diff --git a/scripts/snmp-win32-services.nse b/scripts/snmp-win32-services.nse
index 5b162bec6..92ed9cf92 100644
--- a/scripts/snmp-win32-services.nse
+++ b/scripts/snmp-win32-services.nse
@@ -26,6 +26,20 @@ Attempts to enumerate Windows services through SNMP.
-- | DB2 Remote Command Server (DB2COPY1)
-- | DB2DAS - DB2DAS00
-- |_ DCOM Server Process Launcher
+-- @xmloutput
+-- Apache Tomcat
+-- Application Experience Lookup Service
+-- Application Layer Gateway Service
+-- Automatic Updates
+-- COM+ Event System
+-- COM+ System Application
+-- Computer Browser
+-- Cryptographic Services
+-- DB2 - DB2COPY1 - DB2
+-- DB2 Management Service (DB2COPY1)
+-- DB2 Remote Command Server (DB2COPY1)
+-- DB2DAS - DB2DAS00
+-- DCOM Server Process Launcher
author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
@@ -44,8 +58,8 @@ portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})
--- Processes the table and creates the script output
--
-- @param tbl table containing oid and value
--- @return table suitable for stdnse.format_output
-function process_answer( tbl )
+-- @return table containing just the values
+local function process_answer( tbl )
local new_tab = {}
@@ -81,6 +95,6 @@ action = function(host, port)
services = process_answer(services)
nmap.set_port_state(host, port, "open")
- return stdnse.format_output( true, services )
+ return services
end
diff --git a/scripts/snmp-win32-shares.nse b/scripts/snmp-win32-shares.nse
index b1a4b9ac4..c3a26a5de 100644
--- a/scripts/snmp-win32-shares.nse
+++ b/scripts/snmp-win32-shares.nse
@@ -13,12 +13,14 @@ Attempts to enumerate Windows Shares through SNMP.
-- nmap -sU -p 161 --script=snmp-win32-shares
-- @output
-- | snmp-win32-shares:
--- | SYSVOL
--- | C:\WINDOWS\sysvol\sysvol
--- | NETLOGON
--- | C:\WINDOWS\sysvol\sysvol\inspectit-labb.local\SCRIPTS
--- | Webapps
--- |_ C:\Program Files\Apache Software Foundation\Tomcat 5.5\webapps\ROOT
+-- | SYSVOL: C:\WINDOWS\sysvol\sysvol
+-- | NETLOGON: C:\WINDOWS\sysvol\sysvol\inspectit-labb.local\SCRIPTS
+-- |_ Webapps: C:\Program Files\Apache Software Foundation\Tomcat 5.5\webapps\ROOT
+--
+-- @xmloutput
+-- C:\WINDOWS\sysvol\sysvol
+-- C:\WINDOWS\sysvol\sysvol\inspectit-labb.local\SCRIPTS
+-- C:\Program Files\Apache Software Foundation\Tomcat 5.5\webapps\ROOT
author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
@@ -38,7 +40,7 @@ portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})
-- @param tbl table containing oid and value
-- @param oid string containing the object id for which the value should be extracted
-- @return value of relevant type or nil if oid was not found
-function get_value_from_table( tbl, oid )
+local function get_value_from_table( tbl, oid )
for _, v in ipairs( tbl ) do
if v.oid == oid then
@@ -52,23 +54,20 @@ end
--- Processes the table and creates the script output
--
-- @param tbl table containing oid and value
--- @return table suitable for stdnse.format_output
-function process_answer( tbl )
+-- @return an output table with (sharename, path) pairs
+local function process_answer( tbl )
local share_name = "1.3.6.1.4.1.77.1.2.27.1.1"
local share_path = "1.3.6.1.4.1.77.1.2.27.1.2"
- local new_tbl = {}
+ local new_tbl = stdnse.output_table()
for _, v in ipairs( tbl ) do
if ( v.oid:match("^" .. share_name) ) then
- local item = {}
local objid = v.oid:gsub( "^" .. share_name, share_path)
local path = get_value_from_table( tbl, objid )
- item.name = v.value
- table.insert( item, path )
- table.insert( new_tbl, item )
+ new_tbl[v.value] = path
end
end
@@ -94,13 +93,13 @@ action = function(host, port)
socket:close()
if (not(status)) or ( shares == nil ) or ( #shares == 0 ) then
- return shares
+ return
end
shares = process_answer( shares )
nmap.set_port_state(host, port, "open")
- return stdnse.format_output( true, shares )
+ return shares
end
diff --git a/scripts/snmp-win32-software.nse b/scripts/snmp-win32-software.nse
index 5b1f3addf..f3833e1d8 100644
--- a/scripts/snmp-win32-software.nse
+++ b/scripts/snmp-win32-software.nse
@@ -14,13 +14,43 @@ Attempts to enumerate installed software through SNMP.
-- nmap -sU -p 161 --script=snmp-win32-software
-- @output
-- | snmp-win32-software:
--- | Apache Tomcat 5.5 (remove only); 2007-09-15 15:13:18
--- | Microsoft Internationalized Domain Names Mitigation APIs; 2007-09-15 15:13:18
--- | Security Update for Windows Media Player (KB911564); 2007-09-15 15:13:18
--- | Security Update for Windows Server 2003 (KB924667-v2); 2007-09-15 15:13:18
--- | Security Update for Windows Media Player 6.4 (KB925398); 2007-09-15 15:13:18
--- | Security Update for Windows Server 2003 (KB925902); 2007-09-15 15:13:18
--- |_ Windows Internet Explorer 7; 2007-09-15 15:13:18
+-- | Apache Tomcat 5.5 (remove only); 2007-09-15T15:13:18
+-- | Microsoft Internationalized Domain Names Mitigation APIs; 2007-09-15T15:13:18
+-- | Security Update for Windows Media Player (KB911564); 2007-09-15T15:13:18
+-- | Security Update for Windows Server 2003 (KB924667-v2); 2007-09-15T15:13:18
+-- | Security Update for Windows Media Player 6.4 (KB925398); 2007-09-15T15:13:18
+-- | Security Update for Windows Server 2003 (KB925902); 2007-09-15T15:13:18
+-- |_ Windows Internet Explorer 7; 2007-09-15T15:13:18
+--
+-- @xmloutput
+--
+-- Apache Tomcat 5.5 (remove only)
+-- 2007-09-15T15:13:18
+--
+--
+-- Microsoft Internationalized Domain Names Mitigation APIs
+-- 2007-09-15T15:13:18
+--
+--
+-- Security Update for Windows Media Player (KB911564)
+-- 2007-09-15T15:13:18
+--
+--
+-- Security Update for Windows Server 2003 (KB924667-v2)
+-- 2007-09-15T15:13:18
+--
+--
+-- Security Update for Windows Media Player 6.4 (KB925398)
+-- 2007-09-15T15:13:18
+--
+--
+-- Security Update for Windows Server 2003 (KB925902)
+-- 2007-09-15T15:13:18
+--
+--
+-- Windows Internet Explorer 7
+-- 2007-09-15T15:13:18
+--
author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
@@ -40,7 +70,7 @@ portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})
-- @param tbl table containing oid and value
-- @param oid string containing the object id for which the value should be extracted
-- @return value of relevant type or nil if oid was not found
-function get_value_from_table( tbl, oid )
+local function get_value_from_table( tbl, oid )
for _, v in ipairs( tbl ) do
if v.oid == oid then
@@ -51,33 +81,58 @@ function get_value_from_table( tbl, oid )
return nil
end
+local date_xlate = {
+ year = 2,
+ month = 3,
+ day = 4,
+ hour = 5,
+ min = 6,
+ sec = 7
+}
+
+-- translate date parts to positional indices for stdnse.format_timestamp
+local date_metatab = {
+ __index = function (t, k)
+ return t[date_xlate[k]]
+ end
+}
+
+local sw_metatab = {
+ __tostring = function (t)
+ return ("%s; %s"):format(t.name , t.install_date)
+ end
+}
+
--- Processes the table and creates the script output
--
-- @param tbl table containing oid and value
-- @return table suitable for stdnse.format_output
-function process_answer( tbl )
+local function process_answer( tbl )
- local sw_name = "1.3.6.1.2.1.25.6.3.1.2"
+ local sw_name = "^1.3.6.1.2.1.25.6.3.1.2"
local sw_date = "1.3.6.1.2.1.25.6.3.1.5"
local new_tbl = {}
for _, v in ipairs( tbl ) do
- if ( v.oid:match("^" .. sw_name) ) then
- local objid = v.oid:gsub( "^" .. sw_name, sw_date)
+ if ( v.oid:match(sw_name) ) then
+ local objid = v.oid:gsub(sw_name, sw_date)
local install_date = get_value_from_table( tbl, objid )
- local sw_item
+ local install_date_tab = { bin.unpack( ">SCCCCC", install_date ) }
+ setmetatable(install_date_tab, date_metatab)
- local _, year, month, day, hour, min, sec = bin.unpack( ">SCCCCC", install_date )
- install_date = ("%02d-%02d-%02d %02d:%02d:%02d"):format( year, month, day, hour, min, sec )
+ local sw_item = {
+ ["name"] = v.value,
+ ["install_date"] = stdnse.format_timestamp(install_date_tab)
+ }
- sw_item = ("%s; %s"):format(v.value ,install_date)
+ setmetatable(sw_item, sw_metatab)
table.insert( new_tbl, sw_item )
end
end
- table.sort( new_tbl )
+ table.sort( new_tbl, function(a, b) return a.name < b.name end )
return new_tbl
end
@@ -106,6 +161,6 @@ action = function(host, port)
nmap.set_port_state(host, port, "open")
- return stdnse.format_output( true, sw )
+ return sw
end
diff --git a/scripts/snmp-win32-users.nse b/scripts/snmp-win32-users.nse
index ebe9350f8..2aac2bc0a 100644
--- a/scripts/snmp-win32-users.nse
+++ b/scripts/snmp-win32-users.nse
@@ -22,6 +22,16 @@ Attempts to enumerate Windows user accounts through SNMP
-- | db2admin
-- | ldaptest
-- |_ patrik
+-- @xmloutput
+-- Administrator
+-- Guest
+-- IUSR_EDUSRV011
+-- IWAM_EDUSRV011
+-- SUPPORT_388945a0
+-- Tomcat
+-- db2admin
+-- ldaptest
+-- patrik
author = "Patrik Karlsson"
@@ -40,8 +50,8 @@ portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"})
--- Processes the table and creates the script output
--
-- @param tbl table containing oid and value
--- @return table suitable for stdnse.format_output
-function process_answer( tbl )
+-- @return table with just the values
+local function process_answer( tbl )
local new_tab = {}
@@ -82,6 +92,6 @@ action = function(host, port)
nmap.set_port_state(host, port, "open")
- return stdnse.format_output( true, users )
+ return users
end