diff --git a/scripts/hostmap-robtex.nse b/scripts/hostmap-robtex.nse
index ef5578700..16eebf674 100644
--- a/scripts/hostmap-robtex.nse
+++ b/scripts/hostmap-robtex.nse
@@ -51,7 +51,7 @@ hostrule = function (host)
end
action = function (host)
- local link = "http://ip.robtex.com/" .. host.ip .. ".html"
+ local link = "https://ip.robtex.com/" .. host.ip .. ".html"
local htmldata = http.get_url(link)
local domains = parse_robtex_response(htmldata.body)
local output_tab = stdnse.output_table()
diff --git a/scripts/http-robtex-reverse-ip.nse b/scripts/http-robtex-reverse-ip.nse
index 7cea5599f..1a3a35152 100644
--- a/scripts/http-robtex-reverse-ip.nse
+++ b/scripts/http-robtex-reverse-ip.nse
@@ -46,24 +46,25 @@ categories = {"discovery", "safe", "external"}
-- @param data string containing the retrieved web page
-- @return table containing the resolved host names
function parse_robtex_response(data)
- local data = string.gsub(data,"\r?\n","")
- local result = {}
- for num,href,link in string.gmatch(data,"(.-)") do
- table.insert(result,link)
- end
+ local data = string.gsub(data,"\r?\n","")
+ local result = {}
+ for href, link in string.gmatch(data,"([^\"^']-)") do
+ table.insert(result, link)
+ end
return result
end
prerule = function() return stdnse.get_script_args("http-robtex-reverse-ip.host") ~= nil end
action = function(host, port)
+
local target = stdnse.get_script_args("http-robtex-reverse-ip.host")
local ip = ipOps.ip_to_str(target)
if ( not(ip) or #ip ~= 4 ) then
return stdnse.format_output(false, "The argument \"http-robtex-reverse-ip.host\" did not contain a valid IPv4 address")
end
- local link = "http://www.robtex.com/ip/"..target..".html"
+ local link = "https://www.robtex.com/ip/"..target..".html"
local htmldata = http.get_url(link)
local domains = parse_robtex_response(htmldata.body)
if ( #domains > 0 ) then
diff --git a/scripts/http-robtex-shared-ns.nse b/scripts/http-robtex-shared-ns.nse
index 3437dcda4..cd4c800c2 100644
--- a/scripts/http-robtex-shared-ns.nse
+++ b/scripts/http-robtex-shared-ns.nse
@@ -13,7 +13,7 @@ The target must be specified by DNS name, not IP address.
-- @usage
-- nmap --script http-robtex-shared-ns
--
--- @output
+-- @outt
-- Host script results:
-- | http-robtex-shared-ns:
-- | example.edu
@@ -43,11 +43,12 @@ end
function parse_robtex_response(data)
local result = {}
- -- cut out the section we're interested in
- data = data:match(".-(.-)")
if ( not(data) ) then
return
end
+
+ -- cut out the section we're interested in
+ data = data:match(".-(.-)")
-- process each html list item
for li in data:gmatch("(.-)") do
@@ -65,35 +66,21 @@ local function lookup_dns_server(data)
end
local function fetch_robtex_data(url)
- local htmldata = http.get_url(url)
+ local htmldata = http.get("www.robtex.com", 443, url)
if ( not(htmldata) or not(htmldata.body) ) then
return
end
- local url = htmldata.body:match("var%s*uurl%s*='([^']*)")
- if ( not(url) ) then
- return
- end
-
- -- retreive the url having the shared dns information
- htmldata = http.get_url(url)
- if ( not(htmldata) or not(htmldata.body) ) then
- return
- end
-
- -- fixup line breaks
- htmldata = htmldata.body:gsub("(.-)\\\r?\n", "%1")
-
-- fixup hex encodings
- return unescape(htmldata)
+ return unescape(htmldata.body)
end
hostrule = function (host) return host.targetname end
action = function(host)
- local base_url = "http://www.robtex.com/dns/%s.html"
- local data = fetch_robtex_data(base_url:format(host.targetname))
- local domains = parse_robtex_response(data)
+ local base_url = "/dns/" .. host.targetname .. ".html"
+ local data = fetch_robtex_data(base_url)
+ local domains = parse_robtex_response(data)
if ( not(domains) ) then
local server = lookup_dns_server(data)
@@ -103,6 +90,7 @@ action = function(host)
local url = base_url:format(server)
stdnse.print_debug(2, "%s: Querying URL: %s", SCRIPT_NAME, url)
data = fetch_robtex_data(url)
+
domains = parse_robtex_response(data)
end