From b913b23d5849de680e73e46041b4a47efcc92e7e Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 4 Sep 2014 18:35:20 +0000
Subject: [PATCH] Structured output for nat-pmp-info, sip-methods,
 smb-security-mode

---
 scripts/nat-pmp-info.nse      |  7 +++-
 scripts/sip-methods.nse       | 13 ++++++-
 scripts/smb-security-mode.nse | 65 ++++++++++++++++++++++++++---------
 3 files changed, 66 insertions(+), 19 deletions(-)

diff --git a/scripts/nat-pmp-info.nse b/scripts/nat-pmp-info.nse
index a12d6be76..8c2192c90 100644
--- a/scripts/nat-pmp-info.nse
+++ b/scripts/nat-pmp-info.nse
@@ -20,6 +20,11 @@ The NAT-PMP protocol is supported by a broad range of routers including:
 ---
 --@usage
 -- nmap -sU -p 5351 --script=nat-pmp-info <target>
+-- @output
+-- | nat-pmp-info:
+-- |_  WAN IP: 192.0.2.13
+-- @xmloutput
+-- <elem key="WAN IP">192.0.2.13</elem>
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
@@ -37,6 +42,6 @@ action = function(host, port)
     port.version.name = "nat-pmp"
     nmap.set_port_version(host, port)
 
-    return stdnse.format_output(true, ("WAN IP: %s"):format(response.ip))
+    return {["WAN IP"] = response.ip}
   end
 end
diff --git a/scripts/sip-methods.nse b/scripts/sip-methods.nse
index 5a5b6f54c..23325ae3c 100644
--- a/scripts/sip-methods.nse
+++ b/scripts/sip-methods.nse
@@ -19,6 +19,17 @@ the value of the Allow header in the response.
 -- 5060/udp open  sip
 -- | sip-methods:
 -- |_  INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
+--
+-- @xmloutput
+-- <elem>INVITE</elem>
+-- <elem>ACK</elem>
+-- <elem>CANCEL</elem>
+-- <elem>OPTIONS</elem>
+-- <elem>BYE</elem>
+-- <elem>REFER</elem>
+-- <elem>SUBSCRIBE</elem>
+-- <elem>NOTIFY</elem>
+-- <elem>INFO</elem>
 
 
 author = "Hani Benhabiles"
@@ -48,7 +59,7 @@ action = function(host, port)
     -- Check if allow header exists in response
     local allow = response:getHeader("allow")
     if allow then
-      return stdnse.format_output(true, allow)
+      return stdnse.strsplit(",%s*", allow), allow
     end
   end
 end
diff --git a/scripts/smb-security-mode.nse b/scripts/smb-security-mode.nse
index 494bb7ef3..3cfca0781 100644
--- a/scripts/smb-security-mode.nse
+++ b/scripts/smb-security-mode.nse
@@ -47,13 +47,18 @@ them.
 -- sudo nmap -sU -sS --script smb-security-mode.nse -p U:137,T:139 127.0.0.1
 --
 --@output
--- Host script results:
--- |  smb-security-mode:
--- |  |  Account that was used for smb scripts: administrator
--- |  |  User-level authentication
--- |  |  SMB Security: Challenge/response passwords supported
--- |_ |_ Message signing disabled (dangerous, but default)
------------------------------------------------------------------------
+-- | smb-security-mode:
+-- |   account_used: guest
+-- |   authentication_level: user
+-- |   challenge_response: supported
+-- |_  message_signing: disabled (dangerous, but default)
+--
+--@xmloutput
+-- <elem key="account_used">guest</elem>
+-- <elem key="authentication_level">user</elem>
+-- <elem key="challenge_response">supported</elem>
+-- <elem key="message_signing">disabled</elem>
+--
 
 author = "Ron Bowes"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
@@ -66,6 +71,19 @@ hostrule = function(host)
   return smb.get_port(host) ~= nil
 end
 
+local function label_warnings (t, w)
+  local out = {}
+  for k, v in pairs(t) do
+    local warn = w[k]
+    if warn then
+      warn = string.format(" (%s)", warn)
+    else
+      warn = ""
+    end
+    out[#out+1] = string.format("\n  %s: %s%s", k, v, warn)
+  end
+  return table.concat(out)
+end
 
 action = function(host)
 
@@ -86,38 +104,51 @@ action = function(host)
 
   local security_mode = state['security_mode']
 
-  local response = {}
+  local response = stdnse.output_table()
 
   local result, username, domain = smb.get_account(host)
   if(result ~= false) then
-    table.insert(response, string.format("Account that was used for smb scripts: %s%s", domain, stdnse.string_or_blank(username, '<blank>')))
+    if domain and domain ~= "" then
+      domain = domain .. "\\"
+    end
+    response.account_used = string.format("%s%s", domain, stdnse.string_or_blank(username, '<blank>'))
   end
 
+  local warnings = {}
   -- User-level authentication or share-level authentication
   if(bit.band(security_mode, 1) == 1) then
-    table.insert(response, "User-level authentication")
+    response.authentication_level = "user"
   else
-    table.insert(response, "Share-level authentication (dangerous)")
+    response.authentication_level = "share"
+    warnings.authentication_level = "dangerous"
   end
 
   -- Challenge/response supported?
   if(bit.band(security_mode, 2) == 0) then
-    table.insert(response, "Plaintext passwords required (dangerous)")
+    response.challenge_response = "plaintext-only"
+    warnings.challenge_response = "dangerous"
   else
-    table.insert(response, "SMB Security: Challenge/response passwords supported")
+    response.challenge_response = "supported"
   end
 
   -- Message signing supported/required?
   if(bit.band(security_mode, 8) == 8) then
-    table.insert(response, "Message signing required")
+    response.message_signing = "required"
   elseif(bit.band(security_mode, 4) == 4) then
-    table.insert(response, "Message signing supported")
+    response.message_signing = "supported"
   else
-    table.insert(response, "Message signing disabled (dangerous, but default)")
+    response.message_signing = "disabled"
+    warnings.message_signing = "dangerous, but default"
   end
 
   smb.stop(state)
-  return stdnse.format_output(true, response)
+
+  local rmeta = getmetatable(response)
+  rmeta.__tostring = function (t)
+    return label_warnings(t, warnings)
+  end
+  setmetatable(response, rmeta)
+  return response
 end