Ncat-Lua
This is the wiki page for data related to Ncat-Lua GSoC 2013 project.
Contents
Use cases for Lua
nmap-dev thread: http://seclists.org/nmap-dev/2013/q2/445
--lua-exec
David: I want to do
ncat --lua-exec program.lua
Ncat will fork and exec program.lua
as if it were a shell script with --sh-exec
. In fact, the above is the same as
ncat --sh-exec "lua program.lua"
except that you don't need a separate installation of Lua, and perhaps Ncat's Lua interpreter will have libraries available by default or something.)
Simple HTTP server/client
Quoting the todo/nmap.txt:
o [Ncat] This may sound ridiculous, but I'm starting to think that Ncat should offer a very simple built-in http server (e.g. for simply sharing files, etc.) And maybe a simple client too.
Simple chat server
I want a chat that is similar to Ncat's built in one, but with /name command which lets users change their names. Sample code available here: https://gist.github.com/d33tah/5888643
Minimalistic IRC client
I'd like to run something like:
ncat --with irc irc.freenode.net 6667
...and drop into a minimalistic IRC client, that does the PING for me and lets me talk on one channel.
httplookup
I want a service I can connect to and would let me perform HTTP queries the same way nslookup lets me peform DNS ones. After connecting, I will be greeted with '> ' command prompt. I first start by setting the remote host using the command "server nmap.org" and send the newline character. Then I'd like to type in the first line of the request (without the HTTP version), send the newline and get the reply headers, like in this example session:
> server nmap.org > GET / HTTP/1.1 200 OK Date: Fri, 28 Jun 2013 20:28:42 GMT Server: Apache/2.2.15 (CentOS) Accept-Ranges: bytes Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
Telnet negotiation and CRLF replacement
David: The -t
and -C
options are implemented as special-purpose C code. (Grep for dotelnet
and fix_line_endings
.) It would be nice if these along with other things could be implemented as little Lua snippets. What I'm picturing here is not separate script files, but actual Lua source code as strings within the Ncat source code. Each little program would be like a filter that does CRLF substitution or whatever. This use case seems straightforward but I think the implementation is not trivial (but neither is it super hard). CRLF substitution needs to keep state across calls in case a CRLF crosses a buffer boundary. Telnet negotiation needs to send data in-band in response to information it receives. So neither is a simple block-at-a-time byte filter.
WebSocket mode
David: See RFC 6455. It would be nice to do
ncat --websocket ws://example.com:8000/ ncat --listen --websocket ws://localhost:8000/
What this involves is first sending a special HTTP request asking for a protocol change to WebSocket. Then you have to receive a response and do some SHA1 calculations and do error handling. After that you can send and receive data on the same TCP connection, but not directly: each little block of data needs to be encapsulated in WebSocket messages and frames. This is quite a heavyweight use case. An implementation that can do it, can probably do most of what we would want Lua integration to do. You should also be able to use SSL WebSocket in the obvious way:
ncat --websocket wss://example.com:8000/
Downgrade SQL auth
Martin Holst Swende: Patrik Karlsson wrote beanshell scripts for hatkit to downgrade SQL auth: https://bitbucket.org/holiman/hatkit-proxy/src/b9b6dad28cc5a437ba484cb9eb835b7a085aced8/resources/processors/ms-sql-downgrade.bs. Perhaps this could be done in Ncat script?
sslstrip
Like this.