From 3ac81b4804480cee1dab8eef3f3bbc9a5f6c7ab5 Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 23 Feb 2017 03:30:48 +0000
Subject: [PATCH] Fixes false positives in RFC1918 IP address detection

---
 scripts/http-webdav-scan.nse | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/scripts/http-webdav-scan.nse b/scripts/http-webdav-scan.nse
index 429f2534d..a2483e1ac 100644
--- a/scripts/http-webdav-scan.nse
+++ b/scripts/http-webdav-scan.nse
@@ -104,14 +104,11 @@ end
 
 -- a function to extract internal ip addresses from PROPFIND response.
 local function getIPs(body)
-  local ip_pat1 = '192%.168%.%d+%.%d+'
-  local ip_pat2 = '10%.%d+%.%d+%.%d+'
-  local ip_pat3 = '172%.%d+%.%d+%.%d+'
-  local ip_pats = {
-    ip_pat1,
-    ip_pat2,
-    ip_pat3,
-  }
+  local ip_pats = {'%f[%d]192%.168%.%d+%.%d+',
+                   '%f[%d]10%.%d+%.%d+%.%d+',
+                   '%f[%d]172%.1[6-9]%.%d+%.%d+',
+                   '%f[%d]172%.2%d%.%d+%.%d+',
+                   '%f[%d]172%.3[01]%.%d+%.%d+'}
   local result = {}
   for _, ip_pat in pairs(ip_pats) do
     for ip in body:gmatch(ip_pat) do