--- -- Common communication functions for network discovery tasks like -- banner grabbing and data exchange. -- -- The functions in this module return values appropriate for use with -- exception handling via nmap.new_try. -- -- These functions may be passed a table of options, but it's not required. The -- keys for the options table are "bytes", "lines", -- "proto", and "timeout". "bytes" sets -- a minimum number of bytes to read. "lines" does the same for -- lines. "proto" sets the protocol to communicate with, -- defaulting to "tcp" if not provided. "timeout" -- sets the socket timeout (see the socket function set_timeout -- for details). -- -- If both "bytes" and "lines" are provided, -- "lines" takes precedence. If neither are given, the functions -- read as many bytes as possible. -- @author Kris Katterjohn 04/2008 -- @copyright Same as Nmap--See http://nmap.org/book/man-legal.html module(... or "comm", package.seeall) require 'nsedebug' require 'datafiles' -- Makes sure that opts exists and the default proto is there local initopts = function(opts) if not opts then opts = {} end if not opts.proto then opts.proto = "tcp" end return opts end -- Sets up the socket and connects to host:port local setup_connect = function(host, port, opts) if type(host) ~= "table" then host = {ip = host} end local target = host.ip if type(port) ~= "table" then port = {number = port} end local sock = nmap.new_socket() if opts.timeout then sock:set_timeout(opts.timeout) end local status, err = sock:connect(target, port.number, opts.proto) if not status then return status, err end -- If nothing is given, specify bytes=1 so NSE reads everything if not opts.lines and not opts.bytes then opts.bytes = 1 end return true, sock end local read = function(sock, opts) local response, status if opts.lines then status, response = sock:receive_lines(opts.lines) return status, response end status, response = sock:receive_bytes(opts.bytes) return status, response end --- This function simply connects to the specified port number on the -- specified host and returns any data received. -- -- The first return value is true to signal success or false to signal -- failure. On success the second return value is the response from the -- remote host. On failure the second return value is an error message. -- @param host The host to connect to. -- @param port The port on the host. -- @param opts The options. See the module description. -- @return Status (true or false). -- @return Data (if status is true) or error string (if status is false). get_banner = function(host, port, opts) opts = initopts(opts) opts.recv_before = true local socket, nothing, correct, banner = tryssl(host, port, "", opts) if socket then socket:close() return true, banner end return false, banner end --- This function connects to the specified port number on the specified -- host, sends data, then waits for and returns the response, if any. -- -- The first return value is true to signal success or false to signal -- failure. On success the second return value is the response from the -- remote host. On failure the second return value is an error message. -- @param host The host to connect to. -- @param port The port on the host. -- @param data The data to send initially. -- @param opts The options. See the module description. -- @return Status (true or false). -- @return Data (if status is true) or error string (if status is false). exchange = function(host, port, data, opts) opts = initopts(opts) local status, sock = setup_connect(host, port, opts) local ret if not status then -- sock is an error message in this case return status, sock end status, ret = sock:send(data) if not status then sock:close() return status, ret end status, ret = read(sock, opts) sock:close() return status, ret end --- This function just checks if the provided port number is on a list -- of ports that usually provide services with ssl -- -- @param port_number The number of the port to check -- @return bool True if port is usually ssl, otherwise false local function is_ssl(port_number) local common_ssl_ports = {443, 465, 989, 990, 992, 993, 994, 995, 587, 6697, 6679, 8443} local table_size = table.maxn(common_ssl_ports) local i = 0 while i < table_size do if port_number == common_ssl_ports[i] then return true end i = i + 1 end return false end --- This function returns best protocol order for trying to open a -- conenction based on port and service information -- -- The first value is the best option, the second is the worst -- @param port The port table -- @return Best option ("tcp" or "ssl") -- @return Worst option ("tcp" or "ssl") local function bestoption(port) if type(port) == 'table' then if port.version and port.version.service_tunnel and port.version.service_tunnel == "ssl" then return "ssl","tcp" end if port.version and port.version.name_confidence and port.version.name_confidence > 6 then return "tcp","ssl" end if is_ssl(port.number) then return "ssl","tcp" end elseif type(port) == 'number' then if is_ssl(port) then return "ssl","tcp" end end return "tcp","ssl" end --- This function opens a connection, sends the first data payload and -- check if a response is correctly received (what means that the -- protocol used is fine) -- -- Possible options: -- timeout: generic timeout value -- connect_timeout: especific timeout for connection -- request_timeout: especific timeout for requests -- recv_before: receive data before sending first payload -- -- Default timeout is set to 8000. -- -- @param ip The destination host IP -- @param port The destination host port -- @param protocol The protocol for the connection -- @param data The first data payload of the connection -- @return sd The socket descriptor, nil if no connection is estabilished -- @return response The response received for the payload -- @return early_resp If opt recv_before is true, returns the value -- of the first receive (before sending data) local function opencon(ip, port, protocol, data, opts) local sd = nmap.new_socket() -- check for connect_timeout or timeout option if opts and opts.connect_timeout then sd:set_timeout(opts.connect_timeout) elseif opts and opts.timeout then sd:set_timeout(opts.timeout) else sd:set_timeout(8000) end local status = sd:connect(ip, port, protocol) if not status then sd:close() return nil, nil, nil end -- check for request_timeout or timeout option if opts and opts.request_timeout then sd:set_timeout(opts.request_timeout) elseif opts and opts.timeout then sd:set_timeout(opts.timeout) else sd:set_timeout(8000) end local response, early_resp; if opts and opts.recv_before then status, early_resp = sd:receive() end if #data > 0 then sd:send(data) status, response = sd:receive() else if not opts and opts.recv_before then nsedebug.print_debug("Using comm.tryssl without first data payload and recv_first." .. "\nImpossible to test the connection for the correct protocol!") end response = early_resp end if not status then sd:close() return nil, response, early_resp end return sd, response, early_resp end --- This function tries to open a connection based on the best -- option about which is the correct protocol -- -- If the best option fails, the function tries the other option -- -- This function allows writing nse scripts in a way that the -- API will take care of ssl issues, making failure detection -- transparent to the programmer -- -- @param host The host table -- @param port The port table -- @param data The first data payload of the connection -- @param opts Options, such as timeout -- @return sd The socket descriptor -- @return response The response received for the payload -- @return correctOpt Correct option for connection guess -- @return earlyResp If opt recv_before is true, returns the value -- of the first receive (before sending data) function tryssl(host, port, data, opts) local opt1, opt2 = bestoption(port) if type(port) == 'table' then port = port.number end if type(host) == 'table' then host = host.ip end local best = opt1 local sd, response, early_resp = opencon(host, port, opt1, data, opts) if not sd then sd, response, early_resp = opencon(host, port, opt2, data, opts) best = opt2 end if not sd then best = "none" end return sd, response, best, early_resp end