diff --git a/vulners.nse b/vulners.nse index 091de94..8ea98e9 100644 --- a/vulners.nse +++ b/vulners.nse @@ -49,9 +49,10 @@ software name and its version (or CPE), so one can still have the desired privac -- -- +dependencies = {"http-vulners-regex"} author = 'gmedian AT vulners DOT com' license = "Same as Nmap--See https://nmap.org/book/man-legal.html" -categories = {"vuln", "safe", "external"} +categories = {"vuln", "safe", "external", "default"} local http = require "http" @@ -61,13 +62,13 @@ local table = require "table" local nmap = require "nmap" local stdnse = require "stdnse" -local api_version="1.2" +local api_version="1.4" local mincvss=stdnse.get_script_args("vulners.mincvss") mincvss = tonumber(mincvss) or 0.0 portrule = function(host, port) local vers=port.version - return vers ~= nil and vers.version ~= nil + return vers ~= nil and vers.version ~= nil or (host.registry.vulners_cpe ~= nil) end local cve_meta = { @@ -210,13 +211,31 @@ action = function(host, port) local response local output + for i, cpe in ipairs(port.version.cpe) do - output = get_vulns_by_cpe(cpe, port.version) + stdnse.debug1("Analyzing cpe " .. cpe) + output = get_vulns_by_cpe(cpe) if output then tab[cpe] = output changed = true end end + + -- NOTE[gmedian]: check whether we have pre-matched CPEs in registry (from http-vulners-regex.nse in particular) + if host.registry.vulners_cpe ~= nil and #host.registry.vulners_cpe > 0 then + stdnse.debug1("Found some CPEs in host registry.") + for i, cpe in ipairs(host.registry.vulners_cpe) do + -- avoid duplicates in output, will still however make redundant requests + if tab[cpe] == nil then + stdnse.debug1("Analyzing pre-matched cpe " .. cpe) + output = get_vulns_by_cpe(cpe) + if output then + tab[cpe] = output + changed = true + end + end + end + end -- NOTE[gmedian]: issue request for type=software, but only when nothing is found so far if not changed then