From 8ba83f3460d9a97318cb5052183e511f81a6a1af Mon Sep 17 00:00:00 2001 From: ron Date: Tue, 9 Jun 2009 17:56:41 +0000 Subject: [PATCH] Cleaned up the output for smb-check-vulns.nse. Messages are no longer displayed by default if a vulnerability (or infection) isn't found. With -v, messages indicating a vulnerability was fixed or malware wasn't found are displayed. With -d, error messages are displayed. --- scripts/smb-check-vulns.nse | 84 +++++++++++++++++++++---------------- 1 file changed, 47 insertions(+), 37 deletions(-) diff --git a/scripts/smb-check-vulns.nse b/scripts/smb-check-vulns.nse index 8d02c1552..90440481f 100644 --- a/scripts/smb-check-vulns.nse +++ b/scripts/smb-check-vulns.nse @@ -144,8 +144,7 @@ function check_ms08_067(host) elseif(string.find(netpathcompare_result, "INVALID_NAME") ~= nil) then return true, PATCHED else -io.write(string.format("\n\n%s\n\n", netpathcompare_result)) - return true, UNKNOWN + return true, UNKNOWN, netpathcompare_result end end @@ -301,33 +300,51 @@ function check_winreg_Enum_crash(host) return true, PATCHED end +---Returns the appropriate text to display, if any. +-- +--@param check The name of the check; for example, 'ms08-067'. +--@param message The message to display, such as 'VULNERABLE' or 'PATCHED'. +--@param description [optional] Extra details about the message. nil for a blank message. +--@param minimum_verbosity The minimum verbosity level required before the message is displayed. +--@param minimum_debug [optional] The minimum debug level required before the message is displayed (default: 0). +--@return A string with a textual representation of the error (or empty string, if it was determined that the message shouldn't be displayed). +local function get_response(check, message, description, minimum_verbosity, minimum_debug) + if(minimum_debug == nil) then + minimum_debug = 0 + end + + -- Check if we have appropriate verbosity/debug + if(nmap.verbosity() >= minimum_verbosity and nmap.debugging() >= minimum_debug) then + if(description == nil or description == '') then + return string.format("%s: %s\n", check, message) + else + return string.format("%s: %s (%s)\n", check, message, description) + end + else + return '' + end +end action = function(host) - local status, result - local response = " \n" - local found = false + local status, result, message + local response = "" -- Check for ms08-067 - status, result = check_ms08_067(host) + status, result, message = check_ms08_067(host) if(status == false) then - if(nmap.debugging() > 0) then - response = response .. "MS08-067: ERROR: " .. result .. "\n" - end + response = response .. get_response("MS08-067", "ERROR", result, 0, 1) else if(result == VULNERABLE) then - response = response .. "MS08-067: VULNERABLE\n" - found = true + response = response .. get_response("MS08-067", "VULNERABLE", nil, 0) elseif(result == UNKNOWN) then - response = response .. "MS08-067: LIKELY VULNERABLE (host stopped responding)\n" + response = response .. get_response("MS08-067", "LIKELY VULNERABLE", "host stopped responding", 1) -- TODO: this isn't very accurate elseif(result == NOTRUN) then - response = response .. "MS08-067: Check disabled (remove 'safe=1' argument to run)\n" + response = response .. get_response("MS08-067", "CHECK DISABLED", "remove 'safe=1' argument to run", 1) elseif(result == INFECTED) then - response = response .. "MS08-067: PATCHED (possibly by Conficker)\n" + response = response .. get_response("MS08-067", "FIXED", "likely by Conficker", 0) else - if(nmap.verbosity() > 0) then - response = response .. "MS08-067: FIXED\n" - end + response = response .. get_response("MS08-067", "FIXED", nil, 1) end end @@ -335,44 +352,37 @@ action = function(host) status, result = check_conficker(host) if(status == false) then local msg = CONFICKER_ERROR_HELP[result] or "UNKNOWN; got error " .. result - response = response .. "Conficker: " .. msg .. "\n" + response = response .. get_response("Conficker", msg, nil, 1) -- Only set verbosity for this, since it might be an error or it might be UNKNOWN else if(result == CLEAN) then - response = response .. "Conficker: Likely CLEAN\n" + response = response .. get_response("Conficker", "Likely CLEAN", nil, 1) elseif(result == INFECTED) then - response = response .. "Conficker: Likely INFECTED\n" - found = true + response = response .. get_response("Conficker", "Likely INFECTED", "by Conficker.C or lower", 0) elseif(result == INFECTED2) then - response = response .. "Conficker: Likely INFECTED (by Conficker.D or higher)\n" - found = true + response = response .. get_response("Conficker", "Likely INFECTED", "by Conficker.D or higher", 0) else - response = response .. "Conficker: Unknown response received (" .. result .. ")" + response = response .. get_response("Conficker", "UNKNOWN", result, 0, 1) end end -- Check for a winreg_Enum crash status, result = check_winreg_Enum_crash(host) if(status == false) then - if(nmap.debugging() > 0) then - response = response .. "regsvc DoS: ERROR: " .. result .. "\n" - end + response = response .. get_response("regsvc DoS", "ERROR", result, 0, 1) else if(result == VULNERABLE) then - response = response .. "regsvc DoS: VULNERABLE\n" - found = true + response = response .. get_response("regsvc DoS", "VULNERABLE", nil, 0) elseif(result == NOTRUN) then - if(nmap.verbosity() > 0) then - response = response .. "regsvc DoS: Check disabled (add --script-args=unsafe=1 to run)\n" - end + response = response .. get_response("regsvc DoS", "CHECK DISABLED", "add '--script-args=unsafe=1' to run", 1) else - if(nmap.verbosity() > 0) then - response = response .. "regsvc DoS: FIXED\n" - end + response = response .. get_response("regsvc DoS", "FIXED", "add '--script-args=unsafe=1' to run", 1) end end - -- Don't show a response if we aren't verbose and we found nothing - if(nmap.verbosity() == 0 and found == false) then + -- If we got a response, add a linefeed + if(response ~= "") then + response = " \n" .. response + else response = nil end