PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-14 03:39:02 +00:00
Code Issues Projects Releases Wiki Activity

Better break down structured output in smb-os-discovery.

Browse Source 
smb.get_os already returns something that is fairly well structured, so
basically return that. Keep the "os" and "lanmanager" fields separate,
though they are combined as "os (lanmanager)" for normal output. Combine
"time" and "timezone" into a single "date" output.
This commit is contained in:
david
2012-09-08 17:05:39 +00:00
parent d9b73da3a1
commit 4d6f81122c
1 changed files with 44 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
scripts/smb-os-discovery.nse
View File

@@ -52,22 +52,22 @@ will speed up the script on targets that do not allow guest access.
-- | smb-os-discovery: -- | smb-os-discovery:
-- | OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0) -- | OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)
-- | Computer name: Sql2008 -- | Computer name: Sql2008
-- | NetBIOS computer name: SQL2008
-- | Domain name: lab.test.local -- | Domain name: lab.test.local
-- | Forest name: test.local -- | Forest name: test.local
-- | FQDN: Sql2008.lab.test.local -- | FQDN: Sql2008.lab.test.local
-- | NetBIOS computer name: SQL2008
-- | NetBIOS domain name: LAB -- | NetBIOS domain name: LAB
-- |_ System time: 2011-04-20T13:34:06-05:00 -- |_ System time: 2011-04-20T13:34:06-05:00
-- --
--@xmloutput --@xmloutput
-- <elem key="OS">Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)</elem> -- <elem key="os">Windows Server (R) 2008 Standard 6001 Service Pack 1</elem>
-- <elem key="Computer name">Sql2008</elem> -- <elem key="lanmanager">Windows Server (R) 2008 Standard 6.0</elem>
-- <elem key="Domain name">lab.test.local</elem> -- <elem key="domain">LAB</elem>
-- <elem key="Forest name">test.local</elem> -- <elem key="server">SQL2008</elem>
-- <elem key="FQDN">Sql2008.lab.test.local</elem> -- <elem key="date">2011-04-20T13:34:06-05:00</elem>
-- <elem key="NetBIOS computer name">SQL2008</elem> -- <elem key="fqdn">Sql2008.lab.test.local</elem>
-- <elem key="NetBIOS domain name">LAB</elem> -- <elem key="domain_dns">lab.test.local</elem>
-- <elem key="System time">2011-04-20T13:34:06-05:00</elem> -- <elem key="forest_dns">test.local</elem>
author = "Ron Bowes" author = "Ron Bowes"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html" license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
@@ -95,12 +95,10 @@ function get_windows_version(os)
end end
function add_to_output(output_table, label, value, value_if_nil) function add_to_output(output_table, label, value)
if (value == nil and value_if_nil ~= nil) then if value then
value = value_if_nil table.insert(output_table, string.format("%s: %s", label, value))
end end
output_table[label] = value
end end
action = function(host) action = function(host)
@@ -111,45 +109,43 @@ action = function(host)
return stdnse.format_output(false, result) return stdnse.format_output(false, result)
end end
local hostname_dns, is_domain_member, os_string, time_string -- Collect results.
if (result[ "fqdn" ]) then response.os = result.os
-- Pull the first part of the FQDN as the computer name response.lanmanager = result.lanmanager
hostname_dns = string.match( result[ "fqdn" ], "^([^.]+)%.?" ) response.domain = result.domain
response.server = result.server
if (result[ "domain_dns" ]) then if result.time and result.timezone then
-- If the computer name doesn't match the domain name, the target is a domain member response.date = stdnse.format_timestamp(result.time, result.timezone * 60 * 60)
is_domain_member = ( result[ "fqdn" ] ~= result[ "domain_dns" ] )
end
end end
response.fqdn = result.fqdn
response.domain_dns = result.domain_dns
response.forest_dns = result.forest_dns
response.workgroup = result.workgroup
if (result['os'] and result['lanmanager']) then -- Build normal output.
os_string = string.format( "%s (%s)", get_windows_version( result['os'] ), result['lanmanager'] ) local output_lines = {}
end if response.os and response.lanmanager then
if (result['time'] and result['timezone']) then add_to_output(output_lines, "OS", string.format("%s (%s)", get_windows_version(response.os), response.lanmanager))
time_string = stdnse.format_timestamp(result.time, result.timezone * 60 * 60)
end
add_to_output( response, "OS", os_string, "Unknown" )
add_to_output( response, "Computer name", hostname_dns )
if ( is_domain_member ) then
add_to_output( response, "Domain name", result[ "domain_dns" ] )
add_to_output( response, "Forest name", result[ "forest_dns" ] )
add_to_output( response, "FQDN", result[ "fqdn" ] )
end
add_to_output( response, "NetBIOS computer name", result[ "server" ] )
if ( is_domain_member ) then
add_to_output( response, "NetBIOS domain name", result[ "domain" ] )
else else
add_to_output( response, "Workgroup", result[ "workgroup" ], result[ "domain" ] ) add_to_output(output_lines, "OS", "Unknown")
end end
if response.fqdn then
-- Pull the first part of the FQDN as the computer name.
add_to_output(output_lines, "Computer name", string.match(response.fqdn, "^([^.]+)%.?"))
end
add_to_output(output_lines, "NetBIOS computer name", result.server)
if response.fqdn and response.domain_dns and response.fqdn ~= response.domain_dns then
-- If the FQDN doesn't match the domain name, the target is a domain member.
add_to_output(output_lines, "Domain name", response.domain_dns)
add_to_output(output_lines, "Forest name", response.forest_dns)
add_to_output(output_lines, "FQDN", response.fqdn)
add_to_output(output_lines, "NetBIOS domain name", response.domain)
else
add_to_output(output_lines, "Workgroup", response.workgroup or response.domain)
end
add_to_output(output_lines, "System time", response.date or "Unknown")
add_to_output( response, "System time", time_string, "Unknown" ) return response, stdnse.format_output(true, output_lines)
return response
end end