Version 0.2.

Issue request for type=software when nothing is found for cpe's.

vulners.nse

@@ -32,15 +32,19 @@ local http = require "http"
 local json = require "json"
 local string = require "string"
 
-local api_version="0.1"
+local api_version="0.2"
 
 
 portrule = function(host, port)
         local vers=port.version
         return vers ~= nil and vers.version ~= nil
 end
 
-
+---
+-- Return a string with all the found cve's and correspondent links
+-- 
+-- @param vulns a table with the parsed json response from the vulners server 
+--
 function make_links(vulns)
     local output_str=""
 
@@ -52,7 +56,14 @@ function make_links(vulns)
 end
 
 
-function get_results(cpe, vers)
+---
+-- Issues the requests, receives json and parses it, calls <code>make_links</code> when successfull
+--
+-- @param what String, future value for the software query argument
+-- @param vers string, the version query argument
+-- @param type string, the type query argument
+--
+function get_results(what, vers, type)
     local v_host="vulners.com"
     local v_port=443 
     local response, path
@@ -62,7 +73,7 @@ function get_results(cpe, vers)
     option['header']['User-Agent'] = string.format('Vulners NMAP Plugin %s', api_version)
 
     -- NOTE[gmedian]: add quotes to version so that it is always a string for the backend
-    path = '/api/v3/burp/software/' .. '?software=' .. cpe .. '&version="' .. vers .. '"&type=cpe'
+    path = '/api/v3/burp/software/' .. '?software=' .. what .. '&version="' .. vers .. '"&type=' .. type
 
     response = http.get(v_host, v_port, path, option)
     status, vulns = json.parse(response.body)
@@ -77,7 +88,30 @@ function get_results(cpe, vers)
 end
 
 
-function get_vulns(cpe, version)
+---
+-- Calls <code>get_results</code> for type="software"
+-- 
+-- It is called from <code>action</code> when nothing is found for the availible cpe's 
+--
+-- @param software string, the software name
+-- @param version string, the software version
+--
+function get_vulns_by_software(software, version)
+    return get_results(software, version, "software")
+end
+
+
+---
+-- Calls <code>get_results</code> for type="cpe"
+-- 
+-- Takes the version number from the given <code>cpe</code> and tries to get the result.
+-- If none found, changes the given <code>cpe</code> a bit in order to possibly separate version number from the patch version
+-- And makes another attempt.
+-- Having failed returns an empty string.
+--
+-- @param cpe string, the given cpe
+--
+function get_vulns_by_cpe(cpe)
     local vers
     local vers_regexp=":([%d%.%-%_]+)([^:]*)$"
     local output_str=""
@@ -93,13 +127,13 @@ function get_vulns(cpe, version)
         return ""
     end
 
-    output_str = get_results(cpe, vers)
+    output_str = get_results(cpe, vers, "cpe")
 
     if output_str == "" then
         local new_cpe
 
         new_cpe = cpe:gsub(vers_regexp, ":%1:%2")
-        output_str = get_results(new_cpe, vers)
+        output_str = get_results(new_cpe, vers, "cpe")
     end
 
     return output_str
@@ -113,13 +147,23 @@ action = function(host, port)
         local output_str=""
 
         for i, cpe in ipairs(port.version.cpe) do 
-            output_str = get_vulns(cpe, port.version.version)
+            output_str = get_vulns_by_cpe(cpe, port.version)
             if output_str ~= "" then
                 tab[cpe] = output_str
                 changed = true
             end
         end
 
+        -- NOTE[gmedian]: issue request for type=software, but only when nothing is found so far
+        if not changed then
+            local vendor_version = port.version.product .. " " .. port.version.version
+            output_str = get_vulns_by_software(port.version.product, port.version.version)
+            if output_str ~= "" then
+                tab[vendor_version] = output_str
+                changed = true
+            end
+        end
+
         if (not changed) then
             return
         end