Nmap Development mailing list archives
Re: http-slowloris-check.nse script error
From: Chris Clements <christopher.a.clements () gmail com>
Date: Fri, 31 Aug 2012 09:48:59 -0500
I'm fairly certain I can, but are you asking if I can reproduce after the patch, or before? Chris On Aug 30, 2012, at 7:17 PM, Daniel Miller wrote:
Christopher, This appears to happen because comm.tryssl() on line 123 cannot connect to the target port, and so returns "none" for Bestopt. This patch should avoid the error by ending the script at that point, but there may be a larger issue. Can you reproduce this reliably? --- a/scripts/http-slowloris-check.nse +++ b/scripts/http-slowloris-check.nse @@ -121,6 +121,10 @@ so, it starves the http server's resources causing Denial Of Service. local _ _, _, Bestopt = comm.tryssl(host, port, "GET / \r\n\r\n", {}) -- first determine if we need ssl + if Bestopt == "none" then + stdnse.print_debug("%s: Could not connect to port", SCRIPT_NAME) + return nil + end HalfHTTP = "POST /" .. tostring(math.random(100000, 900000)) .. " HTTP/1.1\r\n" .. "Host: " .. host.ip .. "\r\n" .. "User-Agent: " .. http.USER_AGENT .. "\r\n; " .. Please let us know if there is any way to reliably reproduce the issue. Dan On Wed, Aug 29, 2012 at 3:15 PM, Christopher Clements <christopher.a.clements () gmail com> wrote:Received this error during a scan today with svn version 29697 (sanitized) NSE: 'http-slowloris-check' worker (thread: 0x38b37b0) against xx.xx.xx.xx:443 threw an error! ...local/bin/../share/nmap/scripts/http-slowloris-check.nse:75: bad argument #3 to 'connect' (invalid option 'none') stack traceback: [C]: in function 'connect' ...local/bin/../share/nmap/scripts/http-slowloris-check.nse:75: in function 'main' /usr/local/bin/../share/nmap/nse_main.lua:826: in function </usr/local/bin/../share/nmap/nse_main.lua:826> _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-slowloris-check.nse script error Christopher Clements (Aug 30)
- Re: http-slowloris-check.nse script error Daniel Miller (Aug 30)
- Re: http-slowloris-check.nse script error Patrik Karlsson (Aug 31)
- Re: http-slowloris-check.nse script error Chris Clements (Aug 31)
- Re: http-slowloris-check.nse script error Chris Clements (Aug 31)
- Re: http-slowloris-check.nse script error Patrik Karlsson (Aug 31)
- Re: http-slowloris-check.nse script error Daniel Miller (Aug 30)