Call for testing: --lua-exec in Ncat feature (*nix only at the moment)

[Jacek Wielemborek <wielemborekj1 () gmail com>]

Greetings, fellow hacker!

I'd like to start off by thanking you for reading this e-mail. You
being subscribed to Nmap's development mailing list means that you're
interested in the path the project is going to take and have the power
to change this path. It's a lot.

It is a great occasion for you to use this power now. Today I finished
implementing --lua-exec functionality for the Ncat tool (at least as
far as Unix-compatible systems are concerned; Windows is not supported
yet). --lua-exec allows the users to write Lua scripts that will
automate the way Ncat communicates using sockets.

This way you can easily write simple clients and servers that are made
of portable code interpreted by a very lightweight tool. In addition
to that, you can still switch TCP to UDP or STCP with a single
command-line switch, enable SSL if you need it, use IPv6, secure your
service with IP black/whitelists and many more... All the power of
Ncat Swiss Army knife now automated!

This feature is currently in beta stage, which means it should already
be stable, but we need creative testers to have fun with the feature
and make sure it can be relied upon. In order to do that, please
download the code and build it, along with its dependencies, using a
following chain of commands:

svn co https://svn.nmap.org/nmap-exp/d33tah/ncat-lua && \
cd ncat-lua
./configure
make

The build process might take a few minutes. If the command's output
didn't end with an error, it means you successfully built Ncat (along with
the rest of Nmap project) and can now either issue “make install” as root
to install it or run it from the current working directory by issuing
“ncat/ncat” command.

Now, let's try it out. We're first write a script that asks for your name
and says hello to you. Write the following lines into a greet.lua file:

io.stdout:write("Please enter your name: ")
io.stdout:flush() --if we don't use print(), we need to flush
name = io.stdin:read("*line")
print(string.format("Hello, %s! And goodbye!", name))


(for the non-Lua programmers, the text after the double hyphen
is just a comment).

Once you you created that file, let's run a service powered by this script
on a TCP port 31337 and connect to it:

# ncat --lua-exec scripts/greeter.lua -l -p 31337
# ncat localhost 31337
Please enter your name:

Now you can write your name (or anything else) and see it being repeated.
After that, the script terminates and the server shuts down (you can change
that using --keep-open, or -k command-line switch).

--lua-exec works well over binary streams as well. In the “ncat/scripts”
directory you can find some examples and I demonstrated this capability in
05-telnet.lua, where Ncat responds to telnet control commands as would
Ncat's -t command-line switch do. Feel free to do some experimenting!

Did you like it? Was it stable or did you stumble upon a bug? Is there
something that should have been mentioned in the documentation, but it
wasn't? Is there some feature in particular that could prove useful?
Though we're mostly looking for bug reports now, every feedback, both
positive and negative, can influence the final implementation.

Remember, your voice matters!

Thanks for helping Ncat become an even better tool! Have a nice day,
Jacek “d33tah” Wielemborek
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/