Nmap Development mailing list archives

Re: [NSE] http.lua cleanups

From: Ron <ron () skullsecurity net>
Date: Thu, 18 Nov 2010 07:44:13 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This may go back to an issue another person was having recently, where too many scripts would run at once and exhaust 
all memory. 

On Thu, 18 Nov 2010 12:32:59 +0100 "A. Ramos" <aramosf.lists () gmail com> wrote:

http-headers have launched on a large number of IPs and it hung (with
http.lua in the 5.35DC1 release):

Stats: 0:11:34 elapsed; 6144 hosts completed (7168 up), 1024
undergoing Script Scan
NSE: Active NSE Script Threads: 4 (3 waiting)

NSE Timing: About 99.60% done; ETC: 12:30 (0:00:02 remaining)

NSE: Waiting: 'http-headers' (thread: 0x1b998e0)
        stack traceback:
                [C]: in function 'receive'
                /usr/share/nmap/nselib/http.lua:282: in function
</usr/share/nmap/nselib/http.lua:275>
                (tail call): ?
                /usr/share/nmap/nselib/http.lua:675: in function
'next_response'
                /usr/share/nmap/nselib/http.lua:973: in function
</usr/share/nmap/nselib/http.lua:942>
                (tail call): ?
                /usr/share/nmap/nselib/http.lua:1005: in function
'get' /usr/share/nmap/scripts/http-headers.nse:68: in function
</usr/share/nmap/scripts/http-headers.nse:49>
                (tail call): ?
NSE: Waiting: 'http-headers' (thread: 0x107ab70)
        stack traceback:
                [C]: in function 'receive'
                /usr/share/nmap/nselib/http.lua:282: in function
</usr/share/nmap/nselib/http.lua:275>
                (tail call): ?
                /usr/share/nmap/nselib/http.lua:675: in function
'next_response'
                /usr/share/nmap/nselib/http.lua:973: in function
</usr/share/nmap/nselib/http.lua:942>
                (tail call): ?
                /usr/share/nmap/nselib/http.lua:1005: in function
'get' /usr/share/nmap/scripts/http-headers.nse:68: in function
</usr/share/nmap/scripts/http-headers.nse:49>
                (tail call): ?
NSE: Waiting: 'http-headers' (thread: 0xe27a10)
        stack traceback:
                [C]: in function 'receive'
                /usr/share/nmap/nselib/http.lua:282: in function
</usr/share/nmap/nselib/http.lua:275>
                (tail call): ?
                /usr/share/nmap/nselib/http.lua:675: in function
'next_response'
                /usr/share/nmap/nselib/http.lua:973: in function
</usr/share/nmap/nselib/http.lua:942>
                (tail call): ?
                /usr/share/nmap/nselib/http.lua:1005: in function
'get' /usr/share/nmap/scripts/http-headers.nse:68: in function
</usr/share/nmap/scripts/http-headers.nse:49>
                (tail call): ?


2010/11/17 David Fifield <david () bamsoftware com>

On Wed, Nov 17, 2010 at 02:26:53PM -0600, Ron wrote:

On Wed, 17 Nov 2010 12:12:27 -0800 David Fifield
<david () bamsoftware com>

wrote:

On Mon, Nov 01, 2010 at 07:08:35PM -0600, David Fifield wrote:

On Wed, Oct 27, 2010 at 11:03:01PM -0500, Ron wrote:

I've spent the past few days cleaning up http.lua
functions, and I'm pretty happy with the result I have now.
Among other things, I: o Updated the documentation on
pretty much every function o Updated the module
documentation to discuss how to use http.lua, along with an
example o Changed the interface to http.pipeline to work be
significantly cleaner, and documented it (I also kept the
old interface, which prints a warning and calls the new
function) o Made functions 'local' that should have been,
and that aren't being used o Document and validate the
'options' table o Document the 'response' table o Change
nmap.registry.args.* to stdnse.get_script_args() o
Normalized indentation and style, where possible, including
function definitions ('function xxx()' instead of 'xxx =
function()').


This looks good. You can commit it.

In general, if you're making style changes only, and people
aren't likely to object to the style changes, you can just
commit them without asking. I appreciate you keeping
backwards-compatible pipeline functions.


I'm getting an error with the new pipeline functions:

NSE: 'http-userdir-enum' (thread: 0x106b520) against
64.13.134.52:80 threw an error! ./nselib/http.lua:1317: bad
argument #1 to 'insert' (table expected, got string) stack
traceback: [C]: in function 'insert'
        ./nselib/http.lua:1317: in function 'pipeline_add'
        ./scripts/http-userdir-enum.nse:81: in function
<./scripts/http-userdir-enum.nse:42> (tail call): ?

It looks wrong because http-userdir-enum is calling
pipeline_add with three arguments when it should be four.

David Fifield


Oops, I missed the 'all' argument somehow. I fixed it in two
places in

http-userdir-enum, it should be good now.

Thanks, works well now.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/




-- 
Alejandro Ramos -- aka dab
http://www.securitybydefault.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkzlLa0ACgkQ2t2zxlt4g/QLlACdF0gAYbv4glWRaxiTbHCuSgEA
vn0An0dyPNCg02oqQECvaAHgISR9KKIQ
=izdZ
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] http.lua cleanups Ron (Oct 27)
- Re: [NSE] http.lua cleanups David Fifield (Nov 01)
  - Re: [NSE] http.lua cleanups Ron (Nov 02)
  - Re: [NSE] http.lua cleanups David Fifield (Nov 17)
    - Re: [NSE] http.lua cleanups Ron (Nov 17)
    - Re: [NSE] http.lua cleanups David Fifield (Nov 17)
    - Re: [NSE] http.lua cleanups A. Ramos (Nov 18)
    - Re: [NSE] http.lua cleanups Ron (Nov 18)
- Re: [NSE] http.lua cleanups Patrick Donnelly (Nov 04)
  - Re: [NSE] http.lua cleanups Ron (Nov 04)