This is the wiki page for data related to Ncat-Lua GSoC 2013 project.
Use cases for Lua
nmap-dev thread: http://seclists.org/nmap-dev/2013/q2/445
David: I want to do
ncat --lua-exec program.lua
Ncat will fork and exec
program.lua as if it were a shell script with
--sh-exec. In fact, the above is the same as
ncat --sh-exec "lua program.lua"
except that you don't need a separate installation of Lua, and perhaps Ncat's Lua interpreter will have libraries available by default or something.)
Simple HTTP server/client
Quoting the todo/nmap.txt:
o [Ncat] This may sound ridiculous, but I'm starting to think that Ncat should offer a very simple built-in http server (e.g. for simply sharing files, etc.) And maybe a simple client too.
Simple chat server
I want a chat that is similar to Ncat's built in one, but with /name command which lets users change their names. Sample code available here: https://gist.github.com/d33tah/5888643
Minimalistic IRC client
I'd like to run something like:
ncat --with irc irc.freenode.net 6667
...and drop into a minimalistic IRC client, that does the PING for me and lets me talk on one channel.
I want a service I can connect to and would let me perform HTTP queries the same way nslookup lets me peform DNS ones. After connecting, I will be greeted with '> ' command prompt. I first start by setting the remote host using the command "server nmap.org" and send the newline character. Then I'd like to type in the first line of the request (without the HTTP version), send the newline and get the reply headers, like in this example session:
> server nmap.org > GET / HTTP/1.1 200 OK Date: Fri, 28 Jun 2013 20:28:42 GMT Server: Apache/2.2.15 (CentOS) Accept-Ranges: bytes Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Telnet negotiation and CRLF replacement
-C options are implemented as special-purpose C code. (Grep for
fix_line_endings.) It would be nice if these along with other things could be implemented as little Lua snippets. What I'm picturing here is not separate script files, but actual Lua source code as strings within the Ncat source code. Each little program would be like a filter that does CRLF substitution or whatever. This use case seems straightforward but I think the implementation is not trivial (but neither is it super hard). CRLF substitution needs to keep state across calls in case a CRLF crosses a buffer boundary. Telnet negotiation needs to send data in-band in response to information it receives. So neither is a simple block-at-a-time byte filter.
David: See RFC 6455. It would be nice to do
ncat --websocket ws://example.com:8000/ ncat --listen --websocket ws://localhost:8000/
What this involves is first sending a special HTTP request asking for a protocol change to WebSocket. Then you have to receive a response and do some SHA1 calculations and do error handling. After that you can send and receive data on the same TCP connection, but not directly: each little block of data needs to be encapsulated in WebSocket messages and frames. This is quite a heavyweight use case. An implementation that can do it, can probably do most of what we would want Lua integration to do. You should also be able to use SSL WebSocket in the obvious way:
ncat --websocket wss://example.com:8000/
Downgrade SQL auth
Martin Holst Swende: Patrik Karlsson wrote beanshell scripts for hatkit to downgrade SQL auth: https://bitbucket.org/holiman/hatkit-proxy/src/b9b6dad28cc5a437ba484cb9eb835b7a085aced8/resources/processors/ms-sql-downgrade.bs. Perhaps this could be done in Ncat script?