Structured script output.

Scripts may now return a key–value table, or such a table in addition to a string. The table will be automatically formatted for normal output and will appear as a hierarchy of elements in XML output. Some history and discussion of this development can be found at https://secwiki.org/w/Nmap/Structured_Script_Output. This is a merge of r29484:29569 from /nmap-exp/david/xml-output.
2026-01-04 05:39:01 +00:00 · 2012-08-14 16:36:25 +00:00
parent 16aa7a938d
commit 0c3e0fcc4d
16 changed files with 680 additions and 99 deletions
--- a/scripts/http-date.nse
+++ b/scripts/http-date.nse
@@ -13,9 +13,13 @@ sent, so the difference includes at least the duration of one RTT.
 ---
 -- @output
 -- 80/tcp open  http
-- |_ http-date: Thu, 23 Jul 2009 23:15:57 GMT; -6s from local time.
+-- |_http-date: Thu, 02 Aug 2012 22:11:03 GMT; 0s from local time.
 -- 80/tcp open  http
-- |_ http-date: Wed, 17 Jan 2007 09:29:10 GMT; -2y187d13h46m53s from local time.
+-- |_http-date: Thu, 02 Aug 2012 22:07:12 GMT; -3m51s from local time.
+--
+-- @xmloutput
+-- <elem key="date">2012-08-02T23:07:12Z</elem>
+-- <elem key="delta">-231</elem>

 author = "David Fifield"

@@ -39,9 +43,13 @@ action = function(host, port)
 		return
 	end

-	-- Should account for estimated RTT too.
-	local diff = stdnse.format_difftime(response_date, request_date)
+	local output_tab = stdnse.output_table()
+	-- ISO 8601 date and time.
+	output_tab.date = os.date("%Y-%m-%dT%H:%M:%SZ", os.time(response_date))
+	output_tab.delta = os.difftime(os.time(response_date), os.time(request_date))

-	return string.format("%s; %s from local time.",
-		response.header["date"], diff)
+	local output_str = string.format("%s; %s from local time.",
+		response.header["date"], stdnse.format_difftime(response_date, request_date))
+
+	return output_tab, output_str
 end
--- a/scripts/http-title.nse
+++ b/scripts/http-title.nse
@@ -22,6 +22,12 @@ original target.
 -- PORT   STATE SERVICE
 -- 80/tcp open  http
 -- |_http-title: Go ahead and ScanMe!
+--
+-- @xmloutput
+-- <elem key="title">Go ahead and ScanMe!</elem>
+-- @xmloutput
+-- <elem key="title">Wikipedia, the free encyclopedia</elem>
+-- <elem key="redirect_url">http://en.wikipedia.org/wiki/Main_Page</elem>

 author = "Diman Todorov"

@@ -41,7 +47,7 @@ action = function(host, port)
  if resp.location then
    redirect_url = resp.location[#resp.location]
    if resp.status and tostring( resp.status ):match( "30%d" ) then
-      return ("Did not follow redirect to %s"):format( redirect_url )
+      return {redirect_url = redirect_url}, ("Did not follow redirect to %s"):format( redirect_url )
    end
  end

@@ -64,10 +70,14 @@ action = function(host, port)
    end
  end

+  local output_tab = stdnse.output_table()
+  output_tab.title = title
+  output_tab.redirect_url = redirect_url
+
  local output_str = display_title
  if redirect_url then
    output_str = output_str .. "\n" .. ("Requested resource was %s"):format( redirect_url )
  end

-  return output_str
+  return output_tab, output_str
 end
--- a/scripts/ssl-cert.nse
+++ b/scripts/ssl-cert.nse
@@ -13,24 +13,26 @@ organizationName, stateOrProvinceName, and countryName of the subject.

 <code>
 443/tcp open  https
-|  ssl-cert: Subject: commonName=www.paypal.com/organizationName=PayPal, Inc.\
+| ssl-cert: Subject: commonName=www.paypal.com/organizationName=PayPal, Inc.\
 /stateOrProvinceName=California/countryName=US
-|  Not valid before: 2009-05-28 00:00:00
-|_ Not valid after:  2010-05-01 23:59:59
+| Not valid before: 2011-03-23 00:00:00
+|_Not valid after:  2013-04-01 23:59:59
 </code>

 With <code>-v</code> it adds the issuer name and fingerprints.

 <code>
 443/tcp open  https
-|  ssl-cert: Subject: commonName=www.paypal.com/organizationName=PayPal, Inc.\
+| ssl-cert: Subject: commonName=www.paypal.com/organizationName=PayPal, Inc.\
 /stateOrProvinceName=California/countryName=US
-|  Issuer: commonName=VeriSign Class 3 Extended Validation SSL CA\
+| Issuer: commonName=VeriSign Class 3 Extended Validation SSL CA\
 /organizationName=VeriSign, Inc./countryName=US
-|  Not valid before: 2009-05-28 00:00:00
-|  Not valid after:  2010-05-01 23:59:59
-|  MD5:   c5b8 7ddd ccc7 537f 8861 b476 078d e8fd
-|_ SHA-1: dc5a cb8b 9eb9 b5de 7117 c536 8c15 0e75 ba88 702e
+| Public Key type: rsa
+| Public Key bits: 2048
+| Not valid before: 2011-03-23 00:00:00
+| Not valid after:  2013-04-01 23:59:59
+| MD5:   bf47 ceca d861 efa7 7d14 88ad 4a73 cb5b
+|_SHA-1: d846 5221 467a 0d15 3df0 9f2e af6d 4390 0213 9a68
 </code>

 With <code>-vv</code> it adds the PEM-encoded contents of the entire
@@ -38,32 +40,73 @@ certificate.

 <code>
 443/tcp open  https
-|  ssl-cert: Subject: commonName=www.paypal.com/organizationName=PayPal, Inc.\
-/stateOrProvinceName=California/countryName=US/serialNumber=3014267\
-/1.3.6.1.4.1.311.60.2.1.3=US/streetAddress=2211 N 1st St\
-/1.3.6.1.4.1.311.60.2.1.2=Delaware/postalCode=95131-2021\
-/localityName=San Jose/organizationalUnitName=Information Systems\
-/2.5.4.15=V1.0, Clause 5.(b)
-|  Issuer: commonName=VeriSign Class 3 Extended Validation SSL CA\
+| ssl-cert: Subject: commonName=www.paypal.com/organizationName=PayPal, Inc.\
+/stateOrProvinceName=California/countryName=US/1.3.6.1.4.1.311.60.2.1.2=Delaware\
+/postalCode=95131-2021/localityName=San Jose/serialNumber=3014267\
+/streetAddress=2211 N 1st St/1.3.6.1.4.1.311.60.2.1.3=US\
+/organizationalUnitName=PayPal Production/businessCategory=Private Organization
+| Issuer: commonName=VeriSign Class 3 Extended Validation SSL CA\
 /organizationName=VeriSign, Inc./countryName=US\
 /organizationalUnitName=Terms of use at https://www.verisign.com/rpa (c)06
-|  Not valid before: 2009-05-28 00:00:00
-|  Not valid after:  2010-05-01 23:59:59
-|  MD5:   c5b8 7ddd ccc7 537f 8861 b476 078d e8fd
-|  SHA-1: dc5a cb8b 9eb9 b5de 7117 c536 8c15 0e75 ba88 702e
-|  -----BEGIN CERTIFICATE-----
-|  MIIFxzCCBK+gAwIBAgIQX02QuADDB7CVjZdooVge+zANBgkqhkiG9w0BAQUFADCB
+| Public Key type: rsa
+| Public Key bits: 2048
+| Not valid before: 2011-03-23 00:00:00
+| Not valid after:  2013-04-01 23:59:59
+| MD5:   bf47 ceca d861 efa7 7d14 88ad 4a73 cb5b
+| SHA-1: d846 5221 467a 0d15 3df0 9f2e af6d 4390 0213 9a68
+| -----BEGIN CERTIFICATE-----
+| MIIGSzCCBTOgAwIBAgIQLjOHT2/i1B7T//819qTJGDANBgkqhkiG9w0BAQUFADCB
 ...
+| 9YDR12XLZeQjO1uiunCsJkDIf9/5Mqpu57pw8v1QNA==
+|_-----END CERTIFICATE-----
 </code>
 ]]

 ---
 -- @output
 -- 443/tcp open  https
-- |  ssl-cert: Subject: commonName=www.paypal.com/organizationName=PayPal, Inc.\
+-- | ssl-cert: Subject: commonName=www.paypal.com/organizationName=PayPal, Inc.\
 -- /stateOrProvinceName=California/countryName=US
-- |  Not valid before: 2009-05-28 00:00:00
-- |_ Not valid after:  2010-05-01 23:59:59
+-- | Not valid before: 2011-03-23 00:00:00
+-- |_Not valid after:  2013-04-01 23:59:59
+--
+-- @xmloutput
+-- <table key="subject">
+--   <elem key="1.3.6.1.4.1.311.60.2.1.2">Delaware</elem>
+--   <elem key="1.3.6.1.4.1.311.60.2.1.3">US</elem>
+--   <elem key="postalCode">95131-2021</elem>
+--   <elem key="localityName">San Jose</elem>
+--   <elem key="serialNumber">3014267</elem>
+--   <elem key="countryName">US</elem>
+--   <elem key="stateOrProvinceName">California</elem>
+--   <elem key="streetAddress">2211 N 1st St</elem>
+--   <elem key="organizationalUnitName">PayPal Production</elem>
+--   <elem key="commonName">www.paypal.com</elem>
+--   <elem key="organizationName">PayPal, Inc.</elem>
+--   <elem key="businessCategory">Private Organization</elem>
+-- </table>
+-- <table key="issuer">
+--   <elem key="organizationalUnitName">Terms of use at https://www.verisign.com/rpa (c)06</elem>
+--   <elem key="organizationName">VeriSign, Inc.</elem>
+--   <elem key="commonName">VeriSign Class 3 Extended Validation SSL CA</elem>
+--   <elem key="countryName">US</elem>
+-- </table>
+-- <table key="pubkey">
+--   <elem key="type">rsa</elem>
+--   <elem key="bits">2048</elem>
+-- </table>
+-- <table key="validity">
+--   <elem key="notBefore">2011-03-23T00:00:00Z</elem>
+--   <elem key="notAfter">2013-04-01T23:59:59Z</elem>
+-- </table>
+-- <elem key="md5">bf47cecad861efa77d1488ad4a73cb5b</elem>
+-- <elem key="sha1">d8465221467a0d153df09f2eaf6d439002139a68</elem>
+-- <elem key="pem">-----BEGIN CERTIFICATE-----
+-- MIIGSzCCBTOgAwIBAgIQLjOHT2/i1B7T//819qTJGDANBgkqhkiG9w0BAQUFADCB
+-- ...
+-- 9YDR12XLZeQjO1uiunCsJkDIf9/5Mqpu57pw8v1QNA==
+-- -----END CERTIFICATE-----
+-- </elem>

 author = "David Fifield"

@@ -129,7 +172,37 @@ function stringify_name(name)
    return stdnse.strjoin("/", fields)
 end

-local function parseCertificate(cert)
+local function name_to_table(name)
+  local output = {}
+  for k, v in pairs(name) do
+    if type(k) == "table" then
+      k = stdnse.strjoin(".", k)
+    end
+    output[k] = v
+  end
+  return output
+end
+
+local function format_time(t)
+    return os.date("%Y-%m-%dT%H:%M:%SZ", os.time(t))
+end
+
+local function output_tab(cert)
+    local o = stdnse.output_table()
+    o.subject = name_to_table(cert.subject)
+    o.issuer = name_to_table(cert.issuer)
+    o.pubkey = cert.pubkey
+    o.validity = {}
+    for k, v in pairs(cert.validity) do
+      o.validity[k] = format_time(v)
+    end
+    o.md5 = stdnse.tohex(cert:digest("md5"))
+    o.sha1 = stdnse.tohex(cert:digest("sha1"))
+    o.pem = cert.pem
+    return o
+end
+
+local function output_str(cert)
 	local lines = {}

 	lines[#lines + 1] = "Subject: " .. stringify_name(cert.subject)
@@ -156,7 +229,7 @@ local function parseCertificate(cert)
    if nmap.verbosity() > 1 then
        lines[#lines + 1] = cert.pem
    end
-	return lines
+	return stdnse.strjoin("\n", lines)
 end

 action = function(host, port)
@@ -164,10 +237,8 @@ action = function(host, port)
 	if ( not(status) ) then
 		return
 	end
-	
-	local lines = parseCertificate(cert)

-    return stdnse.strjoin("\n", lines)
+    return output_tab(cert), output_str(cert)
 end