o Improved the mysql library to handle multiple columns with the same name,

added a formatResultset function to format a query response to a table
  suitable for script output. [Patrik Karlsson]

scripts/mysql-audit.nse

@@ -86,7 +86,7 @@ require 'shortport'
 require 'mysql'
 
 portrule = shortport.port_or_service(3306, "mysql")
-local TEMPLATE_NAME = ""
+local TEMPLATE_NAME, ADMIN_ACCOUNTS = "", ""
 
 local function loadAuditRulebase( filename )
 
@@ -103,6 +103,7 @@ local function loadAuditRulebase( filename )
 	
 	file()
 	TEMPLATE_NAME = getfenv(file)["TEMPLATE_NAME"]
+	ADMIN_ACCOUNTS = getfenv(file)["ADMIN_ACCOUNTS"]
 	return true, rules
 end
 
@@ -121,7 +122,7 @@ action = function( host, port )
 	end
 
 	local status, tests = loadAuditRulebase( filename )
-	if( not(status) ) then return rules end
+	if( not(status) ) then return tests end
 
 	local socket = nmap.new_socket()
 	status = socket:connect(host, port)
@@ -166,7 +167,10 @@ action = function( host, port )
 	socket:close()
 	results.name = TEMPLATE_NAME
 
-	table.insert(results, {"", ("The audit was performed using the db-account: %s"):format(username)})
+	table.insert(results, "")
+	table.insert(results, {name = "Additional information", ("The audit was performed using the db-account: %s"):format(username),
+		("The following admin accounts were excluded from the audit: %s"):format(stdnse.strjoin(",", ADMIN_ACCOUNTS))
+	})
 
 	return stdnse.format_output(true, { results })
 end

scripts/mysql-databases.nse

@@ -78,13 +78,10 @@ action = function( host, port )
 		status, response = mysql.loginRequest( socket, { authversion = "post41", charset = response.charset }, username, password, response.salt )
 
 		if status and response.errorcode == 0 then
-			status, rows = mysql.sqlQuery( socket, "show databases" )
+			local status, rs = mysql.sqlQuery( socket, "show databases" )
 			if status then
-				for i=1, #rows do
-					-- cheap way of avoiding duplicates
-					dbs[rows[i]['Database']] = rows[i]['Database']
-				end
-				
+				result = mysql.formatResultset(rs, { noheaders = true })
+
 				-- if we got here as root, we've got them all
 				-- if we're here as someone else, we cant be sure
 				if username == 'root' then	
@@ -94,11 +91,5 @@ action = function( host, port )
 		end
 		socket:close()
 	end
-
-	for _, v in pairs( dbs ) do
-		table.insert(result, v)
-	end
-
 	return stdnse.format_output(true, result)	
-
 end

scripts/mysql-users.nse

@@ -81,12 +81,9 @@ action = function( host, port )
 		status, response = mysql.loginRequest( socket, { authversion = "post41", charset = response.charset }, username, password, response.salt )
 	
 		if status and response.errorcode == 0 then
-			status, rows = mysql.sqlQuery( socket, "SELECT DISTINCT user FROM mysql.user" )
+			status, rs = mysql.sqlQuery( socket, "SELECT DISTINCT user FROM mysql.user" )
 			if status then
-				for i=1, #rows do
-					table.insert(result, rows[i]['user'])
-				end		
-				break
+				result = mysql.formatResultset(rs, { noheaders = true })
 			end
 		end
 		socket:close()

scripts/mysql-variables.nse

@@ -89,10 +89,10 @@ action = function( host, port )
 		status, response = mysql.loginRequest( socket, { authversion = "post41", charset = response.charset }, username, password, response.salt ) 
 	
 		if status and response.errorcode == 0 then
-			status, rows = mysql.sqlQuery( socket, "show variables" )
+			local status, rs = mysql.sqlQuery( socket, "show variables" )
 			if status then
-				for i=1, #rows do
-					table.insert(result, string.format("%s: %s" , rows[i]['Variable_name'], rows[i]['Value']) )
+				for _, row in ipairs(rs.rows) do
+					table.insert(result, ("%s: %s"):format(row[1], row[2]) )
 				end
 			end
 		end