From 4d6f81122c565766e7cdca3d3856079d0e0ee33c Mon Sep 17 00:00:00 2001 From: david Date: Sat, 8 Sep 2012 17:05:39 +0000 Subject: [PATCH] Better break down structured output in smb-os-discovery. smb.get_os already returns something that is fairly well structured, so basically return that. Keep the "os" and "lanmanager" fields separate, though they are combined as "os (lanmanager)" for normal output. Combine "time" and "timezone" into a single "date" output. --- scripts/smb-os-discovery.nse | 92 +++++++++++++++++------------------- 1 file changed, 44 insertions(+), 48 deletions(-) diff --git a/scripts/smb-os-discovery.nse b/scripts/smb-os-discovery.nse index 11be42802..cf784c77d 100644 --- a/scripts/smb-os-discovery.nse +++ b/scripts/smb-os-discovery.nse @@ -52,22 +52,22 @@ will speed up the script on targets that do not allow guest access. -- | smb-os-discovery: -- | OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0) -- | Computer name: Sql2008 +-- | NetBIOS computer name: SQL2008 -- | Domain name: lab.test.local -- | Forest name: test.local -- | FQDN: Sql2008.lab.test.local --- | NetBIOS computer name: SQL2008 -- | NetBIOS domain name: LAB -- |_ System time: 2011-04-20T13:34:06-05:00 -- --@xmloutput --- Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0) --- Sql2008 --- lab.test.local --- test.local --- Sql2008.lab.test.local --- SQL2008 --- LAB --- 2011-04-20T13:34:06-05:00 +-- Windows Server (R) 2008 Standard 6001 Service Pack 1 +-- Windows Server (R) 2008 Standard 6.0 +-- LAB +-- SQL2008 +-- 2011-04-20T13:34:06-05:00 +-- Sql2008.lab.test.local +-- lab.test.local +-- test.local author = "Ron Bowes" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" @@ -95,12 +95,10 @@ function get_windows_version(os) end -function add_to_output(output_table, label, value, value_if_nil) - if (value == nil and value_if_nil ~= nil) then - value = value_if_nil +function add_to_output(output_table, label, value) + if value then + table.insert(output_table, string.format("%s: %s", label, value)) end - - output_table[label] = value end action = function(host) @@ -111,45 +109,43 @@ action = function(host) return stdnse.format_output(false, result) end - local hostname_dns, is_domain_member, os_string, time_string - if (result[ "fqdn" ]) then - -- Pull the first part of the FQDN as the computer name - hostname_dns = string.match( result[ "fqdn" ], "^([^.]+)%.?" ) - - if (result[ "domain_dns" ]) then - -- If the computer name doesn't match the domain name, the target is a domain member - is_domain_member = ( result[ "fqdn" ] ~= result[ "domain_dns" ] ) - end + -- Collect results. + response.os = result.os + response.lanmanager = result.lanmanager + response.domain = result.domain + response.server = result.server + if result.time and result.timezone then + response.date = stdnse.format_timestamp(result.time, result.timezone * 60 * 60) end + response.fqdn = result.fqdn + response.domain_dns = result.domain_dns + response.forest_dns = result.forest_dns + response.workgroup = result.workgroup - if (result['os'] and result['lanmanager']) then - os_string = string.format( "%s (%s)", get_windows_version( result['os'] ), result['lanmanager'] ) - end - if (result['time'] and result['timezone']) then - time_string = stdnse.format_timestamp(result.time, result.timezone * 60 * 60) - end - - - add_to_output( response, "OS", os_string, "Unknown" ) - add_to_output( response, "Computer name", hostname_dns ) - - if ( is_domain_member ) then - add_to_output( response, "Domain name", result[ "domain_dns" ] ) - add_to_output( response, "Forest name", result[ "forest_dns" ] ) - add_to_output( response, "FQDN", result[ "fqdn" ] ) - end - - add_to_output( response, "NetBIOS computer name", result[ "server" ] ) - - if ( is_domain_member ) then - add_to_output( response, "NetBIOS domain name", result[ "domain" ] ) + -- Build normal output. + local output_lines = {} + if response.os and response.lanmanager then + add_to_output(output_lines, "OS", string.format("%s (%s)", get_windows_version(response.os), response.lanmanager)) else - add_to_output( response, "Workgroup", result[ "workgroup" ], result[ "domain" ] ) + add_to_output(output_lines, "OS", "Unknown") end - - add_to_output( response, "System time", time_string, "Unknown" ) + if response.fqdn then + -- Pull the first part of the FQDN as the computer name. + add_to_output(output_lines, "Computer name", string.match(response.fqdn, "^([^.]+)%.?")) + end + add_to_output(output_lines, "NetBIOS computer name", result.server) + if response.fqdn and response.domain_dns and response.fqdn ~= response.domain_dns then + -- If the FQDN doesn't match the domain name, the target is a domain member. + add_to_output(output_lines, "Domain name", response.domain_dns) + add_to_output(output_lines, "Forest name", response.forest_dns) + add_to_output(output_lines, "FQDN", response.fqdn) + add_to_output(output_lines, "NetBIOS domain name", response.domain) + else + add_to_output(output_lines, "Workgroup", response.workgroup or response.domain) + end + add_to_output(output_lines, "System time", response.date or "Unknown") - return response + return response, stdnse.format_output(true, output_lines) end