From 57a6c16c3bc809e5f5c19ce2aaf4eac5c362740c Mon Sep 17 00:00:00 2001
From: Daniel Miller <bonsaiviking@gmail.com>
Date: Thu, 2 Aug 2012 12:18:13 -0500
Subject: [PATCH 1/2] Fix #4: Allow osclass within osmatch, from Nmap 6.00

---
 Changes   |  3 +++
 Parser.pm | 18 ++++++++++++++++--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/Changes b/Changes
index ee4b7f0..e761182 100644
--- a/Changes
+++ b/Changes
@@ -5,6 +5,9 @@ Latest version: http://code.google.com/p/nmap-parser/
 
 Website:	http://anthonypersaud.com/
 
+Changes for 1.22
+    - Allow osclass elements within osmatch, Nmap XML format changed in 6.00
+
 Changes for 1.21
     - Added support for hostscript and script tags
     - Changed ipv4_sort() to use a 10x faster sort method
diff --git a/Parser.pm b/Parser.pm
index 37c3980..45c64f4 100644
--- a/Parser.pm
+++ b/Parser.pm
@@ -5,7 +5,7 @@ use XML::Twig;
 use Storable qw(dclone);
 use vars qw($VERSION %D);
 
-$VERSION = 1.21;
+$VERSION = 1.22;
 
 
 sub new {
@@ -472,6 +472,7 @@ sub __host_os_tag_hdlr {
     my $portused_tag;
     my $os_fingerprint;
 
+    #if( $D{$$}{SESSION}{xml_version} eq "1.04")
     if ( defined $os_tag ) {
 
         #get the open port used to match os
@@ -492,17 +493,30 @@ sub __host_os_tag_hdlr {
 
         #This will go in Nmap::Parser::Host::OS
         my $osmatch_index = 0;
+        my $osclass_index = 0;
         for my $osmatch ( $os_tag->children('osmatch') ) {
             $os_hashref->{osmatch_name}[$osmatch_index] =
               $osmatch->{att}->{name};
             $os_hashref->{osmatch_name_accuracy}[$osmatch_index] =
               $osmatch->{att}->{accuracy};
             $osmatch_index++;
+            for my $osclass ( $osmatch->children('osclass') ) {
+                $os_hashref->{osclass_osfamily}[$osclass_index] =
+                  $osclass->{att}->{osfamily};
+                $os_hashref->{osclass_osgen}[$osclass_index] =
+                  $osclass->{att}->{osgen};
+                $os_hashref->{osclass_vendor}[$osclass_index] =
+                  $osclass->{att}->{vendor};
+                $os_hashref->{osclass_type}[$osclass_index] =
+                  $osclass->{att}->{type};
+                $os_hashref->{osclass_class_accuracy}[$osclass_index] =
+                  $osclass->{att}->{accuracy};
+                $osclass_index++;
+            }
         }
         $os_hashref->{'osmatch_count'} = $osmatch_index;
 
         #parse osclass tags
-        my $osclass_index = 0;
         for my $osclass ( $os_tag->children('osclass') ) {
             $os_hashref->{osclass_osfamily}[$osclass_index] =
               $osclass->{att}->{osfamily};

From 7ccf752af5dcf9e25d9aafeedb93c2d2ca92c22c Mon Sep 17 00:00:00 2001
From: Daniel Miller <daniel@bonsaiviking.com>
Date: Thu, 24 Jan 2013 17:13:00 -0600
Subject: [PATCH 2/2] Update NSE script element parsing

1. Add parsing of NSE scripts' XML output. Structured output is built
into a data structure recursively.

2. Fix a warning: Use of uninitialized value in lc (in `_get_ports`)

2. Document `prescripts` and `postscripts` methods of
`Nmap::Parser::Session`

3. Add appropriate tests for script functionality.
---
 Parser.pm          | 107 ++++++++++++++++++++++++++++++++++++++-------
 t/nmap_results.xml |  57 ++++++++++++++++++++----
 t/parser.t         |  12 ++---
 3 files changed, 146 insertions(+), 30 deletions(-)

diff --git a/Parser.pm b/Parser.pm
index 45c64f4..ae4d4db 100644
--- a/Parser.pm
+++ b/Parser.pm
@@ -249,8 +249,8 @@ sub _prescript_tag_hdlr {
     my ( $twig, $tag ) = @_;
     my $scripts_hashref;
     for my $script ( $tag->children('script') ) {
-        chomp($scripts_hashref->{ $script->{att}->{id} } =
-          $script->{att}->{output});
+        $scripts_hashref->{ $script->{att}->{id} } =
+            __script_tag_hdlr( $script );
     }
     $D{$$}{SESSION}{prescript} = $scripts_hashref;
     $twig->purge;
@@ -260,8 +260,8 @@ sub _postscript_tag_hdlr {
     my ( $twig, $tag ) = @_;
     my $scripts_hashref;
     for my $script ( $tag->children('script') ) {
-        chomp($scripts_hashref->{ $script->{att}->{id} } =
-          $script->{att}->{output});
+        $scripts_hashref->{ $script->{att}->{id} } =
+          __script_tag_hdlr( $script );
     }
     $D{$$}{SESSION}{postscript} = $scripts_hashref;
     $twig->purge;
@@ -458,8 +458,8 @@ sub __host_script_tag_hdlr {
     my $script_hashref;
 
     for ( $tag->children('script') ) {
-        chomp($script_hashref->{ $_->{att}->{id} } =
-            $_->{att}->{output});
+        $script_hashref->{ $_->{att}->{id} } =
+         __script_tag_hdlr($_);
     }
 
     return $script_hashref;
@@ -593,8 +593,8 @@ sub __host_hostscript_tag_hdlr {
     my $scripts_hashref;
     return undef unless ($scripts);
     for my $script ( $scripts->children('script') ) {
-        chomp($scripts_hashref->{ $script->{att}->{id} } =
-          $script->{att}->{output});
+        $scripts_hashref->{ $script->{att}->{id} } =
+            __script_tag_hdlr( $script );
     }
     return $scripts_hashref;
 }
@@ -654,6 +654,52 @@ sub __host_trace_error_tag_hdlr {
     return;
 }
 
+sub __script_tag_hdlr {
+    my $tag = shift;
+    my $script_hashref = {
+        output => $tag->{att}->{output}
+    };
+    chomp %$script_hashref;
+    if ( not $tag->is_empty()) {
+        $script_hashref->{contents} = __script_table($tag);
+    }
+    return $script_hashref;
+}
+
+sub __script_table {
+    my $tag = shift;
+    my ($ref, $subref);
+    my $fc = $tag->first_child();
+    if ($fc) {
+        if ($fc->is_text) {
+            $ref = $fc->text;
+        }
+        else {
+            if ($fc->{att}->{key}) {
+                $ref = {};
+                $subref = sub {
+                    $ref->{$_->{att}->{key}} = shift;
+                };
+            }
+            else {
+                $ref = [];
+                $subref = sub {
+                    push @$ref, shift;
+                };
+            }
+            for ($tag->children()) {
+                if ($_->tag() eq "table") {
+                    $subref->(__script_table( $_ ));
+                }
+                else {
+                    $subref->($_->text);
+                }
+            }
+        }
+    }
+    return $ref
+}
+
 #/*****************************************************************************/
 # NMAP::PARSER::SESSION
 #/*****************************************************************************/
@@ -812,14 +858,17 @@ sub _del_port {
 sub _get_ports {
     my $self          = shift;
     my $proto         = pop;          #param might be empty, so this goes first
-    my $state         = lc(shift);    #open, filtered, closed or any combination
+    my $state         = shift;    #open, filtered, closed or any combination
     my @matched_ports = ();
 
-    #if $state eq '', then tcp_ports or udp_ports was called for all ports
+    #if $state is undef, then tcp_ports or udp_ports was called for all ports
     #therefore, only return the keys of all ports found
-    if ( $state eq '' ) {
+    if ( not defined $state ) {
         return sort { $a <=> $b } ( keys %{ $self->{ports}{$proto} } );
     }
+    else {
+        $state = lc($state)
+    }
 
 #the port parameter can be set to either any of these also 'open|filtered'
 #can count as 'open' and 'filetered'. Therefore I need to use a regex from now on
@@ -1308,6 +1357,28 @@ Returns the human readable format of the finish time.
 
 Returns the version of nmap xml file.
 
+=item B<prescripts()>
+
+=item B<prescripts($name)>
+
+A basic call to prescripts() returns a list of the names of the NSE scripts
+run in the pre-scanning phase. If C<$name> is given, it returns the text output of the
+a reference to a hash with "output" and "content" keys for the
+script with that name, or undef if that script was not run.
+The value of the "output" key is the text output of the script. The value of the
+"content" key is a data structure based on the XML output of the NSE script.
+
+=item B<postscripts()>
+
+=item B<postscripts($name)>
+
+A basic call to postscripts() returns a list of the names of the NSE scripts
+run in the post-scaning phase. If C<$name> is given, it returns the text output of the
+a reference to a hash with "output" and "content" keys for the
+script with that name, or undef if that script was not run.
+The value of the "output" key is the text output of the script. The value of the
+"content" key is a data structure based on the XML output of the NSE script.
+
 =back
 
 =head2 Nmap::Parser::Host
@@ -1446,8 +1517,11 @@ when the scan was performed.
 =item B<hostscripts($name)>
 
 A basic call to hostscripts() returns a list of the names of the host scripts
-run. If C<$name> is given, it returns the text output of the script with that
-name, or undef if that script was not run.
+run. If C<$name> is given, it returns the text output of the
+a reference to a hash with "output" and "content" keys for the
+script with that name, or undef if that script was not run.
+The value of the "output" key is the text output of the script. The value of the
+"content" key is a data structure based on the XML output of the NSE script.
 
 =item B<tcp_ports()>
 
@@ -1578,9 +1652,12 @@ Returns the version of the given product of the running service.
 
 =item B<scripts($name)>
 
-A basic call to scripts() returns a list of the names of the scripts
-run for this port. If C<$name> is given, it returns the text output of the
+A basic call to scripts() returns a list of the names of the NSE scripts
+run for this port. If C<$name> is given, it returns
+a reference to a hash with "output" and "content" keys for the
 script with that name, or undef if that script was not run.
+The value of the "output" key is the text output of the script. The value of the
+"content" key is a data structure based on the XML output of the NSE script.
 
 =back
 
diff --git a/t/nmap_results.xml b/t/nmap_results.xml
index 6666883..a23264a 100644
--- a/t/nmap_results.xml
+++ b/t/nmap_results.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <!-- nmap 3.27 scan initiated Tue Jul  1 14:48:03 2003 as: nmap -v -v -v -oX test.xml -O -sTUR -p 1-1023 localhost -->
-<nmaprun scanner="nmap" args="nmap -v -v -v -oX test.xml -O -sTUR -p 1-1023 127.0.0.[1-4]" start="1057088883" startstr="Tue Jul  1 14:48:03 2003" version="3.80" xmloutputversion="1.01">
+<nmaprun scanner="nmap" args="nmap -v -v -v -oX test.xml -O -sTUR -p 1-1023 127.0.0.[1-4]" start="1057088883" startstr="Tue Jul  1 14:48:03 2003" version="3.80" xmloutputversion="1.04">
     <scaninfo type="connect" protocol="tcp" numservices="1023" services="1-1023"/>
     <scaninfo type="udp" protocol="udp" numservices="1023" services="1-1023"/>
     <verbose level="3"/>
@@ -77,11 +77,13 @@
                 <service name="rpcbind" proto="rpc" rpcnum="100000" lowver="2" highver="2" method="detection" conf="5"/>
             </port>
         </ports>
-        <os>
-            <portused state="open" proto="tcp" portid="22"/>
-            <portused state="closed" proto="tcp" portid="1"/>
-            <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.4.x" accuracy="100"/>
-            <osmatch name="Linux Kernel 2.4.0 - 2.5.20" accuracy="100"/>
+        <os><portused state="open" proto="tcp" portid="22"/>
+        <portused state="closed" proto="tcp" portid="1"/>
+        <portused state="closed" proto="udp" portid="31994"/>
+        <osmatch name="Linux 2.6.38 - 3.0" accuracy="100" line="43893">
+        <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"><cpe>cpe:/o:linux:linux_kernel:2.6</cpe></osclass>
+        <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="3.X" accuracy="100"><cpe>cpe:/o:linux:linux_kernel:3</cpe></osclass>
+        </osmatch>
             <osfingerprint fingerprint=" SEQ(SP=C5%GCD=1%ISR=C7%TI=Z%II=I%TS=8) ECN(R=Y%DF=Y%T=40%W=16D0%O=M5B4NNSNW2%CC=N%Q=) T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=) T2(R=N) T3(R=Y%DF=Y%T=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW2%RD=0%Q=) T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(R=Y%DF=N%T=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(R=Y%DFI=N%T=40%TOSI=S%CD=S%SI=S%DLI=S) "/>
         </os>
         <uptime seconds="1973" lastboot="Tue Jul  1 14:15:27 2003"/>
@@ -120,8 +122,20 @@
                 <state state="open"/>
                 <owner name="root"/>
                 <service name="ssh" product="OpenSSH" version="3.4p1" extrainfo="protocol 1.99" method="probed" conf="10"/>
-                <script id="ssh-hostkey" output="1024 e8:2e:5e:dd:03:6b:7c:0a:ed:bb:a0:b1:00:75:22:d4 (DSA)&#xa;2048 a9:dd:cb:b1:29:5e:ec:2c:98:22:3b:b4:34:20:a8:e1 (RSA)"/>
-            </port>
+                <script id="ssh-hostkey" output="1024 8d:60:f1:7c:ca:b7:3d:0a:d6:67:54:9d:69:d9:b9:dd (DSA)&#xa;2048 79:f8:09:ac:d4:e2:32:42:10:49:d3:bd:20:82:85:ec (RSA)"><table>
+
+                    <elem key="key">AAAAB3NzaC1kc3MAAACBAKD2mBsTTPspSqp/bnnX3RTQ/wwjJATJkr+uRLEGaMIfMpiajcj5P5ZOig/XS+/axlBtg9T810QkPr3JlPbB/mItY8EVxTbG82yQP8mus1hdr9FcNXHZtPJTAAaAd1v9W1oV6oQN4dtS6JjZwnkIR+p75CuVjoR1jvEAg1c9dUeLAAAAFQCi9Z+Rm1ukDp+xcAFo7Kf7o1OLNwAAAIBx2KL29trebdj6G+IzB7eUUTNCFqGT0Tvcq/mapkjumwmZt1ZJgUdK+f2BFLkQNqXPY02SQBsK/pOfinfhAIebMN4Sp+AleQvF1zIbgBoD4Kr6BRm7Lx5ftqv8tdwBNk0izhBYsc7opuNu35LppocdBESu4Y/4NuIxVk2kI2GXvgAAAIBlY/K4R+SmZAkt9zZyx8dIH9anrZbNBzrT2tK4eXItjXlv4XvIx0wQJqV0CTmJk8tlxTQREnDwsXdhE8hd7oPFoKaGGT3UajkBVarLA/qK+q4pAfbl8VmHTnxvqluCPEXFWaJSGyoYQqKaKLczcjBfQiIpl4vz0oJ/5OCYjwcxkQ==</elem>
+                    <elem key="fingerprint">8d60f17ccab73d0ad667549d69d9b9dd</elem>
+                    <elem key="type">ssh-dss</elem>
+                    <elem key="bits">1024</elem>
+                </table>
+                <table>
+                    <elem key="key">AAAAB3NzaC1yc2EAAAABIwAAAQEAwVKoTY/7GFG7BmKkG6qFAHY/f3ciDX2MXTBLMEJP0xyUJsoy/CVRYw2b4qUB/GCJ5lh2InP+LVnPD3ZdtpyIvbS0eRZs/BH+mVLGh9xA/wOEUiiCfzQRsHj1xn7cqeWViAzQtdGluk/5CVAvr1FU3HNaaWkg7KQOSiKAzgDwCBtQhlgI40xdXgbqMkrHeP4M1p4MxoEVpZMe4oObACWwazeHP/Xas1vy5rbnmE59MpEZaA8t7AfGlW4MrVMhAB1JsFMdd0qFLpy/l93H3ptSlx1+6PQ5gUyjhmDUjMR+k6fb0yOeGdOrjN8IrWPmebZRFBjK5aCJwubgY/03VsSBMQ==</elem>
+                    <elem key="fingerprint">79f809acd4e232421049d3bd208285ec</elem>
+                    <elem key="type">ssh-rsa</elem>
+                    <elem key="bits">2048</elem>
+                </table>
+            </script></port>
             <port protocol="tcp" portid="25">
                 <state state="open"/>
                 <owner name="root"/>
@@ -190,7 +204,32 @@
             <hop ttl="4" rtt="26.48" ipaddr="1.1.1.1" host="www.straton-it.fr"/>
         </trace>
     </host>
-    <postscript><script id="ssh-hostkey" output="Possible duplicate hosts&#xa;Key 2048 7b:b2:ce:9a:84:00:57:68:a5:52:dd:e8:0e:1b:b1:b7 (RSA) used by:&#xa;  192.168.1.107&#xa;  192.168.1.81&#xa;  192.168.1.124&#xa;Key 1024 84:7d:33:d3:9a:51:3a:2b:09:6b:49:bb:46:12:03:02 (DSA) used by:&#xa;  192.168.1.107&#xa;  192.168.1.81&#xa;  192.168.1.124"/></postscript>
+    <postscript><script id="ssh-hostkey" output="Possible duplicate hosts&#xa;Key 2048 7b:b2:ce:9a:84:00:57:68:a5:52:dd:e8:0e:1b:b1:b7 (RSA) used by:&#xa;  192.168.1.107&#xa;  192.168.1.81&#xa;  192.168.1.124&#xa;Key 1024 84:7d:33:d3:9a:51:3a:2b:09:6b:49:bb:46:12:03:02 (DSA) used by:&#xa;  192.168.1.107&#xa;  192.168.1.81&#xa;  192.168.1.124">
+ <table>
+   <table key="hosts">
+     <elem>192.168.1.107</elem>
+     <elem>192.168.1.81</elem>
+     <elem>192.168.1.124</elem>
+   </table>
+   <table key="key">
+     <elem key="fingerprint">7bb2ce9a84005768a552dde80e1bb1b7</elem>
+     <elem key="bits">2048</elem>
+     <elem key="type">ssh-rsa</elem>
+   </table>
+ </table>
+ <table>
+   <table key="hosts">
+     <elem>192.168.1.107</elem>
+     <elem>192.168.1.81</elem>
+     <elem>192.168.1.124</elem>
+   </table>
+   <table key="key">
+     <elem key="fingerprint">847d33d39a513a2b096b49bb46120302</elem>
+     <elem key="bits">1024</elem>
+     <elem key="type">ssh-dss</elem>
+   </table>
+ </table>
+ </script></postscript>
     <runstats>
         <finished time="1057088900" timestr="Tue Jul  1 14:48:20 2003"/>
         <hosts up="1" down="0" total="1"/>
diff --git a/t/parser.t b/t/parser.t
index 041aa58..5f4dc06 100644
--- a/t/parser.t
+++ b/t/parser.t
@@ -110,7 +110,7 @@ sub session_test {
     is( $session->finish_time(), 1057088900, 'Session: finish_time' );
     is( $session->time_str(), 'Tue Jul  1 14:48:20 2003', 'Session: time_str' );
     is( $session->nmap_version(), '3.80', 'Session: nmap_version' );
-    is( $session->xml_version(),  '1.01', 'Session: xml_version' );
+    is( $session->xml_version(),  '1.04', 'Session: xml_version' );
     is(
         $session->scan_args(),
         'nmap -v -v -v -oX test.xml -O -sTUR -p 1-1023 127.0.0.[1-4]',
@@ -126,7 +126,7 @@ sub session_test {
         [ $session->prescripts ],
         [ 'broadcast-dropbox-listener' ],
         'Session has prescripts' );
-    like( $session->prescripts('broadcast-dropbox-listener'),
+    like( $session->prescripts('broadcast-dropbox-listener')->{output},
         qr/\ndisplayname .* 10422330$/s,
         'Prescript output correct' );
 
@@ -134,7 +134,7 @@ sub session_test {
         [ $session->postscripts ],
         [ 'ssh-hostkey' ],
         'Session has postscripts' );
-    like( $session->postscripts('ssh-hostkey'),
+    like( $session->postscripts('ssh-hostkey')->{output},
         qr/Possible .* 192.168.1.124$/s,
         'Postscript output correct' );
 }
@@ -320,8 +320,8 @@ sub host_3 {
     is( $svc->extrainfo, 'protocol 1.99', 'TCP Service: extrainfo' );
     is_deeply( [ $svc->scripts() ], [ 'ssh-hostkey' ], 'Port has scripts' );
     {
-        my $output = $svc->scripts('ssh-hostkey');
-        like( $output, qr/^1024 e8:2.*RSA\)$/s, 'Script output ok');
+        my $output = $svc->scripts('ssh-hostkey')->{output};
+        like( $output, qr/^1024 .* \(RSA\)$/s, 'Script output ok');
     }
 
     isa_ok(
@@ -374,7 +374,7 @@ sub host_3 {
         [ 'nbstat' ],
         'Host3 has one hostscript' );
     {
-        my $output = $host->hostscripts('nbstat');
+        my $output = $host->hostscripts('nbstat')->{output};
         is( substr($output,0,16), "\n  NetBIOS name:",
             'Host3 hostscript correct' );
     }