullname[0] = '\0';
+ devname[0] = '\0';
+ devfullname[0] = '\0';
+}
+
+
+const char * Target::deviceName() { 
+ return (devname[0] != '\0')? devname : NULL;
+}
+
+const char * Target::deviceFullName() { 
+ return (devfullname[0] != '\0')? devfullname : NULL; 
 }
 
 void Target::Recycle() {