diff --git a/CHANGELOG b/CHANGELOG
index 9b3fbcb8e..24e30daeb 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
# Nmap Changelog ($Id$); -*-text-*-
+o [NSE] New script argument "vulns.short" will reduce vulns library script
+ output to a single line containing the target name or IP, the vulnerability
+ state, and the CVE ID or title of the vulnerability. [Daniel Miller]
+
o [NSE][GH#862] SNMP scripts will now take a community string provided like
`--script-args creds.snmp=private`, which previously did not work because it
was interpreted as a username. [Daniel Miller]
diff --git a/nselib/vulns.lua b/nselib/vulns.lua
index 0fc74de52..26743e0f2 100644
--- a/nselib/vulns.lua
+++ b/nselib/vulns.lua
@@ -156,6 +156,18 @@
-- action = function(...) return tactions[SCRIPT_TYPE](...) end
--
--
+--
+-- Library debug messages:
+--
+-- * Level 2: show the NOT VULNERABLE entries.
+-- * Level 3: show all the vulnerabilities that are saved into the registry.
+-- * Level 5: show all the other debug messages (useful for debugging).
+--
+-- Note: Vulnerability tables are always re-constructed before they are
+-- saved in the registry. We do this to avoid using vulnerability tables
+-- that are referenced by other objects to let the Lua garbage-collector
+-- collect these last objects.
+--
-- @args vulns.showall If set, the library will show and report all the
-- registered vulnerabilities which includes the
-- NOT VULNERABLE ones. By default the library will only
@@ -167,16 +179,9 @@
-- portule/hostrule scripts.
-- vulns.make_output(): the default output function for postrule scripts.
-- vulns.format_vuln() and vulns.format_vuln_table() functions.
---
--- Library debug messages:
--- Level 2: show the NOT VULNERABLE entries.
--- Level 3: show all the vulnerabilities that are saved into the registry.
--- Level 5: show all the other debug messages (useful for debugging).
---
--- Note: Vulnerability tables are always re-constructed before they are
--- saved in the registry. We do this to avoid using vulnerability tables
--- that are referenced by other objects to let the Lua garbage-collector
--- collect these last objects.
+-- @args vulns.short If set, vulnerabilities will be output in short format, a
+-- single line consisting of the host's target name or IP, the state, and
+-- either the CVE ID or the title of the vulnerability. Does not affect XML output.
--
-- @author Djalal Harouni
-- @author Henri Doreau
@@ -375,6 +380,8 @@ local SHOW_ALL = stdnse.get_script_args('vulns.showall') or
stdnse.get_script_args('vulns.show-all') or
stdnse.get_script_args('vuln.show-all')
+local SHORT_OUTPUT = stdnse.get_script_args('vulns.short')
+
-- The different states of the vulnerability
STATE = {
LIKELY_VULN = 0x01,
@@ -1810,6 +1817,13 @@ local format_vuln_base = function(vuln_table, showall)
or "", STATE_MSG[vuln_table.state])
return nil
end
+ if SHORT_OUTPUT then
+ return {("%s %s %s"):format(
+ vuln_table.host.targetname or vuln_table.host.ip,
+ STATE_MSG[vuln_table.state],
+ vuln_table.IDS.CVE or vuln_table.title
+ )}
+ end
local output_table = stdnse.output_table()
local out = {}
output_table.title = vuln_table.title
@@ -2243,7 +2257,9 @@ Report = {
-- VULNERABLE: LIKELY_VULN, VULN, DoS, EXPLOIT
if vuln_count > 0 then
output_table.state = "VULNERABLE"
- insert(output, "VULNERABLE:")
+ if not SHORT_OUTPUT then
+ insert(output, "VULNERABLE:")
+ end
for i, vuln_table in ipairs(self.entries.vulns) do
local vuln_out, out_t = format_vuln_base(vuln_table)
if type(out_t) == "table" then
@@ -2264,7 +2280,9 @@ Report = {
if SHOW_ALL then
if vuln_count > 0 then insert(output, "") end
output_table.state = "NOT VULNERABLE"
- insert(output, "NOT VULNERABLE:")
+ if not SHORT_OUTPUT then
+ insert(output, "NOT VULNERABLE:")
+ end
end
for i, vuln_table in ipairs(self.entries.not_vulns) do
local vuln_out, out_t = format_vuln_base(vuln_table, SHOW_ALL)