Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Patch to vulns.lua to automatically generate structured output

From: Paulino Calderon <paulino () calderonpale com>
Date: Tue, 30 Sep 2014 19:15:39 -0500
Third time is the charm ;)

Patch: 
https://bitbucket.org/cldrn/nmap-nse-scripts/src/287cbfa5228f4d79ee4299be875b0649284cba03/nselib/vulns_lua.patch?at=master
Vulns.lua: 
https://bitbucket.org/cldrn/nmap-nse-scripts/src/287cbfa5228f4d79ee4299be875b0649284cba03/nselib/vulns.lua?at=master

On Sep 30, 2014, at 6:51 PM, Paulino Calderon <paulino () calderonpale com> wrote:


The attachment was removed in the first email as it was sent as an inline attachment. Hopefully this time the 
attachments will make it. =)




On Sep 30, 2014, at 6:19 PM, Paulino Calderon <paulino () calderonpale com> wrote:


Hi list,

This patch adds XML structured output support to all scripts using the library “vulns”. There are 42 scripts using 
this library at the moment and this will certainly encourage more users to use it to report vulnerabilities.

The output generated by scripts after this patch looks like the following:
<script id="http-vuln-cve2011-3368" output="&#xa;  NOT VULNERABLE:&#xa;  Apache mod_proxy Reverse Proxy Security 
Bypass&#xa;    State: NOT VULNERABLE&#xa;    IDs:  CVE:CVE-2011-3368  OSVDB:76079&#xa;    References:&#xa;      
http://osvdb.org/76079&#xa;      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368&#xa;";><elem 
key="title">Apache mod_proxy Reverse Proxy Security Bypass</elem>

<elem key="state">NOT VULNERABLE</elem>

<table key="ids">

<elem>CVE:CVE-2011-3368</elem>

<elem>OSVDB:76079</elem>

</table>

<table key="refs">

<elem>http://osvdb.org/76079</elem>

<elem>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368</elem>

</table>



I’ve accounted for all the field types available at the moment and internally I’m wrapping everything around 
stdnse.output_table() to generate the tables. Comments/suggestions are appreciated as always. 


Cheers!

<vulns_lua.patch>

<vulns_lua.patch>
<vulns.lua>


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: