From d7c8bf912d027e6f622ea610589912691798d8ea Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sun, 5 Mar 2017 16:52:25 +0000
Subject: [PATCH] Adjusts data extraction patterns to match the updated Robtex
 layout. Original patch submitted by aDoN. Fixes #679, closes #681.

---
 CHANGELOG                          |  3 +++
 scripts/http-robtex-reverse-ip.nse | 10 ++++------
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 602b43677..1131b0d98 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [GH#679][GH#681][NSE] Refreshed script http-robtex-reverse-ip, reflecting
+  changes at the source site (www.robtex.com). [aDoN]
+
 o [GH#708][NSE] TLS SNI now works correctly for NSE HTTP requests initiated
   with option any_af. As an added benefit, option any_af is now available for
   all connections via comm.lua, not just HTTP requests. [nnposter]
diff --git a/scripts/http-robtex-reverse-ip.nse b/scripts/http-robtex-reverse-ip.nse
index 3181369af..3c2867d92 100644
--- a/scripts/http-robtex-reverse-ip.nse
+++ b/scripts/http-robtex-reverse-ip.nse
@@ -4,7 +4,7 @@ local stdnse = require "stdnse"
 local table = require "table"
 
 description = [[
-Obtains up to 100 forward DNS names for a target IP address by querying the Robtex service (http://www.robtex.com/ip/).
+Obtains up to 100 forward DNS names for a target IP address by querying the Robtex service (https://www.robtex.com/ip-lookup/).
 ]]
 
 ---
@@ -45,11 +45,10 @@ categories = {"discovery", "safe", "external"}
 -- @param data string containing the retrieved web page
 -- @return table containing the resolved host names
 function parse_robtex_response(data)
-  local data = data:match("<span id=\"shared_ma\">.-<ol.->(.-)</ol>")
+  local data = data:match("<h2>Shared</h2>(.-)<h2>History</h2>")
   local result = {}
   if data then
-    for domain in data:gmatch("<li[^>]*>(.-)</li>") do
-      domain = domain:gsub("<[^>]+>","")
+    for domain in data:gmatch('/dns%-lookup/(.-)"') do
       table.insert(result, domain)
     end
   end
@@ -66,8 +65,7 @@ action = function(host, port)
     return stdnse.format_output(false, "The argument \"http-robtex-reverse-ip.host\" did not contain a valid IPv4 address")
   end
 
-  local link = "/ip/"..target..".html"
-  local htmldata = http.get("www.robtex.com", 443, link, {any_af=true})
+  local htmldata = http.get_url("https://www.robtex.com/ip-lookup/"..target, {any_af=true})
   local domains = parse_robtex_response(htmldata.body)
   if ( #domains > 0 ) then
     return stdnse.format_output(true, domains)