Script output not always visible and inconsistent with previous versions

["Thompson, Kevin D" <kevin.thompson () mnsu edu>]

Using nmap 5.59BETA1

When I try to use the script smb-check-vulns, I get no output.  I have to
the -v option to get any output.  This is not the same as what I am seeing
on other installations of nmap, such as 5.21.  Below are two outputs from
two different versions of nmap scanning the same host.  On the host
running 5.59BETA1 I can only see the script output if I use the -v option.
 But then, if I turn on the unsafe option, the script output goes away
again.  I have included output from that host below as well.  Can someone
tell me if this is the intended behavior or if the command line switches
have changed and I'm using it wrong now?

########################################
### Here are the two versions showing different behavior
########################################

$ nmap -p 445 --script smb-check-vulns <name>
Starting Nmap 5.21 ( http://nmap.org ) at 2011-08-19 08:21 CDT
NSE: Script Scanning completed.
Nmap scan report for <name> (<ip address>)
Host is up (0.00030s latency).
rDNS record for <ip address>: <name>
PORT STATE SERVICE
445/tcp open microsoft-ds

Host script results:
| smb-check-vulns:
|
| Conficker: UNKNOWN; not Windows, or Windows with disabled browser
service (CLEAN); or Windows with crashed browser service (possibly
INFECTED).
| | If you know the remote system is Windows, try rebooting it and scanning
| |_ again. (Error NT_STATUS_OBJECT_NAME_NOT_FOUND)
| regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run)
|_ SMBv2 DoS (CVE-2009-3103): CHECK DISABLED (add '--script-args=unsafe=1'
to run)

Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds


# nmap -p 445 --script smb-check-vulns <name>

Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-08-19 09:23 EDT
Nmap scan report for <name> (<ip address>)
Host is up (0.00038s latency).
rDNS record for <address>: <name>
PORT STATE SERVICE
445/tcp open microsoft-ds

Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
root@bt:~#


########################################
### Here is the 5.59BETA1 machine showing output, and then taking it away
when unsafe args are used.
########################################

# nmap -v -p 445 --script smb-check-vulns <name>

Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-08-19 09:28 EDT
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 09:28
Scanning <name> (<ip address>) [4 ports]
Completed Ping Scan at 09:28, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 09:28
Completed Parallel DNS resolution of 1 host. at 09:28, 0.00s elapsed
Initiating SYN Stealth Scan at 09:28
Scanning <name> (<ip address>) [1 port]
Discovered open port 445/tcp on <ip address>
Completed SYN Stealth Scan at 09:28, 0.00s elapsed (1 total ports)
NSE: Script scanning <ip address>.
Initiating NSE at 09:28
Completed NSE at 09:28, 0.02s elapsed
Nmap scan report for <name> (<ip address>)
Host is up (0.00039s latency).
rDNS record for <ip address>: <name>
PORT STATE SERVICE
445/tcp open microsoft-ds

Host script results:
| smb-check-vulns:
| Conficker: UNKNOWN; not Windows, or Windows with disabled browser
service (CLEAN); or Windows with crashed browser service (possibly
INFECTED).
| | If you know the remote system is Windows, try rebooting it and scanning
| |_ again. (Error NT_STATUS_OBJECT_NAME_NOT_FOUND)
| regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run)
| SMBv2 DoS (CVE-2009-3103): CHECK DISABLED (add '--script-args=unsafe=1'
to run)
| MS06-025: CHECK DISABLED (remove 'safe=1' argument to run)
|_ MS07-029: CHECK DISABLED (remove 'safe=1' argument to run)

NSE: Script Post-scanning.
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
Raw packets sent: 5 (196B) | Rcvd: 2 (72B)

root@bt:~# nmap -v -p 445 --script smb-check-vulns --script-args=unsafe=1
<name>

Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-08-19 09:29 EDT
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 09:29
Scanning <name> (<ip address>) [4 ports]
Completed Ping Scan at 09:29, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 09:29
Completed Parallel DNS resolution of 1 host. at 09:29, 0.00s elapsed
Initiating SYN Stealth Scan at 09:29
Scanning <name> (<ip address>) [1 port]
Discovered open port 445/tcp on <ip address>
Completed SYN Stealth Scan at 09:29, 0.00s elapsed (1 total ports)
NSE: Script scanning <ip address>.
Initiating NSE at 09:29
Completed NSE at 09:29, 0.04s elapsed
Nmap scan report for <name> (<ip address>)
Host is up (0.00031s latency).
rDNS record for <ip address>: <name>
PORT STATE SERVICE
445/tcp open microsoft-ds

NSE: Script Post-scanning.
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
Raw packets sent: 5 (196B) | Rcvd: 2 (72B)





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/