From b3849c478c7857cee8a87eb0d77e12f23e9d0eb2 Mon Sep 17 00:00:00 2001 From: dmiller Date: Mon, 24 Apr 2017 13:53:47 +0000 Subject: [PATCH] New script arg vulns.short --- CHANGELOG | 4 ++++ nselib/vulns.lua | 42 ++++++++++++++++++++++++++++++------------ 2 files changed, 34 insertions(+), 12 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 9b3fbcb8e..24e30daeb 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,9 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] New script argument "vulns.short" will reduce vulns library script + output to a single line containing the target name or IP, the vulnerability + state, and the CVE ID or title of the vulnerability. [Daniel Miller] + o [NSE][GH#862] SNMP scripts will now take a community string provided like `--script-args creds.snmp=private`, which previously did not work because it was interpreted as a username. [Daniel Miller] diff --git a/nselib/vulns.lua b/nselib/vulns.lua index 0fc74de52..26743e0f2 100644 --- a/nselib/vulns.lua +++ b/nselib/vulns.lua @@ -156,6 +156,18 @@ -- action = function(...) return tactions[SCRIPT_TYPE](...) end -- -- +-- +-- Library debug messages: +-- +-- * Level 2: show the NOT VULNERABLE entries. +-- * Level 3: show all the vulnerabilities that are saved into the registry. +-- * Level 5: show all the other debug messages (useful for debugging). +-- +-- Note: Vulnerability tables are always re-constructed before they are +-- saved in the registry. We do this to avoid using vulnerability tables +-- that are referenced by other objects to let the Lua garbage-collector +-- collect these last objects. +-- -- @args vulns.showall If set, the library will show and report all the -- registered vulnerabilities which includes the -- NOT VULNERABLE ones. By default the library will only @@ -167,16 +179,9 @@ -- portule/hostrule scripts. -- vulns.make_output(): the default output function for postrule scripts. -- vulns.format_vuln() and vulns.format_vuln_table() functions. --- --- Library debug messages: --- Level 2: show the NOT VULNERABLE entries. --- Level 3: show all the vulnerabilities that are saved into the registry. --- Level 5: show all the other debug messages (useful for debugging). --- --- Note: Vulnerability tables are always re-constructed before they are --- saved in the registry. We do this to avoid using vulnerability tables --- that are referenced by other objects to let the Lua garbage-collector --- collect these last objects. +-- @args vulns.short If set, vulnerabilities will be output in short format, a +-- single line consisting of the host's target name or IP, the state, and +-- either the CVE ID or the title of the vulnerability. Does not affect XML output. -- -- @author Djalal Harouni -- @author Henri Doreau @@ -375,6 +380,8 @@ local SHOW_ALL = stdnse.get_script_args('vulns.showall') or stdnse.get_script_args('vulns.show-all') or stdnse.get_script_args('vuln.show-all') +local SHORT_OUTPUT = stdnse.get_script_args('vulns.short') + -- The different states of the vulnerability STATE = { LIKELY_VULN = 0x01, @@ -1810,6 +1817,13 @@ local format_vuln_base = function(vuln_table, showall) or "", STATE_MSG[vuln_table.state]) return nil end + if SHORT_OUTPUT then + return {("%s %s %s"):format( + vuln_table.host.targetname or vuln_table.host.ip, + STATE_MSG[vuln_table.state], + vuln_table.IDS.CVE or vuln_table.title + )} + end local output_table = stdnse.output_table() local out = {} output_table.title = vuln_table.title @@ -2243,7 +2257,9 @@ Report = { -- VULNERABLE: LIKELY_VULN, VULN, DoS, EXPLOIT if vuln_count > 0 then output_table.state = "VULNERABLE" - insert(output, "VULNERABLE:") + if not SHORT_OUTPUT then + insert(output, "VULNERABLE:") + end for i, vuln_table in ipairs(self.entries.vulns) do local vuln_out, out_t = format_vuln_base(vuln_table) if type(out_t) == "table" then @@ -2264,7 +2280,9 @@ Report = { if SHOW_ALL then if vuln_count > 0 then insert(output, "") end output_table.state = "NOT VULNERABLE" - insert(output, "NOT VULNERABLE:") + if not SHORT_OUTPUT then + insert(output, "NOT VULNERABLE:") + end end for i, vuln_table in ipairs(self.entries.not_vulns) do local vuln_out, out_t = format_vuln_base(vuln_table, SHOW_ALL)