DeathsPirate · July 24, 2023 20:57
diff --git a/cve-2023-3519_checker.nse b/cve-2023-3519_checker.nse
 local http = require "http"
 local stdnse = require "stdnse"
 local shortport = require "shortport"
 local slaxml = require "slaxml"

 description = [[
 Checks for the version number of Netscaler Gateway Windows plugin.
 ]]

 author = "DeathsPirate"
 license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
 categories = {"safe", "vuln"}

 portrule = shortport.http

 action = function(host, port)
    local output = stdnse.output_table()
    local response = http.get(host, port, "/vpn/pluginlist.xml")
    if response.status ~= 200 then
        return
    end

    local parser = slaxml.parser:new()
    local plugin = {}

    parser._call = {
        startElement = function(name, nsURI, nsPrefix)
            if name == "plugin" then
                plugin = {}
            end
        end,
        attribute = function(name, value, nsURI, nsPrefix)
            if name == "name" or name == "version" then
                plugin[name] = value
            end
        end,
        closeElement = function(name)
            if name == "plugin" and plugin.name and plugin.version then
                -- Check if this is the Windows plugin
                if plugin.name == "Netscaler Gateway EPA plug-in for Windows (32 bit)" then
                    -- Extract the major and minor versions
                    local major_version, minor_version = plugin.version:match("^(%d+)%.(%d+)")
                    major_version = tonumber(major_version)
                    minor_version = tonumber(minor_version)

                    -- Check the version
                    if major_version then
                        if major_version < 22 then
                            plugin.status = "VULNERABLE"
                        elseif major_version >= 23 and minor_version and minor_version >= 5 then
                            plugin.status = "PATCHED"
                        else
                            plugin.status = "UNKNOWN"
                        end
                    end

                    -- Add the plugin to the output
                    output[plugin.name] = {
                        version = plugin.version,
                        status = plugin.status,
                    }
                end
            end
        end,
    }
    parser:parseSAX(response.body, {stripWhitespace=true})

    return output
 end
	local http = require "http"
	local stdnse = require "stdnse"
	local shortport = require "shortport"
	local slaxml = require "slaxml"

	description = [[
	Checks for the version number of Netscaler Gateway Windows plugin.
	]]

	author = "DeathsPirate"
	license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
	categories = {"safe", "vuln"}

	portrule = shortport.http

	action = function(host, port)
	local output = stdnse.output_table()
	local response = http.get(host, port, "/vpn/pluginlist.xml")
	if response.status ~= 200 then
	return
	end

	local parser = slaxml.parser:new()
	local plugin = {}

	parser._call = {
	startElement = function(name, nsURI, nsPrefix)
	if name == "plugin" then
	plugin = {}
	end
	end,
	attribute = function(name, value, nsURI, nsPrefix)
	if name == "name" or name == "version" then
	plugin[name] = value
	end
	end,
	closeElement = function(name)
	if name == "plugin" and plugin.name and plugin.version then
	-- Check if this is the Windows plugin
	if plugin.name == "Netscaler Gateway EPA plug-in for Windows (32 bit)" then
	-- Extract the major and minor versions
	local major_version, minor_version = plugin.version:match("^(%d+)%.(%d+)")
	major_version = tonumber(major_version)
	minor_version = tonumber(minor_version)

	-- Check the version
	if major_version then
	if major_version < 22 then
	plugin.status = "VULNERABLE"
	elseif major_version >= 23 and minor_version and minor_version >= 5 then
	plugin.status = "PATCHED"
	else
	plugin.status = "UNKNOWN"
	end
	end

	-- Add the plugin to the output
	output[plugin.name] = {
	version = plugin.version,
	status = plugin.status,
	}
	end
	end
	end,
	}
	parser:parseSAX(response.body, {stripWhitespace=true})

	return output
	end