Problem running NSE vuln scripts

[emilyanncr]

I'm unable to run NSE's vulnerability scripts. I'm using Kali Linux as my primary OS. I've ran an update, upgrade and dist-upgrade so all my packages are current. Thanks.

sudo nmap -sV -Pn -O --script vuln 192.168.1.134
[sudo] password for emily:
Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-04 17:51 MST
NSE: Failed to load /usr/bin/../share/nmap/scripts/http-vuln-cve2017-5638.nse:
/usr/bin/../share/nmap/scripts/http-vuln-cve2017-5638.nse:11: module 'rand' not found:
NSE failed to find nselib/rand.lua in search paths.
no field package.preload['rand']
no file '/usr/local/share/lua/5.3/rand.lua'
no file '/usr/local/share/lua/5.3/rand/init.lua'
no file '/usr/local/lib/lua/5.3/rand.lua'
no file '/usr/local/lib/lua/5.3/rand/init.lua'
no file '/usr/share/lua/5.3/rand.lua'
no file '/usr/share/lua/5.3/rand/init.lua'
no file './rand.lua'
no file './rand/init.lua'
no file '/usr/local/lib/lua/5.3/rand.so'
no file '/usr/lib/x86_64-linux-gnu/lua/5.3/rand.so'
no file '/usr/lib/lua/5.3/rand.so'
no file '/usr/local/lib/lua/5.3/loadall.so'
no file './rand.so'
stack traceback:
[C]: in function 'require'
/usr/bin/../share/nmap/scripts/http-vuln-cve2017-5638.nse:11: in function </usr/bin/../share/nmap/scripts/http-vuln-cve2017-5638.nse:1>
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:619: could not load script
stack traceback:
[C]: in function 'error'
/usr/bin/../share/nmap/nse_main.lua:619: in field 'new'
/usr/bin/../share/nmap/nse_main.lua:796: in global 'Entry'
/usr/bin/../share/nmap/scripts/script.db:272: in local 'db_closure'
/usr/bin/../share/nmap/nse_main.lua:809: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1315: in main chunk
[C]: in ?

[nnposter]

I am guessing that you have commingled nmap components. Maybe the core nmap installation is provided through Kali but you have pulled http-vuln-cve2017-5638.nse from the SVN or GitHub?

On my up-to-date Kali the nmap package is 7.70+dfsg1-6kali1 and that version of the script does not use the rand library. However, the current version of the script does.

If you really need the most current version of the script then you can manually download rand.lua and put it into /usr/share/nmap/nselib.

[emilyanncr]

I'm not quite sure how things got so screwed up with my nmap, I didn't touch it. I did what you suggested--I downloaded rand.lua and put it in /usr/share/nmap/nselib. Working fine now. Thanks so much!!!!!!!!

[nnposter]

Just keep in mind that you have fixed this one dependency. There could be other broken dependecies that you just have not yet run into.

I would generally recommend to keep all files under nselib and scripts of the same vintage and ideally of the same vintage as the nmap binary. If the scripts from the nmap distribution package are too old for your needs then the best (but not completely safe) bet is to refresh all the files under these two directories.

[pubeosp54332]

NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:821: directory '/usr/bin/../share/nmap/scripts/vulscan' found, but will not match without '/'

[nnposter]

@pubeosp54332 Please do not reuse old closed/resolved issues. Your comments will be ignored. If you are running into a problem with Nmap, you should (1) check if there is already an open issue for the same problem and (2) if not, open a new issue and provide all the requested information. This way you have a much better chance of somebody responding.