Invalid Escape Sequence in Nmap NSE Lua Script "\."

r3dh4nds Source

I recently had a need for a Drupal fingerprint NSE script for an engagement. Through some research I stumbled upon a promising NSE Lua script to get the job done. Unfortunately, it seems like the author ceased the support for this script and the script was never officially incorporated into the Nmap NSE library. I decided to try and use the script anyways.

Upon attempting to run the script via the Nmap engine, I encountered an "invalid escape sequence" error. Not possessing any Lua programming experience, this error stopped me dead in my tracks. I am hoping someone with Lua experience would be able to help troubleshoot what looks like may be a pretty simple fix to the problem.

The error code is as follows:

[email protected]:~# nmap --script=http-drupal-fingerprint.nse --script-args http-drupal-fingerprint.base-url=/
Starting Nmap 7.70 ( ) at 2018-09-26 12:33 EDT
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:259:        /usr/bin/../share/nmap/scripts/http-drupal-fingerprint.nse:47: invalid escape   sequence near '"Drupal [4-7].'
stack traceback:
[C]: in function 'assert'
/usr/bin/../share/nmap/nse_main.lua:259: in upvalue 'loadscript'
/usr/bin/../share/nmap/nse_main.lua:601: in field 'new'
/usr/bin/../share/nmap/nse_main.lua:828: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1315: in main chunk
[C]: in ?


The script was imported into the NSE library as so:

curl -ksL >> /usr/share/nmap/scripts/http-drupal-fingerprint.nse && chmod 0644 /usr/share/nmap/scripts/http-drupal-fingerprint.nse

I am including the original source of the script from SecLists:

Any help much appreciated! (Sorry if this question is somehow not formatted correctly, first post)



answered 5 days ago r3dh4nds #1

As I suspected it was a simple fix. Removed the invalid escape sequences at:

local expression = "Drupal [4-7]\.[0-9][0-9]?\.?[0-9], "


local expression = "Drupal [4-7].[0-9][0-9]?.?[0-9], "

and got rid of that error.

answered 5 days ago bonsaiviking #2

Drupal detection in Nmap is now done with the http-enum script. You can add --script-args http-enum.category=cms to limit the number of enumeration probes sent to only those which would detect Drupal. You may also be interested in the http-drupal-enum and http-drupal-enum-users scripts, as well as http-form-brute which can brute-force Drupal authentication.

comments powered by Disqus