Update main script.

- make use of http-regex script to run with additional CPEs -- take CPEs from separate registry as well as from port.version
vulnersCom · Aug 15, 2019 · f7ae9c5 · f7ae9c5
1 parent 458f35d
commit f7ae9c5
Showing 1 changed file with 23 additions and 4 deletions.
diff --git a/vulners.nse b/vulners.nse
@@ -49,9 +49,10 @@ software name and its version (or CPE), so one can still have the desired privac
 --   </table>
 -- </table>
 
+dependencies = {"http-vulners-regex"}
 author = 'gmedian AT vulners DOT com'
 license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
-categories = {"vuln", "safe", "external"}
+categories = {"vuln", "safe", "external", "default"}
 
 
 local http = require "http"
@@ -61,13 +62,13 @@ local table = require "table"
 local nmap = require "nmap"
 local stdnse = require "stdnse"
 
-local api_version="1.2"
+local api_version="1.4"
 local mincvss=stdnse.get_script_args("vulners.mincvss")
 mincvss = tonumber(mincvss) or 0.0
 
 portrule = function(host, port)
   local vers=port.version
-  return vers ~= nil and vers.version ~= nil
+  return vers ~= nil and vers.version ~= nil or (host.registry.vulners_cpe ~= nil)
 end
 
 local cve_meta = {
@@ -210,13 +211,31 @@ action = function(host, port)
   local response
   local output
 
+
   for i, cpe in ipairs(port.version.cpe) do
-    output = get_vulns_by_cpe(cpe, port.version)
+    stdnse.debug1("Analyzing cpe " .. cpe)
+    output = get_vulns_by_cpe(cpe)
     if output then
       tab[cpe] = output
       changed = true
     end
   end
+
+  -- NOTE[gmedian]: check whether we have pre-matched CPEs in registry (from http-vulners-regex.nse in particular)
+  if host.registry.vulners_cpe ~= nil and #host.registry.vulners_cpe > 0 then 
+    stdnse.debug1("Found some CPEs in host registry.")
+    for i, cpe in ipairs(host.registry.vulners_cpe) do
+      -- avoid duplicates in output, will still however make redundant requests
+      if tab[cpe] == nil then
+        stdnse.debug1("Analyzing pre-matched cpe " .. cpe)
+        output = get_vulns_by_cpe(cpe)
+        if output then
+          tab[cpe] = output
+          changed = true
+        end
+      end
+    end
+  end
 
   -- NOTE[gmedian]: issue request for type=software, but only when nothing is found so far
   if not changed then