Returns the one's complement of a.

Returns the bitwise and of the w variables.

Returns the bitwise or of the w variables.

Returns the bitwise xor of the w variables.

Returns a shifted left b places—padded with zeros.

Returns a shifted logically right b places.

Returns a shifted arithmetically right b places.

Returns the integer remainder of a divided by b.

Returns a binary packed string. The format string describes how the parameters (p1, ...) will be interpreted. Numerical values following operators stand for operator repetitions and need an according amount of parameters. Operators expect appropriate parameter types.

Returns values read from the binary data string. First result is the position, at which unpack stopped. This can be used as init value for subsequent calls. The following results are the values according to the format string. Numerical values in the format string are interpreted as repetitions like in pack, except if used with A, B or H, in which cases the number tells unpack how many bytes to read. Unpack stops if either the format string or the binary data string are exhausted.

Returns a compiled regular expression. The first argument is a string describing the pattern, such as ^foo$. The second argument is a number describing which compilation flags are set. The compilation flags are set bitwise. If you want to set the 3rd (corresponding to the number 4) and the 1st (corresponding to 1) bit for example you would pass the number 5 as a second argument. The compilation flags accepted are those of the PCRE C library. These include flags for case insensitive matching (1), matching line beginnings (^) and endings ($) even in multiline strings (i.e. strings containing “\n”) (2) and a flag for matching across line boundaries (4). No compilation flags yield a default value of 0. The third (optional) argument is a string describing the locale which should be used to compile the regular expression. The variable is a string which is passed to the C standard library function setlocale. For more information on this argument refer to the documentation of setlocale. The resulting compiled regular expression is ready to be matched against strings. Compiled regular expressions are subject to Lua's garbage collection. Generally speaking, my_regex = pcre.new("<pcre-pattern>",0,"C") should do the job most of the time.

Returns a table of the available PCRE option flags (numbers) keyed by their names (strings). Possible names of the available strings can be retrieved from the documentation of the PCRE library used to link against Nmap. The key is the option name in the manual minus the PCRE prefix. PCRE_CASELESS becomes CASELESS for example.

Returns the version of the PCRE library in use as a string. For example 6.4 05-Sep-2005.

Returns the start point and the end point of the first match of the compiled regular expression pcre_obj in the string. A third returned value is a table which contains false in the positions where the pattern did not match. If named sub-patterns were used, the table also contains substring matches keyed by their sub-pattern name. Should no match be found the function returns nil. The second and third arguments are optional. The second argument is a number specifying where the engine should start trying to apply the pattern. The third argument specifies execution flags for the pattern. If you want to see if a given string matches a certain expression you could use:

s = pcre_obj:match("string to be searched", 0,0);
if(s) code_to_be_done_on_match end

This function is like match() except that a table returned as a third result contains offsets of substring matches rather than substring matches themselves. That table will not contain string keys, even if named sub-patterns are used. For example, if the whole match is at offsets 10, 20 and substring matches are at offsets 12, 14 and 16, 19 then the function returns the following: 10, 20, {12,14,16,19}

Tries to match the regular expression <pcre_obj> against <string> up to <n> times (or as many as possible if <n> is either not given or is not a positive number), subject to execution flags ef. Each time there is a match, <func> is called as <func(m, t)>, where <m> is the matched string and <t> is a table of substring matches. This table contains false in the positions where the corresponding sub-pattern did not match. If named sub-patterns are used then the table also contains substring matches keyed by their correspondent sub-pattern names (strings). If <func> returns a true value, then gmatch immediately returns; gmatch returns the number of matches made.

checks whether an IP address, provided as a string in dotted-quad notation, is part of the non-routed private IP address space, as described in RFC 1918. These addresses are the well-known 10.0.0.0/8, 192.168.0.0/16 and 172.16.0.0/12 networks.

returns the IP address as DWORD value (i.e. the IP <a.b.c.d> becomes (((a*256+b)*256+c)*256+d) )

returns 4 numbers corresponding to the fields in dotted-quad notation. For example, ipOps.get_parts_as_number("192.168.1.1") returns 192,168,1,1.

The port argument is either a number or a table of numbers which are interpreted as port numbers, against which the script should run.

The service argument is either a string or a table of strings which are interpreted as service names (e.g. "http", "https", "smtp" or "ftp") against which the script should run. These service names are determined by Nmap's version scan or (if no version scan information is available) the service assigned to the port in nmap-services (e.g. "http" for TCP port 80).

This is a combination of the above functions, since many scripts explicitly try to run against the well-known ports, but want also to run against any other port which was discovered to run the named service. A typical example for this function is: portrule = shortport.port_or_service(22,"ssh").

Returns true if the given list is empty.

Returns true if the given value is a list (or rather a table).

The provided function is applied to each element of the list separately. The returned list contains the results of each function call. For example listop.map(tostring,{1,2,true}) returns {"1","2","true"}.

All of the elements in the list are passed to a call of function. The result is then returned. For example listop.apply(math.max,{1,5,6,7,50000}) yields 50000.

Returns a list containing only those elements for which the predicate returns true. The predicate has to be a function, which takes an element of the list as argument and the result of which is interpreted as a Boolean value. If it returns true (or rather anything besides false and nil) the argument is appended to the return value of filter. For example: listop.filter(isnumber,{1,2,3,"foo",4,"bar"}) returns {1,2,3,4}.

Since a list can itself contain lists as elements, flatten returns a list which only contains values that are not themselves lists. For example: listop.flatten({1,2,3,"foo",{4,5,{"bar"}}}) returns {1,2,3,"foo",4,5,"bar"}.

Returns a list containing all elements of list1 appended by all elements of <list2>.

Returns a list containing <value1> appended by <value2>, which may be of any type.

Returns a list containing all elements of the given list in inverted order.

Returns the first element of the given list.

Returns the nth (or first if n is omitted) element of the given list.

Returns a list containing all elements but the first of the given list.

Returns a list containing all elements but the first n of the given list, where n is 2 if it is omitted.

Creates a new string buffer. The optional arguments are added to the string buffer. Attempting to add non-strings will result in undefined behavior.

Concatenates the value (which has to be either a string or a string buffer) to strbuf1. This is also the function serving as the string buffer's concatenation operator. The above function call can thus also be expressed as: buffer = strbuf1 .. value

Compares strbuf1 and strbuf2 for equality. For the function to return true, both values must be string buffers containing exactly the same strings. The eqbuf function is called to compare two strings for equality.

Deletes all strings in strbuf.

Dumps strbuf's contents as string. The second parameter is used as a delimiter between the strings stored inside strbuf. dump(strbuf, "\n") is used as the tostring function of string buffers.

This function takes a <query-string> of the form name1=value1&name2=value2... and returns a table containing the name-value pairs, with the name as the key and the value as its associated value. The table corresponding to the above <query-string> would have two entries: table["name1"]="value1" and table["name2"]="value2".

This is the inverse function to parse_query().

This is actually a wrapper around NSE's PCRE library exec function (see the section called “Perl Compatible Regular Expressions”), thus giving script developers the possibility to use regular expressions for delimiting instead of Lua's string patterns. If you want to get the data in chunks separated by pattern (which has to be a valid regular expression), you would write status, val = sockobj:receive_buf(match.regex("pattern")).

Takes a number as its argument and returns that many bytes. It can be used to get a buffered version of sockobj:receive_bytes(n) in case a script requires more than one fixed-size chunk, as the unbuffered version may return more bytes than requested and thus would require you to do the parsing on your own.

Fetches a resource with a GET request. The first argument is either a string with the hostname or a table like the host table passed by nmap. The second argument is either the port number or a table like the port table passed by nmap. The third argument is the path of the resource. The fourth argument is a table for further options. The table may have 2 keys: timeout and header. timeout is the timeout used for the socket operations. header is a table with additional headers to be used for the request. The function builds the request and calls http.request

Sends request to host:port and parses the answer. The first argument is either a string with the hostname or a table like the host table passed by nmap. The second argument is either the port number or a table like the port table passed by nmap. SSL is used for the request if either port.service equals https or port.version.service_tunnel equals ssl. The third argument is the request. The fourth argument is a table for further options. You can specify a timeout for the socket operations with the timeout key.

Parses url and calls http.get with the result. The second argument is a table for further options. The table may have 2 keys: timeout and header. timeout is the timeout used for the socket operations. header is a table with additional headers to be used for the request.

This function simply connects to the specified port number on the specified host and returns any data received. bool is a Boolean value indicating success. If bool is true, then the second returned value is the response from the target host. If bool is false, an error message is returned as the second value instead of a response.

This function connects to the specified port number on the specified host, sends data, then waits for and returns the response, if any. bool is a Boolean value indicating success. If bool is true, then the second returned value is the response from the target host. If bool is false, an error message is returned as the second value instead of a response.

This function returns a closure which returns a new username with every call, or nil when the list is exhausted. This closure takes an optional argument of "reset" to rewind the list to the beginning. You can specify your own username list with the script argument userdb.

This function returns a closure which returns a new password with every call, or nil when the list is exhausted. This closure takes an optional argument of "reset" to rewind the list to the beginning. You can specify your own password list with the script argument passdb.

This function returns the suggested number of seconds to attempt a brute force attack, based on Nmap's timing values (-T4, etc) and whether or not a user-defined list is used. You can use the script argument notimelimit to make this function return nil, which means the brute-force should run until the list is empty. If notimelimit is not used, be sure to still check for nil return values on the above two functions in case you finish before the time limit is up.

This function reads and parses Nmap's nmap-protocols file. bool is a Boolean value indicating success. If bool is true, then the second returned value is a table with protocol numbers indexing the protocol names. If bool is false, an error message is returned as the second value instead of the table.

This function reads and parses Nmap's nmap-rpc file. bool is a Boolean value indicating success. If bool is true, then the second returned value is a table with RPC numbers indexing the RPC names. If bool is false, an error message is returned as the second value instead of the table.

This function reads and parses Nmap's nmap-services file. bool is a Boolean value indicating success. If bool is true, then the second returned value is a table containing two other tables: tcp{} and udp{}. tcp{} contains services indexed by TCP port numbers. udp{} is the same, but for UDP. You can pass "tcp" or "udp" as an argument to parse_services() to only get the corresponding table. If bool is false, an error message is returned as the second value instead of the table.

Wrapper function around print_debug_unformatted() in the nmap namespace. The first optional numeric argument, verbosity, is used as the necessary debug level to print the message (it defaults to 1 if omitted). All remaining arguments are processed with Lua's string.format() function, which provides a C-style printf interface.

This function will certainly be appreciated by Perl programmers. It takes two strings as arguments and splits the second one around all occurrences of the first one, returning a list (table), which contains the substrings without the delimiting string.

Inverse function to strsplit(). Basically this is Lua's table.concat() function with the parameters swapped for coherence.

Converts the given number, n, to a string in a binary number format (e.g. 5 becomes "101").

Converts the given number, n, to a string in an octal number format (e.g. 9 becomes "11").

Converts the given number, n, to a string in a hexidecimal number format (e.g. 10 becomes "a").

This function operates on a socket attempting to read data. It separates the data by sep and, for each invocation, returns a piece of the separated data. Typically this is used to iterate over the lines of data received from a socket (sep = "\r?\n"). The returned string does not include the separator. It will return the final data even if it is not followed by the separator. Once an error or EOF is reached, it returns nil, msg. msg is what is returned by nmap.receive_lines().