????Nmap?????????????棨NSE????????????Lua????????Nmap????????????????????300????????Lua????????????Nmap????????????????衢??????????????????????????????????????????????????????HTTP??????????????????????????鳣??????????????????????????????????????????????????????NSE????????дLua????????Nmap???????????
????1????????
????1.1 ??????
????NSE??Nmap Scripting Engine????Nmap????????????????
????NSE????????????????Lua????????NSE library??
????????????Nmap????????Lua???????????Lua????????Lua????С??????????????????????Nmap?????C/C++????????
????NSE library???Lua?????Nmap??????????????????????????????????????????С?IO?????????????????????????????????
????1.2 ???????
????NSE??????Lua??????????????Category???????????????:
????auth ??????????饗????????????
????broadcast ???????????????????????????dhcp/dns/sqlserver?????
????brute ?????????????????????????http/snmp??
????default ???????-sC??-A?????????????????????????????????
????discovery ????????и???????????SMB????SNMP?????
????dos ??????о??????????denial of service??
????exploit ??????????????????
????external ?????????????????????????????whois????
????fuzzer ???????????????????????????????????????
????intrusive ??????????????????????????????IDS/IPS??????????
????malware ????????????????????????????????
????safe ??????intrusive??????????????
????version ?????????????汾??裨Version Detection???????????
????vuln ??????????????г??????????Vulnerability???????????MS08_067??
????1.3 ?????????
????Nmap?????????в??????£?
????-sC:?????--script=default????????????????????衣
????--script=<Luascripts>:<Luascripts>???????????????????裬???????????
????--script-args=<n1=v1??[n2=v2??...]>:????????????
????--script-args-file=filename:??????????????????
????--script-trace:????????й????з?????????????
????--script-updatedb:???????????
????--script-help=<Luascripts>:????????????????????<Luascripts>???????????????????????
????2???????
????2.1 ??????
????Nmap????????????????????
????nse_main.cc/nse_main.h/nse_main.lua?????????????????????????????????????С?
????nmap/nse_*?????nmap?????????nse???????????????NSE?????????????dnet??nsock??ssl??pcrelib??fs??bit??????????????
????liblua??????Lua???????????C???????????Lua?????????????????
????nselib????Nmap????NSE?????????Lua??????????????????
????scripts????Nmap???????y??????????????????????????????Nmap?????300????????14???????
????2.2 ????????
????2.2.1?????????

????2.2.2???????
?????????????
???????????в?????????????--script/-sC???????-A???????-sV?????????Nmap?????????檔????-A?????aggressive scan???????default????????裻??-sV??????????汾????????Version??????????????????????????
??????Nmap.cc??nmap_main()?????У????ж??????????????棬???????open_nse()????????NSE?????????????open_nse()?????????luaState??????Lua??????????е?????????????????init_main()??????????????????
????????init_main()?????????????Lua???????Nmap?????????????????????????????????nse_main.lua?????
????nse_main.lua??????????????????Lua????????????????????????????????磬???--script discovery?????????????????е?????????????????????main()?????????init_main()????main()?????????????????????????????????Lua????????????С?
??????nse_main.lua?У????????????????Script??Thread??Script???????NSE????????μ????????????????Script.new???????????????????????????????????????????Thread?????????????У???????????????????????饗sanity check??????????Action?????????????????????????????????????????????????????????????????????????????????????